Privacy Policy / Information on Liability

With this data protection information, we inform you about our handling of your personal data and about your rights according to the European Data Protection Basic Regulation (DSGVO) and the Federal Data Protection Act (BDSG). OWNR Deutschland GmbH (hereinafter referred to as "we" or "us") is responsible for data processing.

I. General information

1. contact

If you have any questions or suggestions
about this information, or if you would like to contact us about asserting your
rights, please send your request to

OWNR Deutschland GmbH

c/o EV Work Edition GmbH

Stadthausbrücke 5

20355 Hamburg

Phone: +49 40 69 63 2520

Email: contact@ownr.eu

2. legal bases

The term "personal data" under
data protection law refers to all information relating to an identified or
identifiable individual. We process personal data in compliance with the
relevant data protection regulations, in particular the DSGVO and the BDSG.
Data processing by us only takes place on the basis of a legal permission. We
process personal data only with your consent (Section 25 (1) TTDSG or Art. 6
(1) a DSGVO), for the performance of a contract to which you are a party, or at
your request for the performance of pre-contractual measures (Art. 6 (1) b
DSGVO), for the performance of a legal obligation (Art. 6 (1) (c) DSGVO) or if
the processing is necessary to protect our legitimate interests or the
legitimate interests of a third party, unless your interests or fundamental
rights and freedoms which require the protection of personal data override
(Art. 6 (1) (f) DSGVO).

If you apply for a vacant position in
our company, we will also process your personal data for the purpose of
deciding whether to establish an employment relationship (Section 26 (1)
sentence 1 BDSG).

3. duration of storage

Unless otherwise stated in the following
notes, we store the data only for as long as is necessary to achieve the
processing purpose or to fulfill our contractual or legal obligations. Such
statutory retention obligations may arise in particular from commercial or tax
law regulations. From the end of the calendar year in which the data was
collected, we will retain such personal data contained in our accounting
records for ten years and retain personal data contained in commercial letters
and contracts for six years. In addition, we will retain data in connection
with consents requiring proof as well as with complaints and claims for the
duration of the statutory limitation periods.

4. categories of recipients of the data

We use processors as part of the
processing of your data. Processing operations carried out by such processors
include, for example, hosting, maintenance and support of IT systems, customer
and order management, order processing, accounting and billing, marketing
measures or file and data carrier destruction. A processor is a natural or legal
person, authority, institution or other body that processes personal data on
behalf of the data controller. Processors do not use the data for their own
purposes, but carry out data processing exclusively for the data controller and
are contractually obligated to ensure appropriate technical and organizational
measures for data protection. In addition, we may transfer your personal data
to bodies such as postal and delivery services, the company's bank, tax
advisors/auditors or the tax authorities. Further recipients may result from the following notes.

5. data transfer to third countries

Our data processing operations may
involve the transfer of certain personal data to third countries, i.e.
countries where the GDPR is not applicable law. Such a transfer takes place in
a permissible manner if the European Commission has determined that an adequate
level of data protection is required in such a third country. If such an
adequacy decision by the European Commission does not exist, a transfer of
personal data to a third country will only take place if appropriate safeguards
exist pursuant to Art. 46 GDPR or if one of the conditions of Art. 49 GDPR is
met.

Unless otherwise stated below, we use
the EU standard contractual clauses for the transfer of personal data to
processors in third countries as appropriate safeguards.

If you consent to the transfer of
personal data to third countries, the transfer will take place on the legal
basis of Article 49 (1) a DSGVO. 

6. processing when exercising your
rights according to Art. 15 to 22 DSGVO

If you exercise your rights in accordance
with Articles 15 to 22 of the GDPR, we will process the personal data provided
for the purpose of implementing these rights by us and to be able to provide
evidence thereof. We will only process data stored for the purpose of providing
information and preparing it for this purpose and for data protection control
purposes and otherwise restrict processing in accordance with Art. 18 DSGVO.

These processing operations are based on
the legal basis of Art. 6 para. 1 lit. c DSGVO in conjunction with. Art. 15 to
22 DSGVO and § 34 para. 2 BDSG.

7. your rights

As a data subject, you have the right to
assert your data subject rights against us. In particular, you have the
following rights:

  • In
    accordance with Art. 15 DSGVO and § 34 BDSG, you have the right to request
    information about whether and, if so, to what extent we are processing
    personal data relating to you or not.
  • You have
    the right to demand that we correct your data in accordance with Art. 16
    DSGVO.
  • You have
    the right to demand that we delete your personal data in accordance with
    Art. 17 DSGVO and § 35 BDSG.
  • You have
    the right to have the processing of your personal data restricted in
    accordance with Art. 18 DSGVO.
  • You have
    the right, in accordance with Art. 20 DSGVO, to receive the personal data
    concerning you that you have provided to us in a structured, common and
    machine-readable format and to transfer this data to another controller.
  • If you
    have given us separate consent to data processing, you may revoke this
    consent at any time in accordance with Art. 7 (3) DSGVO. Such a revocation
    does not affect the lawfulness of the processing that was carried out on
    the basis of the consent until the revocation.
  • If you
    believe that a processing of personal data concerning you violates the
    provisions of the GDPR, you have the right to lodge a complaint with a
    supervisory authority in accordance with Art. 77 GDPR.

8. right of objection

In accordance with Art. 21 (1) DSGVO,
you have the right to object to processing based on the legal basis of Art. 6
(1) (e) or (f) DSGVO on grounds relating to your particular situation. If we
process personal data about you for the purpose of direct marketing, you may
object to such processing pursuant to Article 21 (2) and (3) of the GDPR.

9. data protection officer

You can reach the data protection
officer of OWNR Deutschland GmbH at datenschutzbeauftragter@ownr.eu.

Herting
Oberbeck Data Protection GmbH

Hallerstr. 76, 20146 Hamburg


II. Data processing on our website

When you use the website, we collect
information that you provide yourself. In addition, during your visit to the
website, certain information about your use of the website is automatically collected
by us. In data protection law, the IP address is also generally considered to
be a personal data. An IP address is assigned to every device connected to the
Internet by the Internet provider so that it can send and receive data.

1. processing of server log files

During the purely informative use of our website,
general information that your browser transmits to our server is initially
stored automatically (i.e. not via registration). This includes by default:
browser type/version, operating system used, requested page, the previously
visited page (referrer URL), IP address, date and time of the server request
and HTTP status code. The processing is carried out to protect our legitimate
interests and is based on the legal basis of Art. 6 para. 1 letter f DSGVO.
This processing serves the technical administration of the website. The stored
data is not permanently stored by us. We are therefore also not able to
identify you as a data subject on the basis of the stored information. Articles 15 to 22 of the GDPR therefore do not
apply pursuant to Article 11 (2) of the GDPR, unless you provide additional
information that enables you to be identified in order to exercise your rights
set out in these articles.

For hosting our website, we use the
storage services of Amazon Web Services (AWS) of Amazon Web Services, Inc,
P.O.. Box 81226, Seattle, WA 98108-1226, USA. The data is stored exclusively in
a German data center (Frankfurt/Main), which is certified according to ISO
27001, 27017 and 2018 as well as PCI DSS Level 1. In the case of Amazon, a
transfer of data to Amazon Web Services, Inc. in the USA cannot be ruled out.
Please note the information in the section "Data transfer to third
countries". Further information on data protection at Amazon can be found
here: https://aws.amazon.com/de/compliance/data-privacy/

2. cookies

We use cookies and similar technologies
("cookies") on our website. Cookies are small text files that are
stored by your browser when you visit a website. This identifies the browser
used and can be recognized by web servers. You have full control over the use
of cookies through your browser. You can delete the cookies in the security
settings of your browser at any time. You can object to the use of cookies
through your browser settings in principle or for specific cases.

The use of cookies is partly technically
necessary for the operation of our website and thus permissible without the
consent of the user. In addition, we may use cookies to offer special features
and content and for analysis and marketing purposes. These may also include
cookies from third-party providers (so-called third party cookies). We only use
such technically unnecessary cookies with your consent pursuant to Section 25
(1) TTDSG or Article 6 (1) a DSGVO. You can find information about the
purposes, providers, technologies used, stored data and the storage period of
individual cookies in the settings of our Consent Management Tool.

3. consent management tool

This website uses the Consent Management
Tool CCM19 from Papoo Software & Media GmbH, based in Germany, to control
cookies. The Consent banner enables users of our website to give consent to
certain data processing procedures or to revoke a given consent. By confirming
the "OK" button or by saving individual cookie settings, you consent
to the use of the associated cookies. The legal basis under data protection law
is your consent within the meaning of Art. 6 (1) a) DSGVO.

In addition, the banner helps us to
provide evidence of the declaration of consent. For this purpose, we process
information about the declaration of consent and further log data about this
declaration. Cookies are also used to collect this data.

The processing of this data is necessary
in order to be able to prove that consent has been given. The legal basis
arises from our legal obligation to document your consent (Art. 6 para. 1 lit.
c) in conjunction with. Art. 7 para. 1 DSGVO).

You can revoke your consent at any time
via the settings of our Consent Management.

4. contact options and inquiries

Our website contains a contact form
through which you can send us messages. The transfer of your data is encrypted.
All data fields marked as mandatory are required to process your request.
Failure to provide this data will result in us not being able to process your
request. The provision of further data is voluntary. Alternatively, you can
send us a message via the contact e-mail. We process the data for the purpose
of answering your inquiry. If your request is directed towards the conclusion
or performance of a contract with us, Art. 6 (1) b DSGVO is the legal basis for
data processing. Otherwise, we process the data on the basis of our legitimate
interest in contacting inquiring persons. The legal basis for data processing
is then Art. 6 para. 1 lit. f DSGVO.

5. registration

In order to use certain functions of the
website (in particular the management of your object requests), registration
via the website is required. The required information can be seen from the
input mask for registration. The provision of the information, which is marked
as mandatory, is mandatory so that the registration can be completed. The data
provided will be processed for the purpose of providing the service. The
processing is based on the legal basis of Art. 6 para. 1 letter b) DSGVO.

If you register via our website, we use
the service provider Amazon Cognito for the log-in and the display of your user
data in the personal area. With Amazon, a transmission of data to Amazon Web
Services, Inc. in the USA cannot be ruled out. Please note the information in
the section "Data transfer to third countries". You can find further
information on data protection at Amazon here: https://aws.amazon.com/de/compliance/data-privacy/

6. newsletter

   a. Registration and deregistration

We offer on our website the possibility
to subscribe to various newsletters from us. After registration we will inform
you regularly about the latest news on our offers. For the registration to the
newsletter a valid e-mail address is required. To verify the e-mail address,
you will first receive a registration e-mail, which you must confirm via a link
(double opt-in). If you subscribe to the newsletter on our website, we process
personal data such as your e-mail address and name based on the consent you have
given. The processing is based on the legal basis of Art. 6 (1) a DSGVO. You
can revoke the consent granted at any time with effect for the future, for
example via the "unsubscribe" link in the newsletter or by contacting
us via the channels mentioned above. The legality of the data processing
operations already carried out remains unaffected by the revocation. When
registering for the newsletter, we also store the IP address and the date and
time of registration. The processing of this data is necessary in order to be
able to prove that consent has been given. The legal basis results from our
legal obligation to document your consent (Art. 6 para. 1 letter c in
conjunction with Art. 7 para. 1 DSGVO).

    b. Analysis

We also analyze the reading behavior and
opening rates of our newsletter. For this purpose, we collect and process
pseudonymized usage data, which we do not merge with your email address or your
IP address. The legal basis for the analysis of our newsletter is your consent
pursuant to Art. 6 (1) a DSGVO, which you give us when you register for ours.
You can revoke this consent at any time by unsubscribing from our newsletter [DSK1]  . 

    c. Service provider

For the management of subscribers and
the dispatch of the newsletter, we use Brevo of the provider Sendinblue GmbH. Your
email address is therefore transmitted by us to Brevo. The processing is
carried out on our behalf and is based on the legal basis of Art. 6 lit. f
DSGVO and serves our legitimate interest in optimizing and economically sending
our newsletter. If you do not want your data to be processed by Brevo, you
should not subscribe to or unsubscribe from the newsletter. 

7. object inquiry and credit check

You can use the "Make inquiry"
function to make direct inquiries about the objects you have selected. For this
purpose, the personal data you provide during registration will be processed by
us. Legal basis for data processing: Art. 6 para. 1 b) DSGVO. All data fields
marked as mandatory are required for the execution of the contract. Failure to
provide them will result in the contractual service not being able to be performed.
The provision of further data is voluntary.

Our company regularly checks your
creditworthiness before concluding contracts, especially in the case of an
inquiry for a leasing object. For this purpose, we cooperate with Creditreform
Boniversum GmbH, Hellersbergstraße 11, 41460 Neuss, from which we receive the
data required for this purpose. For this purpose, we transmit your name and
contact details to Creditreform Boniversum GmbH. You can find a detailed
description of the data processing at Creditreform Boniversum GmbH here: www.boniversum.de/eu-dsgvo/

8. google advertising products

a. Google Analytics

We use the Google Analytics service of
Google Ireland Limited (Ireland/EU) for the needs-based design and ongoing
optimization of our website. The service uses cookies that enable an analysis
of your use of our website. Personal data in the form of online identifiers
(including cookie identifiers), IP addresses, device identifiers and
information about interaction with our website is processed in the process.
Google will use this information on our behalf for the purpose of evaluating
your use of our website, compiling reports on website activity for website
operators and providing other services relating to website activity and
internet usage. In doing so, the processed data can be used to create usage
profiles of the users, which we may link with data we have received via our
contact form. We only use Google Analytics with IP anonymization activated.
This means that the IP address of the user is shortened by Google within member
states of the European Union or in other contracting states of the Agreement on
the European Economic Area. We use the Google Universal Analytics variant. This
allows us to assign interaction data from different devices and from different
sessions to a unique user ID. This allows us to contextualize and analyze
individual user actions.

Further information on this processing
activity, the technologies used, stored data and the storage period can be
found in the settings of our Consent Management Tool. Google Marketing Services
is only used with your consent pursuant to Section 25 (1) TTDSG or Art. 6 (1) a
DSGVO. You can revoke your consent at any time via the settings of our Consent
Management.

b. Google Tag Manager

We use the Google Tag Manager of the
provider Google Ireland Limited (Ireland, EU) on our website. The Google Tag
Manager is used to manage our website tags via an interface. The Google Tag
Manager is a cookie-less domain to which the IP address is transmitted for
technical reasons. The Google Tag Manager merely ensures that other tags are
triggered, which in turn may collect data without accessing this data
themselves. If a deactivation has been made at domain or cookie level, this
remains in place for all tracking tags that are implemented with Google Tag
Manager.

The legal basis for the transmission of
the IP address is Art. 6 para. 1 letter f DSGVO. As a legitimate interest
serves our in an administration of our website services and the triggering of
other tags. 

For more information on data processing,
please visit: https://support.google.com/tagmanager/answer/7157428 

c. Google Ads

We use the Google Ads Conversions marketing
service provided by Google Ireland Limited (Ireland/EU). Google Ads allows us
to place ads relevant to users on the Google advertising network (e.g., in
search results, or on other websites), improve campaign performance reports,
and avoid serving ads to a user multiple times. Each Ads client sets a
different conversion cookie. Thus, these cookies cannot be tracked across the
websites of different Ads clients. A cookie ID is used to record which ads are
played in which browser. This prevents the same campaign from being displayed
more than once. In addition, cookie IDs can be used to record conversions, i.e.
whether a user sees an ad and later visits the advertiser's website and makes a
purchase.

Remarketing allows us to target users
who have already interacted with our website. In doing so, our ads are
delivered when this target group visits a Google website or a website in the
Google advertising network. For these purposes, a code is executed by Google
when our website is called up and so-called (re)marketing tags are integrated
into the website. With their help, an individual cookie is stored on the user's
device. The cookies can be set by various domains, including google.com,
doubleclick.net, googlesyndication.com or googleadservices.com. This file
records which websites users have visited, what content they are interested in
and which offers have been used. In addition, technical information on the
browser and operating system, referring websites, time of visit and other
information on the use of the online offer are stored. All user data is
processed only as pseudonymous data and does not contain any information with
which we can personally identify users. The ads displayed are thus not targeted
to a person, but to the owner of the cookie.

Further information on these processing
activities, the technologies used, stored data and the storage period can be
found in the settings of our Consent Management Tool. Google Marketing Services
is only used with your consent pursuant to Section 25 (1) TTDSG or Art. 6 (1) a
DSGVO.

d. Google Campaign Manager 360, Google Display & Video 360, Search Ads
360

We use the online marketing service "Google Campaign Manager" of Google Ireland Limited (Ireland, EU) on
our website to present you with ads that are relevant to you and to optimize
our advertising campaigns. We use the "Google Display & Video
360" service of Google Ireland Limited (Ireland, EU) to analyze target
groups for our campaigns, to plan campaigns and to design advertisements. We also
use the "Search Ads 360" service of Google Ireland Limited (Ireland,
EU) to plan, manage and optimize advertising campaigns across search engines
and channels.

As part of this use, we use the tool "Floodlight" to create conversion statistics, i.e. to record whether you perform certain actions on our website after clicking on one of our
advertisements.

The processing of your data is based on your consent according to Art. 6 para. 1 letter a DSGVO.

Cookies are set on your terminal device to integrate the services. Cookies are set with your consent, which you can revoke at any time with future effect via our Consent Management Tool. 

When using Google services, a transfer of your data to the USA cannot be ruled out. Please note the information in the section "Data transfer to third countries". Further information on
data protection at Google can be found in Google's privacy policy at
https://policies.google.com/privacy?hl=de.

9. facebook pixel

We use the Facebook Pixel, a Facebook
business tool from Meta Platforms Ireland Limited (Ireland, EU), on our
website. For information on the contact details of Meta Platforms Ireland
Limited and the contact details of Meta Platforms Ireland Limited's data
protection officer, please refer to Meta Platforms Ireland Limited's data
policy at https://www.facebook.com/about/privacy.

The Facebook pixel is a JavaScript code
snippet that allows us to track visitor activity on our website. This tracking
is called conversion tracking. The Facebook pixel collects and processes the
following information (so-called event data) for this purpose:

  • Information
    about actions and activities of visitors to our website, such as searching
    for and viewing a product or purchasing a product;
  • Specific
    pixel information such as the pixel ID and the Facebook cookie;
  • Information
    about buttons clicked by visitors to the website;
  • Information
    present in the HTTP header, such as IP addresses, web browser information,
    page location, and referrer;
  • Information
    about the status of disabling/restricting ad tracking.

 

Some of this event data is information that is stored in the device you are using. In addition, cookies are also used via the Facebook pixel, via which information is stored on your end device used. Such storage of information by the Facebook pixel or access to
information that is already stored in your end device only takes place with
your consent.

Tracked conversions appear in the dashboard of our Facebook Ads Manager and Facebook Analytics. We can use the tracked conversions there to measure the effectiveness of our ads, set Custom Audiences for ad targeting, Dynamic Ads campaigns, and analyze the
effectiveness of our website's conversion funnels. The features we use via the
Facebook Pixel are described in more detail below.

a. Processing of event data for advertising purposes

Event data collected through the
Facebook Pixel is used to target our ads and improve ad delivery, personalize
features and content, and improve and secure Facebook products.

For this purpose, event data is
collected on our website by means of the Facebook pixel and transmitted to Meta
Platforms Ireland Limited. This only takes place if you have previously given
your consent to this. The legal basis for the collection and transmission of
personal data by us to Meta Platforms Ireland Limited is therefore Art. 6 (1) a
DSGVO.

This collection and transfer of Event
Data is carried out by us and Meta Platforms Ireland Limited as joint
controllers. We have entered into a joint controller processing agreement with
Meta Platforms Ireland Limited, which sets forth the allocation of data
protection obligations between us and Meta Platforms Ireland Limited. In this
agreement, we and Meta Platforms Ireland Limited have agreed, among other things,

  • that we
    are responsible for providing you with all information according to Art.
    13, 14 DSGVO about the joint processing of personal data;
  • that Meta
    Platforms Ireland Limited is responsible for enabling the rights of data
    subjects under Articles 15 to 20 GDPR with respect to personal data stored
    by Facebook Ireland after joint processing.

You can access the agreement entered
into between us and Meta Platforms Ireland Limited at https://www.facebook.com/legal/controller_addendum.

Meta Platforms Ireland Limited is the
sole data controller for the subsequent processing of the submitted Event Data.
For more information about how Meta Platforms Ireland Limited processes
personal data, including the legal basis on which Meta Platforms Ireland
Limited relies and how you can exercise your rights against Meta Platforms
Ireland Limited, please refer to Meta Platforms Ireland Limited's Data Policy
at https://www.facebook.com/about/privacy.

b. Processing of event data for analysis
purposes

We have also commissioned Meta Platforms
Ireland Limited to prepare reports on the impact of our advertising campaigns
and other online content based on the event data collected via the Facebook
pixel (campaign reports) and to generate analyses and insights about users and
their use of our website, products and services (analytics). We transfer
personal data contained in the Event Data to Meta Platforms Ireland Limited for
this purpose. The submitted personal data will be processed by Meta Platforms
Ireland Limited as our processor to provide us with the campaign reports and analytics.

Personal data is only processed for the
creation of analyses and campaign reports if you have given your prior consent
to this. The legal basis for this processing of personal data is therefore Art.
6 (1) a DSGVO.

A transfer of data to Facebook Inc. in
the USA cannot be ruled out. The legal basis for this transfer is the standard
contractual clauses for the transfer of personal data to processors in third
countries. Please refer to the notes in the section "Data transfer to
third countries".

10. Microsoft Ads

We use the service Microsoft Advertising (formerly Bing Ads) of the
provider Microsoft Ireland Operations Limited (Ireland, EU) on our website.
Microsoft Advertising is an online marketing service that uses the Universal
Event Tracking (UET) tool to help us display targeted advertisements via the
search engines Microsoft Bing, Yahoo, Aol, other search partners (e.g. Ecosia,
DuckDuckGo) and the Microsoft Audience Network. Microsoft Advertising uses
cookies for this purpose. 

Microsoft Advertising collects data via UET that allows us to track target
groups thanks to remarketing lists. For this purpose, a cookie is stored on the
end device used when visiting our website. Microsoft Advertising can thus
recognize that our website has been visited and play an advertisement when the
above-mentioned services are used at a later time. 

The information
is also used to create conversion statistics, i.e. to record how many users
have reached our website after clicking on an ad. We learn the total number of users
who clicked on our ad and were redirected to our website. However, we do not
receive any information with which users can be personally identified.

The processing of
your data is based on your consent according to Art. 6 para. 1 letter a DSGVO.

Cookies are set
with your consent, which you can revoke at any time with future effect via our
Consent Management Tool. For more information on data protection at Microsoft,
please refer to Microsoft's data protection information at
https://privacy.microsoft.com/de-de/privacystatement.

11. teads

We use the Teads
service of Teads SA (Luxembourg, EU) on our website. Teads is an online
marketing service that allows us to target ads for our products on other
websites and analyze visitor traffic and user interactions on our website.
Teads uses cookies to do this and accesses information stored in your terminal
equipment.

The processing of
your data is based on your consent according to Art. 6 para. 1 letter a DSGVO. 

Cookies are set
with your consent, which you can revoke at any time with future effect via our
Consent Management Tool. For more information on data protection at Teads, please
refer to the Teads privacy policy at https://www.teads.com/privacy-policy/.


III. Data processing on our social media pages

We are represented on several social media platforms with
a company page. Through this, we would like to offer further opportunities for
information about our company and for exchange. Our company has company pages
on the following social media platforms:

  • Facebook
  • Instagram
  • LinkedIn
  • Xing

When you visit or interact with a profile on a social
media platform, personal data about you may be processed. The information
associated with a social media profile used also regularly constitutes personal
data. This also covers messages and statements made while using the profile. In
addition, during your visit to a social media profile, certain information
about it is often automatically collected, which may also constitute personal
data.

1. visit a social media page

   a. Facebook and Instagram page

When you visit our Facebook or Instagram page, through
which we present our company or individual products from our range, certain
information about you is processed. The sole controller of this processing of
personal data is Meta Platforms Ireland Limited (Ireland/EU -
"Meta"). For more information about the processing of personal data
by Meta, please visit https://www.facebook.com/privacy/explanation. Meta offers
the possibility to object to certain data processing; information and opt-out
options in this regard can be found at
https://www.facebook.com/settings?tab=ads.

Meta provides us with anonymized statistics and
insights for our Facebook and Instagram page that help us gain insights about
the types of actions people take on our page (known as "page
insights"). These Page Insights are created based on certain information
about individuals who have visited our Page. This processing of personal data
is carried out by Meta and us as joint controllers. The processing serves our
legitimate interest to evaluate the types of actions taken on our site and to
improve our site based on these insights. The legal basis for this processing
is Article 6 (1) (f) DSGVO. We cannot associate the information obtained via
Page Insights with individual Facebook or Instagram profiles that interact with
our Facebook or Instagram page. We have entered into a joint controller
agreement with Meta, which sets out the distribution of data protection
obligations between us and Meta. For details about the processing of personal
data to create Page Insights and the agreement entered into between us and
Meta, please visit
https://www.facebook.com/legal/terms/information_about_page_insights_data. In
relation to these data processing operations, you have the option of asserting
your data subject rights (see "Your rights") against Meta as well.
Further information on this can be found in Facebook's privacy policy at
https://www.facebook.com/privacy/explanation.

Please note that according to the Meta Privacy Policy,
user data is also processed in the USA or other third countries. Meta transfers
User Data only to countries for which an adequacy decision has been issued by
the European Commission pursuant to Art. 45 of the GDPR or on the basis of
appropriate safeguards pursuant to Art. 46 of the GDPR.

   b. LinkedIn company page

LinkedIn Ireland Unlimited Company (Ireland/EU -
"LinkedIn") is the sole responsible party for the processing of
personal data when you visit our LinkedIn page. Further information about the
processing of personal data by LinkedIn can be found at
https://www.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy.

When you visit, follow or engage with our LinkedIn
company page, LinkedIn processes personal data to provide us with anonymized
statistics and insights. This provides us with insights into the types of
actions that people take on our page (so-called page insights). For this
purpose, LinkedIn processes in particular such data that you have already
provided to LinkedIn via the information in your profile, such as data on
function, country, industry, seniority, company size and employment status. In
addition, LinkedIn will process information about how you interact with our
LinkedIn company page, such as whether you are a follower of our LinkedIn
company page. With the page insights, LinkedIn does not provide us with any
personal data about you. We only have access to the aggregated Page Insights.
It is also not possible for us to draw conclusions about individual members via
the information in the Page Insights. This processing of personal data in the
context of the Page Insights is carried out by LinkedIn and us as joint
controllers. The processing serves our legitimate interest to evaluate the
types of actions taken on our LinkedIn company page and to improve our company
page based on these insights. The legal basis for this processing is Article
6(1)(f) DSGVO. We have entered into a joint controller agreement with LinkedIn,
which sets out the distribution of data protection obligations between us and
LinkedIn. The agreement is available at: https://legal.linkedin.com/pages-joint-controller-addendum.
Accordingly, the following applies:

  • LinkedIn and we have agreed that LinkedIn is
    responsible for enabling you to exercise your rights under the GDPR. You
    can contact LinkedIn to do so online via the following link (https://www.linkedin.com/help/linkedin/ask/PPQ?lang=de) or reach
    LinkedIn via the contact details in the Privacy Policy. You can contact
    the Data Protection Officer at LinkedIn Ireland via the following link: https://www.linkedin.com/help/linkedin/ask/TSO-DPO.
    You may also contact us at our provided contact details about exercising
    your rights in connection with the processing of personal data in the
    context of the Page Insigts. In such a case, we will forward your request
    to LinkedIn.
  • LinkedIn and we have agreed that the Irish Data
    Protection Commission is the lead supervisory authority overseeing
    processing for Page Insights. You always have the right to lodge a
    complaint with the Irish Data Protection Commission (see at
    www.dataprotection.ie) or any other supervisory authority.

Please note that according to the LinkedIn Privacy
Policy, personal data is also processed by LinkedIn in the USA or other third
countries. LinkedIn transfers personal data only to countries for which the
European Commission has issued an adequacy decision pursuant to Article 45 of
the GDPR or on the basis of appropriate safeguards pursuant to Article 46 of
the GDPR.

    c. Xing

New Work SE (Germany/EU) is the sole responsible party
for the processing of personal data when visiting our Xing profile. Further
information about the processing of personal data by New Work SE can be found
at https://privacy.xing.com/de/datenschutzerklaerung.

2. comments and direct messages

We also process information that you have provided to
us via our company page on the respective social media platform. Such
information may be the username used, contact details or a message to us. These
processing operations by us are carried out as the sole responsible party. We
process this data on the basis of our legitimate interest in contacting
inquiring persons. The legal basis for the data processing is Art. 6 para. 1
letter f DSGVO. Further data processing may take place if you have consented
(Art. 6 para. 1 letter a DSGVO) or if this is necessary for the fulfillment of
a legal obligation (Art. 6 para. 1 letter c DSGVO).

IV. Further Data Processing Using The Broker Mobile App

When using the Broker Mobile App, we collect information that you provide yourself. In addition, during the use of the app, certain information about the use is automatically collected by us.

1. Downloading the app

When downloading the app, certain required information is transmitted to the app store selected by you (e.g. Google Play or Apple App Store), in particular the user name, the e-mail address, the customer number of your account, the time of the download, as well as the individual device number can be processed. The processing of this data is carried out exclusively by the provider of the respective app store and is outside our sphere of influence.

2. Automatic data processing when using the app

Within the scope of the use of the app, we process certain data automatically insofar as this is necessary for the provision and use of the app. This may include in particular the internal device ID, the version of the operating system used, the time of access and the assigned IP address.
This data is automatically processed by us in order to make the app and its functions available and to detect and prevent misuse and malfunctions of the app. We have a legitimate interest in ensuring the functionality and error-free operation of the app. Insofar as personal data are also processed in this context, this is based on the legal basis of Art. 6 (1) f DSGVO.

3 Processing of data via OWNR partners

As a user of the app, you have the option of saving certain data about yourself directly in the app. Data saved in this way no longer need to be entered separately when continuing to use the other functions of the app. The data entered can be changed at any time. The data is stored locally on the end device used and is not transmitted to us. The storage of the data is voluntary and not necessary for the use of the app.
The legal basis for the storage and processing of the data provided is Art. 6 para. 1 letter f DSGVO.

4. processing of data in the leasing rate calculator function

When using the "Leasing Rate Calculator" function, we process the information and data that you provide to us via the input mask. It is also necessary to provide an e-mail address. The provision of the data is necessary so that the function can be used. We store the data in our customer management system so that we can track your use of the "Leasing Rate Calculator" function. 
Legal basis for the storage and processing of the data provided Art. 6 para. 1 letter f DSGVO.

5. processing of data for the customer recommendation/referrals function

Real estate agents can use the "Customer recommendation/referrals function" to transmit information about interested parties and to us in order to receive certain benefits in return. The following information about interested parties is transmitted to us:

  • Salutation
  • First name
  • Surname
  • E-mail address
  • Telephone number
  • If applicable, further message


We store this data in our customer management system and use it to track future enquiries from interested parties. This serves our legitimate interest in obtaining an overview of interested parties in our offer and to be able to grant real estate agents advantages within the framework of the "customer recommendation" function.
The legal basis vis-à-vis the interests concerned is Art. 6 para. 1 lit. f DSGVO. 

IV. Further data processing

1. contact by e-mail

If you send us a message via the contact email
provided, we will process the transmitted data for the purpose of responding to
your inquiry. We process this data based on our legitimate interest to get in
touch with inquiring persons. The legal basis for the data processing is Art. 6
para. 1 letter f DSGVO.

2. data processing within the scope of the initiation relationship

If you are interested in our
offers, an exchange of personal data takes place. Through our online forms, within
our portal or during personal visits, you can send us data and documents that
we store in our systems. The upload of documents in our portal at the time of
your general expression of interest is voluntary.

We use the data to check
whether and which properties match your search parameters and to assess whether
you are a suitable lessee and, if applicable, a subsequent tenant or buyer of
our properties. 

The processing of your personal
data in this context serves our legitimate interest and is therefore based on
the legal basis of Art. 6 (1) f DSGVO. In the case of the intention to lease a specific
property, the data processing is based on Art. 6 para. 1 letter b DSGVO and is
necessary for the implementation of the pre-contractual obligation.

In the course of this, we may also
request a credit check from the credit reporting agency Creditreform Boniversum
GmbH. Please refer to the information on the credit check in the section
"Object inquiry and credit check".

We use the service Salesforce. With Salesforce, a
transfer of data to Salesforce Inc. in the USA cannot be ruled out. Please note
the information in the section "Data transfer to third countries".
Salesforce uses Binding Corporate Rules for international data transfers and
also agrees on EU standard contractual clauses with customers. Further
information on this is available at https://www.salesforce.com/de/company/privacy/

3. use of the e-mail address for marketing purposes

We may use the email address you provide when
registering or ordering to inform you about our own similar products and
services offered by us. The legal basis is Art. 6 para. 1 lit. f DSGVO in
conjunction with. § Section 7 (3) UWG. You can object to this at any time
without incurring any costs other than the transmission costs according to the
prime rates. To do so, you can unsubscribe by clicking on the unsubscribe link
contained in each mailing or by sending an e-mail to contact@ownr.eu.

4. applications

If you apply to our company, we process your
application data exclusively for purposes related to your interest in current
or future employment with us and the processing of your application. Your
application will only be processed and noted by the relevant contacts at our
company. All employees entrusted with data processing are obliged to maintain
the confidentiality of your data. If we are unable to offer you employment, we
will retain the data you have provided for up to six months after any rejection
for the purpose of answering questions relating to your application and
rejection. This does not apply if legal provisions prevent deletion, if further
storage is necessary for the purpose of providing evidence, or if you have
expressly consented to longer storage. The legal basis for data processing is
Section 26 (1) sentence 1 BDSG. If we store your applicant data beyond a period
of six months and you have expressly consented to this, we would like to point
out that this consent can be freely revoked at any time in accordance with Art.
7 (3) DSGVO. Such revocation shall not affect the lawfulness of the processing
that was carried out on the basis of the consent until the revocation.


Status: July 2023