Data protection

General information

The following information provides a simple overview of how personal data is processed when you visit our website and as part of our business services. Personal data is any data by which you can be personally identified. For detailed information on the subject of data protection, please refer to the data protection notices listed in the following text.

It goes without saying that the protection of your personal data and fair and transparent data processing are important to us. In the following, we provide you with the information according to Art. 13 and 14 DSGVO that you need to review and exercise your rights regarding data protection. We are to be designated as the responsible party within the meaning of the General Data Protection Regulation (DSGVO) and the Federal Data Protection Act (BDSG), as well as other data protection regulations such as the Telecommunications and Telemedia Data Protection Act (TTDSG) for our website and the associated data processing. Comprehensive information about our organization can be found in the imprint.

The following data protection information is divided into the following sections:

I.            Information about the responsible person
II.           Data processing on our website
III.          Data processing within the scope of our business services
IV.          Data subject rights

I. Details of the person in charge

Person responsible for data collection:

Deutsche Investment Kapitalverwaltung AG
Burchardtstrasse 24
20095 Hamburg
Telephone: +49 40 33 460 49 70
E-mail: info@deutsche-investment.com

Data Protection Officer

GFAD Datenschutz GmbH
Data Protection Officer
Huttenstrasse 34/35
10553 Berlin
Phone: +49 30 26 911 11
E-mail: datenschutz@gfad.de

II. Data processing on our website

Data security on our website

To ensure the security of our website, we use a valid state-of-the-art SSL certificate. A website encrypted with SSL transmits personal data to the server in an encrypted form so that it is impossible for third parties to intercept or read it. A certificate verifies our identity. Depending on your browser, you can recognize that a secure connection exists by the display of a lock symbol. By clicking on the lock symbol, you can view our online proof of identity. By encrypting the transmission, you can assume that your entered data is sufficiently protected against unauthorized access during transmission according to the state of the art.

Protection of minors

Our offer is basically directed at adults. Persons under the age of 18 may not transmit any personal data to us without the consent of their parents or legal guardians.

Hosting

The hosting services used by us serve to provide the following services: Infrastructure and platform services, computing capacity, storage space and database services, security services and technical maintenance services, which we use for the purpose of operating this online offer.

In this context, we, or our hosting service provider STRATO AG, Pascalstraße 10, 10587 Berlin, process inventory data, contact data, content data, contract data, usage data, meta data and communication data of customers, interested parties and visitors of this online offer on behalf of us for the support and maintenance of our Internet pages on the basis of our legitimate interests in an efficient and secure provision of this online offer pursuant to Art. 6 para. 1 lit. f DSGVO. The data processing of our hosting service provider is carried out within the framework of a contract processing agreement according to Art. 28 DSGVO.

Provision of the website and log files

The entry of personal data is not necessary for the purely informational use, i.e. if you do not otherwise transmit information to us, of our website.

Nevertheless, every time our website is called up, personal data is automatically collected in addition to information from the system of the calling computer or end device of the user, which your browser transmits to our server. The following data, which is technically necessary for us to display our website to you, is collected by us in this context:

  • Information about the browser type and version used.
  • The user's Internet service provider
  • The IP address of the user
  • The operating system of the user's terminal device
  • Date and time of access
  • Time zone difference to Greenwich Mean Time (GMT)
  • Content of the request (specific page)
  • Access status/HTTP status code
  • Amount of data transferred in each case
  • The previous website from which the user accessed our website
  • Operating system and its interface
  • Language and version of the browser software

The legal basis for the temporary storage of this data in so-called log files are our legitimate interests as the responsible website operator according to Art. 6 para. 1 lit. f. DSGVO, to ensure the technical presentation and stability and security of the website.

The temporary storage of the user's IP address by our system is necessary to enable delivery of the website to the user's computer. For this purpose, the user's IP address must necessarily remain stored for the duration of the session. The storage of the above-mentioned data in the log files is done to ensure the functionality of our website. In addition, we use this data to optimize the website and to ensure the security of our information technology systems (e.g. attack detection). An evaluation of the data for marketing purposes does not take place in this context. The above-mentioned data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended. In the case of storage of data in log files, this is the case after 14 days at the latest. Storage beyond this is possible if there are indications of an illegal attack on our systems.

Cookies

When using our website, cookies are stored on your computer. Cookies are small text files that are stored on the end device associated with the browser you are using and are assigned certain information by the respective service provider that sets the cookie. Cookies cannot execute programs or transfer viruses to your computer. They are used to make the Internet offer as a whole more user-friendly and effective. The legal basis for the use of technically necessary cookies for the operation of the website is Section 25 (2) No.2 TTDSG, if the storage of information in the end user's terminal equipment or access to information already stored in the end user's terminal equipment is absolutely necessary for the provider of a telemedia service to provide a telemedia service expressly requested by the user. For the processing of personal data by technically required cookies, this is done to protect our legitimate interest pursuant to Art. 6 para. 1 lit. f. DSGVO, to design and optimize our website in a user-friendly manner. For all technically unnecessary cookies, Section 25 (1) TTDSG applies, for which consent is obtained. Insofar as personal data is also processed by technically unnecessary cookies, consent under data protection law will be obtained if necessary in accordance with Art. 6 Para. 1 lit. a DSGVO, unless there is another legal basis (Art. 6 Para. 1 lit. b, f DSGVO).

This website uses the following types of cookies, the scope and functionality of which are explained below:

Transient cookies

These cookies are automatically deleted when you close the browser. These include in particular the session cookies. These store a so-called session ID, with which various requests from your browser can be assigned to the joint session. This allows your computer to be recognized when you return to our website. For the optimization and presentation of the website, these cookies are technically necessary in the sense of § 25 para. 2 no. 2 TTDSG. Session cookies are deleted when you log out or close the browser.

Persistent cookies

These cookies are deleted automatically after a specified period of time, which may differ depending on the cookie. You can delete the cookies in the security settings of your browser at any time.

Third-party cookies

For the further development and improvement of our online offer (reach measurement, website analysis, website optimization), we use services of third-party providers that also use cookies on the legal basis of safeguarding our legitimate interests pursuant to Art. 6 (1) lit. f DSGVO. Insofar as effective consent is obtained via a consent management tool or consent banner, data processing is carried out on the basis of the consent given in accordance with Section 25 (1) TTDSG and Art. 6 (1) lit. a DSGVO. Insofar as the cookies from third-party providers are technically necessary, this is done in accordance with § 25 para. 2 no. 2 TTDSG. Further information on the third-party services we use on our website can be found listed separately below as part of our privacy policy.

Prevention of cookies

You can configure your browser settings according to your preferences and, for example, refuse to accept third-party cookies or all cookies. We would like to point out that you may then not be able to use all functions of this website.

Usercentrics Consent Management Platform (CMP)

Dies ist ein Zustimmungsverwaltungsdienst. Die Usercentrics GmbH, Sendlinger Str. 7, 80331 München wird auf der Website als Auftragsverarbeiter zum Zwecke des Consent Managements eingesetzt. Dies erfolgt zur Erfüllung gesetzlicher Verpflichtungen aus dem TTDSG gemäß Art. 6 Abs. 1 lit. c DSGVO für einwilligungspflichtige Cookies und Dienste eine wirksame Einwilligung einzuholen sowie zur Wahrung unserer berechtigten Interesses gemäß Art. 6 Abs. 1 lit. f DSGVO die Einwilligung im Zweifel nachweisen zu können. Die Einwilligungsdaten werden drei Jahr lang gespeichert. Zur Erbringung des Dienstes werden technisch erforderliche Cookies gemäß § 25 Abs. 2 Nr. 2 TTDSG gesetzt.

Third-party services

Adobe Web fonts

This website uses web fonts from Adobe for the uniform display of certain fonts. The service provider in the European Economic Area (EEA) is Adobe Systems Software Ireland Limted, 4-6 Riverwalk, City West Business Campus, Saggart D24, Dublin, Ireland (Adobe Ireland), which processes personal information when you use Adobe solutions. For the purposes of providing the Services, personal information may also be transferred to companies outside the EEA to third countries, such as Adobe Inc, 345 Park Avenue, San Jose, CA 95110-2704, USA (Adobe U.S.). Where this is the case, Adobe relies on the EU's standard contractual clauses and adequacy decisions on specific countries.

Adobe Fonts is a service that provides access to a font library for use in desktop applications and websites.

When you visit this website, your browser downloads the required fonts directly from Adobe to display them correctly on your device. In the process, your browser establishes a connection to Adobe's servers in the United States. This enables Adobe to know that your IP address has been used to access this website. When providing the "Adobe Fonts" service for websites, Adobe states that no cookies are placed on websites or used to provide the fonts. In providing the Adobe Fonts service to websites, Adobe may collect information about the fonts that are provided to the website. Adobe uses the information collected from websites that use Adobe Fonts to provide the Adobe Fonts service and to diagnose delivery or download issues.

The storage and processing of personal data as part of the "Adobe fonts" service is technically necessary for the presentation of the website pursuant to Section 25 (2) No. 2 TTDSG and is carried out to protect the legitimate interests of the website operator pursuant to Article 6 (1) f DSGVO in the uniform presentation of the typeface on its website. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) as defined by the TTDSG. The consent can be revoked at any time.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.adobe.com/de/privacy/eudatatransfers.html. As additional protective measures, access to personal data is encrypted with Transport Layer Security (TLS). Additional technical and organizational measures are available at https://www.adobe.com/content/dam/cc/en/legal/terms/enterprise/pdfs/PUBLIC-TOSM-2021DEC2.pdf.

For more information about Adobe Fonts, please visit: https://www.adobe.com/de/privacy/policies/adobe-fonts.html.

Adobe's privacy policy can be found at: https://www.adobe.com/de/privacy/policy.html.

Google Analytics

This website uses functions of the web analysis service Google Analytics for statistical analysis of user behavior for optimization and marketing purposes. The service is only activated insofar as the user gives effective consent. Further processing is based on the consent given in accordance with Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG. Consent given can be revoked at any time with effect for the future by making the appropriate Consent settings. For Google services within the EEA and Switzerland, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland has been the provider of the service and the responsible data controller under data protection law since 22.01.2019. Google Analytics uses so-called "cookies". These are text files that are stored on your computer and enable an analysis of your use of the website. In order to provide the service, it may be necessary for the information generated by the cookie about your use of the website to be transmitted to and stored by Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA on servers in the United States. 

The USA is assessed by the European Court of Justice as a country with an insufficient level of data protection according to EU standards. In particular, there is a risk that your data may be processed by US authorities, for control and for monitoring purposes, possibly also without any legal remedy.

This data is stored for a maximum of 24 months before it is automatically deleted, unless the cookies are already deleted by the user beforehand or the cookie settings are changed accordingly. The purpose of the Google Analytics component is to analyze the flow of visitors to our website. Among other things, Google uses the data and information obtained to evaluate the use of our website, to compile online reports for us showing the activities on our website, and to provide other services related to the use of our website.

Data protection and data security in Google Analytics

The EU standard contractual clauses have been agreed for the transfer of data to Google LLC in the USA. The EU standard contractual clauses represent a guarantee of an adequate EU level of data protection in accordance with Art. 46 DSVO. As additional protection measures, the IP anonymization function is activated and Google LLC continues to contractually commit to comply with the requirements from the self-certification of the former US Privacy Shield. With your consent to use these services, you also consent to the processing of your data in the USA in accordance with Art. 49 (1) lit. a DSGVO. The USA is assessed by the European Court of Justice as a country with an insufficient level of data protection according to EU standards. In particular, there is a risk that your data may be processed by US authorities, for control and for monitoring purposes, possibly also without any legal remedy.

In addition, Google Analytics and Google Analytics 360 have been certified to the independent security standard ISO 27001. ISO 27001 is one of the most widely recognized standards in the world. The certification relates to the systems provided via Google Analytics and Google Analytics 360.

IP anonymization

We have activated the IP anonymization function on this website. This means that your IP address is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will process this information for the purpose of evaluating your use of the website statistically, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with any other data held by Google. The controller uses the addition "_gat._anonymizeIp" for web analysis via Google Analytics. By means of this add-on, the IP address of the Internet connection of the data subject is shortened and anonymized by Google if access to our Internet pages is from a member state of the European Union or from another state party to the Agreement on the European Economic Area.

Browser add-on

You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser add-on available at the following link to disable Google Analytics: https://tools.google.com/dlpage/gaoptout.

Objection to data collection

If you do not want your website activity to be available to Google Analytics, you can install the browser add-on to disable Google Analytics via the following link https://tools.google.com/dlpage/gaoptout. An opt-out cookie will be set that will prevent the collection of your data during future visits to this website by the Java Script executed on websites (gtag.js, ga.js, analytics.js and dc.js) from sharing activity data with Google Analytics. You may also refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website.

More information on the handling of user data at Google Analytics can be found in Google's privacy policy: https://support.google.com/analytics/answer/6004245

Newsletter

If you would like to receive the newsletter offered on the website, we require an e-mail address from you as well as information that allows us to verify that you are the owner of the specified e-mail address and agree to receive the newsletter. To verify your e-mail address, you will receive a confirmation e-mail after registering for the newsletter, in which you are asked to confirm the correctness of your registration for the newsletter (double opt-in procedure). Further data will not be collected or only on a voluntary basis. We use this data exclusively for sending the requested information and do not pass it on to third parties.

The processing of the data entered in the newsletter registration form is based exclusively on your consent (Art. 6 para. 1 lit. a DSGVO). You can revoke your consent to the storage of the data, the e-mail address and their use for sending the newsletter at any time, for example via the "unsubscribe" link in the newsletter. The legality of the data processing operations already carried out remains unaffected by the revocation.

The data you provide us with for the purpose of receiving the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted after you unsubscribe from the newsletter. Data that has been stored by us for other purposes (e.g. e-mail addresses for the member area) remains unaffected by this.

NEWSLETTER2GO

This website uses Newsletter2Go to send newsletters as part of an order processing. The provider is Sendinblue GmbH, Köpenicker Str. 126, 10179 Berlin, Germany. Newsletter2Go is a service with which, among other things, the dispatch of newsletters can be organized and analyzed. The dispatch and analysis of newsletters is based on the consent given with the registration in accordance with Art. 6 para. 1lit. a DSGVO. If existing customers or potential business customers receive newsletters, the dispatch and analysis of the newsletter is carried out for the fulfillment of the contract (Art. 6 para. 1 lit. b DSGVO) and for the purpose of direct advertising (Art. 6 para. 1 lit. f DSGVO). The data you enter for the purpose of receiving the newsletter will be stored on Newsletter2Go's servers in Germany. If you do not want any analysis by Newsletter2Go, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link in each newsletter.

Data analysis by NEWSLETTER2GO

With the help of Newsletter2Go it is possible for us to analyze our newsletter campaigns. For example, we can see whether a newsletter message was opened and which links, if any, were clicked. In this way, we can determine, among other things, which links were clicked on particularly often. In addition, we can see whether certain previously defined actions were performed after opening/clicking (conversion rate). For detailed information on the functions of Newsletter2Go, please refer to the following link: www.newsletter2go.de/features/newsletter-software/

Online application platform JOIN

Through our website, we offer you the opportunity to apply for our job offers via the online application platform JOIN. Responsible for data processing via the platform Join in accordance with Art. 4 No. 7 DSGVO. The privacy policy of the service provider is available at https://join.com/de/datenschutz/.

As soon as an application is transmitted to us as an employer via the platform, we are responsible under data protection law with regard to the data processing that takes place after the transmission. The data transmitted by way of application, i.e. in particular cover letter, resume, additional information in the career profile and documents as well as contact information, are processed by us and stored locally. The legal basis for this is Section 26 BDSG in conjunction with Article 6 (1) b, f DSGVO.

Application for our job offers/training opportunities

If you are interested in one of our job offers and would like to apply, please send us your complete application documents in PDF format by e-mail to the e-mail address provided or by post to our postal address. This includes a cover letter, curriculum vitae and your existing references. If your application documents contain photographs, we consider this to be implied consent to the processing of the photograph. In accordance with Art. 7 (3) sentence 1 DSGVO, you are entitled to revoke this consent at any time.

We would also like to point out that certain security risks (such as unauthorized reading, unauthorized access, infection with malware, loss of data, etc.) exist if your documents are sent by e-mail without encryption and cannot be ruled out. Your application documents will only be forwarded to the relevant employees within our cooperative for processing. The review of your application documents is carried out for the purpose of initiating an employment relationship on the legal basis of Art. 6 Para. 1 lit. b) DSGVO in conjunction with. § 26 BDSG.

Should an employee relationship be established after the application process has been completed, we will require your personal data to implement the employee contract on the legal basis of Art. 6 (1) (b) DSGVO. In the event of a negative outcome of the application process, we will delete the application documents 6 months after the end of the application process, unless you have given us permission to store your data for a longer period and there are no statutory retention periods to the contrary.

Unsolicited application

If there are no suitable vacancies available at the moment, you are also welcome to send us an unsolicited application. Your application will be processed on the basis of your consent pursuant to Art. 6 (1) a) DSGVO for the establishment and implementation of an employment relationship pursuant to Art. 6 (1) b) DSGVO. Due to our legitimate interest according to Art. 6 para. 1 lit. f) DSGVO, we store your application documents for up to 6 months, unless you give us your consent for a longer storage of your application documents.

Presence in social networks (social media)

We maintain online presences within social networks and process user data in this context in order to communicate with users active there or to offer information about us. The online presences are linked via our website within the framework of social media buttons. In the context of social networks, user data may also be processed outside the European Economic Area (EEA). This may result in risks for users because, for example, the enforcement of users' rights may be more difficult.

In addition, user data is usually processed within social networks for market research and advertising purposes. For example, usage profiles can be created based on the usage behavior and resulting interests of the users. The usage profiles can in turn be used, for example, to place advertisements within and outside the networks that presumably correspond to the interests of the users. For these purposes, cookies can usually be stored on the users' computers, in which the usage behavior and interests of the users are stored. Furthermore, data independent of the devices used by the users may also be stored in the usage profiles, especially if the users are members of the respective platform and logged in to it.

For a detailed presentation of the respective forms of processing and the options to object (opt-out), we refer to the privacy statements and information provided by the operators of the respective networks. In the case of information requests and the assertion of data subject rights, we would also like to point out that these can most effectively be asserted with the providers themselves. Only the providers have access to the users' data and can take appropriate measures and provide information directly. If you still need support, you can also contact us.

Types of data processed: contact data (e.g. e-mail, telephone numbers); content data (e.g. entries in online forms); usage data (e.g. websites visited, interest in content, access times); meta/communication data (e.g. device information, IP addresses).

Data subjects: Users (e.g., website visitors, users of online services).

Purposes of processing: company presentation and communication of current information as part of public relations; contact inquiries and communication; feedback (e.g. collecting feedback via online form); marketing.

Legal basis: Art. 6 para. 1 lit. f DSGVO to protect the legitimate interests of the controller and third parties to promote public relations and marketing.

Xing: Social professional network of the provider New Work SE, Am Strandkai 1, 20457 Hamburg. For the processing of personal data on the company presence in the context of the social professional network Xing, the responsible party in the sense of Art. 4 No. 7 DSGVO is the service provider. Further information on the service provider at www.xing.com and on the privacy policy at https://privacy.xing.com/de/datenschutzerklaerung.

LinkedIn

: Social professional network of the provider LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. We operate a company page on the LinkedIn professional network. A company page provides a detailed overview of the company as well as basic information such as areas of expertise, size, website URL and industry. As part of the company page, LinkedIn provides us with page insights. This is aggregated data that provides page insights about visitors to the company page.  When a member visits, follows, or engages with the page, LinkedIn processes personal data to provide page insights. Specifically, LinkedIn processes data that the member has provided to LinkedIn, such as the member's job function, country, industry, length of service, company size, and employment status from the member's profile. In addition, LinkedIn processes information about how a member has interacted with your company page, such as whether a member is a follower. For the processing of Page Insights, we are joint controllers with LinkedIn pursuant to Art. 26 DSGVO. A separate agreement has been made with LinkedIn Ireland for this purpose, available at legal.linkedin.com/pages-joint-controller-addendum. In this agreement, LinkedIn agrees to assume responsibility for the processing of Page Insights and the resulting data protection obligations, in particular the implementation of data subject rights. In addition, data subject rights can also be asserted against us, which we then forward to LinkedIn. The processing of Page Insights by us is carried out to protect our legitimate interests pursuant to Art. 6 (1) lit. f DSGVO for the analysis, evaluation and optimization of our company website. Data transfers by the provider LinkedIn Ireland to third countries and the USA are carried out on the basis of the contractually agreed EU standard contractual clauses, which constitute a suitable guarantee for data transfer to third countries in accordance with Art. 46 (2) lit. c DSGVO. In addition, LinkedIn takes appropriate technical and organizational measures to protect personal data, available at

https://security.linkedin.com/trust-and-compliance. These are evidenced by corresponding internationally recognized certifications, such as 27001.

Youtube: Social network and video platform of the provider Google Ireland Limited, headquartered at Gordon House, Barrow Street, Dublin 4, Ireland. We operate our own company channel on the video platform You tube. The publication and uploading of audio or audiovisual content takes place within the framework of an order processing agreement with you tube, available at https://www.youtube.com/t/terms_dataprocessing. In order to provide the service, it may be necessary to transfer and process personal data to affiliated or other companies in the USA. The transfer of data to third countries takes place on the basis of the EU standard contractual clauses agreed with Goolge LLC, which constitute a suitable guarantee for data transfers to third countries in accordance with Art. 46 (2) lit.c DSGVO. As part of the commissioned processing agreement, Google Ireland Limited undertakes to take additional security measures to protect personal data. In addition, Youtube offers Google users opt-out options in the context of their account settings.

Contact by e-mail

We can be contacted via the e-mail addresses provided. In this case, the personal data of the sender, i.e. the user, transmitted with the inquiry will be stored. In this context, we would like to point out that transmission as an unencrypted e-mail involves certain security risks, as it is not possible to exclude the possibility of reading or unauthorized access. The processing of this data, which is transmitted in the course of sending a request, is carried out on the legal basis of Art. 6 para. 1 lit. f. DSGVO of our legitimate interests to answer your request satisfactorily. If the request is aimed at the fulfillment of an existing contract or the conclusion of a new contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b. for the initiation and fulfillment of a contract. The processing of this personal data serves us solely to process the contact.  Your data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. For the personal data sent by e-mail, this is the case when the respective request is answered and the conversation with the user has ended. The conversation is ended when it is clear from the circumstances that the matter in question has been conclusively clarified and no contract has been concluded. Inquiries about the contractual relationship are stored for the duration of the existing contractual relationship.

All personal data that was stored in the course of contacting us will be deleted in this case, provided that there are no legal retention periods to the contrary.

Recipients of the data or categories of recipients

Within our organization, those entities will have access to your data that need it to fulfill contractual and legal obligations.

External service providers (order processors)

Your data may be shared with our IT and software service providers for maintenance and support to assist us in providing our services.

Processing of your personal data by contracted service providers takes place within the framework of contract processing pursuant to Art. 28 DSGVO.

Transfers to third countries

If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA) or if this is done in the context of using third-party services or disclosing, or transferring data to third parties, this will only be done if it is done to fulfill our (pre)contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests, or if another legal basis permits this. Subject to legal or contractual permissions, we process or allow the processing of data in a third country only if the special requirements of Art. 44 et seq. DSGVO are met. I.e. the processing is carried out, for example, on the basis of special guarantees, such as the officially recognized determination of a level of data protection corresponding to the EU (EU adequacy decision) or compliance with officially recognized special contractual obligations (so-called "standard contractual clauses").

Data transfer to the USA

Among other things, services of companies based in the USA are integrated on our website. If these services are active, your personal data could be transferred to the US servers of the respective companies. We inform that the USA is currently not a safe third country in the sense of EU data protection law according to the case law of the ECJ. Due to the surveillance laws in the USA, US service providers may be obliged to hand over personal data to security authorities without data subjects being able to appeal against this. It can therefore not be ruled out that US authorities, such as intelligence agencies, may process, evaluate and permanently store your data located on servers of US service providers for surveillance purposes. We have no influence on these processing activities.

Recipients of the data or categories of recipients

Within our organization, those entities will have access to your data that need it to fulfill contractual and legal obligations.

External service providers (order processors)

Your data is shared with our IT and software service providers for maintenance and support to assist us in providing our services.

Processing of your personal data by contracted service providers takes place within the framework of order processing pursuant to Art. 28 DSGVO.

Transfers to third countries

If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA) or if this is done in the context of using third-party services or disclosing, or transferring data to third parties, this is only done if it is done to fulfill our (pre)contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests, or if another legal basis permits this. Subject to legal or contractual permissions, we process or allow the processing of data in a third country only if the special requirements of Art. 44 et seq. DSGVO are met. I.e. the processing is carried out, for example, on the basis of special guarantees, such as the officially recognized determination of a level of data protection corresponding to the EU (EU adequacy decision) or compliance with officially recognized special contractual obligations (so-called "standard contractual clauses").

Storage of data

As far as necessary, we process and store personal data for the duration of the business relationship. This also includes the initiation and processing of a contract. For the duration of the existence of warranty and guarantee claims, the personal data required for this purpose are stored. In addition, we store personal data insofar as we are legally obliged to do so. Corresponding obligations to provide proof and to store data result from the German Commercial Code (Handelsgesetzbuch) and the German Fiscal Code (Abgabenordnung). The periods for storage or documentation specified there are six years in accordance with commercial law requirements under Section 257 of the German Commercial Code (HGB) and up to ten years based on tax requirements under Section 147 of the German Fiscal Code (AO). We delete personal data of the person concerned as soon as the purpose of the storage no longer applies and legal retention periods do not prevent a deletion.

III. Data processing within the scope of our business services

Management of prospective tenants and tenants

For the initiation and implementation of a tenancy relationship, we process personal data on the legal basis of Art. 6 (1) b) DSGVO. The data of prospective tenants will be deleted after 12 months in the context of the apartment application, provided that no tenancy is concluded and there is no consent to longer storage. If a tenancy is established, the data provided will be stored and processed electronically in a database for the purpose of implementing the tenancy agreement. As a rule, this data is deleted 10 years after the end of the tenancy relationship, provided that no other legal retention periods exist. As part of the rental agreement, we will send information on the rental relationship as required and inform you about upcoming repair work. If you no longer wish to receive general information about the rental relationship, you can inform us of this at any time in text form to the above address.

We process your personal data for the implementation and fulfillment of the existing permanent use/tenancy relationship within the organization on the legal basis of Art. 6 para. 1 lit. b. DSGVO in accordance with the requirements of our contractual obligations arising from the administrator contract and for the fulfillment of legal obligations (Art. 6 para. 1 lit. c DSGVO). In addition, we process personal data for the protection of legitimate interests of us or of third parties for

  • internal evaluations and analyses as well as marketing measures
  • Implementation of an interested party management within the scope of an order processing
  • Consultation of and data exchange with credit agencies to determine creditworthiness or default risks in the leasing process
  • Assertion, exercise and defense of legal claims
  • Ensuring IT security and IT operations of the organization
  • Prevention and preservation of evidence for the investigation of criminal offences through video surveillance

Collection and provision of consumption information during the year (UVI).

The collection of consumption data is carried out for the preparation of the operating cost statement within the framework of the fulfillment of the lease agreement pursuant to Art. 6 (1) lit. b DSGVO. This is usually done by external metering service providers as part of commissioned processing pursuant to Art. 28 DSGVO. Due to the amendment of the Heating Costs Ordinance by the German legislator to implement the EU Energy Efficiency Directive into national law, landlords are obliged to provide the consumption information for heating and hot water during the year on the basis of actual consumption, insofar as remotely readable consumption equipment is available. The consumption information is provided to fulfill a legal obligation pursuant to Art. 6 para.1 lit. c DSGVO in the context of contract performance (Art. 6 para. 1 lit. b DSGO) and to protect our legitimate interests pursuant to Art. 6 para. 1 lit. f DSGVO to minimize the administrative burden of providing the intra-year consumption information. If the consumption data is not retrieved by the tenants via the digital solutions provided by the metering service providers, it will be sent to the tenants by post.

For the digital retrieval of consumption information, the respective metering service providers offer tenants web-based online portals and apps. The service providers and responsible parties within the meaning of Art. 4 No. 7 DSGVO are the metering service providers themselves. Further information on data protection can be found in the data protection information of the respective metering service provider. The retrieval of consumption data is always carried out via encrypted connections in accordance with the state of the art.

Data processing of contractual and business partners, external service providers, interested parties and contact persons

We process the data of our contractual partners and interested parties as well as clients, suppliers, service providers and customers in accordance with Art. 6 para. 1 lit. b. DSGVO in order to provide them with our contractual or pre-contractual services. The data processed in this context, the type, scope and purpose and the necessity of their processing, are determined by the underlying contractual relationship. The data processed includes the master data of our contractual partners (e.g. names and addresses), contact data (e.g. mail addresses and telephone numbers) as well as contractual data (e.g. services used, contract contents, contractual communication, names of contact persons) and payment data (e.g. bank details, payment history). As a matter of principle, we do not process special categories of personal data, unless these are components of a commissioned or contractual processing. We process data that are required for the justification and fulfillment of contractual services and point out the necessity of their disclosure, unless this is evident to the contractual partners. Disclosure to external persons or companies is made only if it is necessary in the context of a contract. When processing the data provided to us within the scope of an order, we act in accordance with the instructions of the client as well as the legal requirements.

In the context of the use of our online services, we may store the IP address and the time of the respective user action. The storage is based on our legitimate interests of the user to protect against misuse and other unauthorized use. As a matter of principle, this data is not passed on to third parties unless it is necessary for the prosecution of our claims pursuant to Art. 6 para. 1 lit. f. DSGVO or there is a legal obligation to do so pursuant to Art. 6 para. 1 lit. c. DSGVO.

The deletion of the data takes place when the data is no longer required for the fulfillment of contractual or legal duties of care as well as dealing with any warranty and comparable obligations. In all other respects, the statutory retention obligations apply.

Direct advertising

If we receive your e-mail address and postal address in the course of concluding a contract, we may process this data in order to inform you about our own similar product and service offers by e-mail and post from now on. If you do not wish to receive any further advertising information by e-mail or post, you can object to the use of your contact data for advertising purposes at any time with effect for the future without incurring any costs other than the transmission costs according to the basic rates. You can send your objection by mail or e-mail to the following contact addresses.

Deutsche Investment Kapitalverwaltung AG
Burchardtstrasse 24
20095 Hamburg
Telephone: +49 40 33 460 49 70
E-mail: info@deutsche-investment.com

Recipients of the data or categories of recipients

Within our organization, those entities will have access to your data that need it to fulfill contractual and legal obligations.

External service providers (order processors)

Your data is shared with service partners, e.g. IT and software service providers for maintenance and support, to assist us in providing our services.

Processing of your personal data by contracted service providers takes place within the framework of order processing pursuant to Art. 28 DSGVO.

Other service providers, partners and third parties

We may cooperate with other partners if it is necessary to fulfill our service offerings or if we are legally obligated to disclose data. These may be the following partners or third parties:

  • Credit institutions and payment service providers
  • credit agencies
  • Disclosure to public authorities or by court order
  • advertising agencies
  • Document shredding companies, logistics
  • Advice and consulting, auditors and tax consultants
  • insurance companies
  • Utilities, cable network operators
  • (Heat) metering services
  • Law firms and competent jurisdiction
  • Craft businesses, architecture offices, service companies

We make a point of processing your data within the EU. However, it may happen that we use service providers operating outside the EU. In these cases, we ensure that an adequate level of data protection is established before transferring your personal data. This means that a level of data protection comparable to the standards within the EU is achieved via EU standard contracts or an EU adequacy decision.

Origin of personal data

We process personal data that we receive in the course of our business relationship. In addition, to the extent necessary for the provision of our services and for the fulfillment of contracts, we process personal data that we have received from other companies in our group of companies or from other third parties (e.g. credit agencies) in a permissible manner (e.g. for the execution of orders, for the fulfillment of contracts or on the basis of consent given by you). In addition, we process personal data that we have permissibly obtained from publicly accessible sources (e.g. trade and association registers, press, media) and are permitted to process.

Categories of personal data

We process the following categories of personal data about you:

Personnel master data (name, address and other contact data, date of birth), if applicable order and contract data (e.g. delivery order), payment data, data from the fulfillment of our contractual obligations, advertising and sales data, documentation data (data from consulting and service discussions) and comparable data.

IV. Rights of data subjects

Rights of the data subjects

If personal data of a user is processed, he is a "data subject" in the sense of the GDPR. He or she is entitled to the following rights vis-à-vis us as the data controller:

  • Right to information
  • Right to rectification
  • Right to restriction of processing
  • Right to deletion
  • Right to information
  • Right to data portability
  • Right to object
  • Right to revoke the declaration of consent under data protection law
  • Right to complain to a data protection supervisory authority

Information, blocking, deletion and correction

Within the framework of the applicable legal provisions, you have the right at any time to free information about your stored personal data, its origin and recipient and the purpose of data processing and, if the legal requirements are met, a right to correction, blocking or deletion of this data.

Right to restriction of processing

You have the right to request the restriction of the processing of your personal data. To do this, you can contact us at any time at the address given in the imprint. The right to restriction of processing exists in the following cases:

  • If you dispute the accuracy of your personal data stored by us, we usually need time to verify this. For the duration of the review, you have the right to request the restriction of the processing of your personal data.
  • If the processing of your personal data has happened / is happening unlawfully, you can request the restriction of data processing instead of deletion.
  • If we no longer need your personal data, but you need it to exercise, defend or assert legal claims, you have the right to request the restriction of the processing of your personal data instead of erasure.
  • If you have lodged an objection pursuant to Art. 21 (1) DSGVO, a balancing of your and our interests must be carried out. As long as it has not yet been determined whose interests prevail, you have the right to request the restriction of the processing of your personal data.

If you have restricted the processing of your personal data, this data may - apart from being stored - only be processed with your consent or for the assertion, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of an important public interest of the European Union or a Member State.

Right to data portability

You have the right to have data that we process automatically on the basis of your consent or in fulfillment of a contract handed over to you or to a third party in a common, machine-readable format. If you request direct transfer of the data to another controller, this will only be done insofar as it is technically feasible.

Revocation of your consent to data processing

Many data processing operations are only possible with your express consent. You can revoke consent you have already given at any time. For this purpose, an informal communication by e-mail to us is sufficient. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

Right to object to data collection in special cases and to direct advertising (Art. 21 DSGVO).

If data processing is carried out on the basis of Art. 6(1)(e) or (f) DSGVO, you have the right to object to the processing of your personal data at any time on grounds relating to your particular situation; this also applies to profiling based on these provisions. The respective legal basis on which processing is based can be found in this privacy policy. If you object, we will no longer process your personal data concerned unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims (objection under Article 21(1) DSGVO).

If your personal data is processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling, insofar as it is related to such direct marketing. If you object, your personal data will subsequently no longer be used for the purpose of direct marketing (objection pursuant to Art. 21 (2) DSGVO).

Right of appeal to a supervisory authority

In the event of violations of the GDPR, data subjects shall have a right of appeal to a supervisory authority, in particular in the Member State of their habitual residence, their place of work or the place of the alleged violation. The right of appeal is without prejudice to other administrative or judicial remedies.

Rights in case of data processing according to the legitimate interest

Pursuant to Article 21(1) DSGVO, you have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6(1)(e) DSGVO (data processing in the public interest) or on the basis of Article 6(1)(f) DSGVO (data processing for the purposes of a legitimate interest). This also applies to profiling based on this provision. In the event of your objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

Rights in the event of direct advertising

If we process your personal data for the purpose of direct marketing, you have the right pursuant to Article 21 (2) DSGVO to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling, insofar as it is related to such direct marketing.

In the event of your objection to processing for the purpose of direct marketing, we will no longer process your personal data for these purposes. The objection can be made form-free and should preferably be addressed to:

Deutsche Investment Kapitalverwaltung AG
Burchardtstraße 24, 20095 Hamburg, phone: +49 40 33 460 49 70, e-mail: info@deutsche-investment.com

Legal or contractual requirements for the provision of personal data; necessity for the conclusion of the contract; obligation of the data subject to provide the personal data; possible consequences of failure to provide the data

We inform you that the provision of personal data is partly required by law (e.g. tax regulations) or may also result from contractual regulations (e.g. information on the contractual partner). For the conclusion of a contract it is necessary that you provide us with personal data. Without this data, we will usually have to refuse to conclude the contract or will no longer be able to perform an existing contract and may have to terminate it. If there is a legal obligation to provide the data, you are obliged to provide us with personal data. Before providing personal data by the data subject, the data subject may contact our data protection officer. Our data protection officer will inform the data subject on a case-by-case basis whether the provision of the personal data is required by law or contract or is necessary for the conclusion of the contract, whether there is an obligation to provide the personal data and what the consequences of not providing the personal data would be.

Automated decision-making, performance of profiling

For the establishment and implementation of a business relationship, we generally do not use exclusively automated decision-making within the meaning of Art. 22 DSGVO.

Objection to advertising e-mails

We hereby object to the use of contact data published within the scope of the imprint obligation to send advertising and information material that has not been expressly requested. The operators of the pages expressly reserve the right to take legal action in the event of the unsolicited sending of advertising information, such as spam e-mails.

Changes to the data protection declaration

This data protection declaration is continuously adapted in the course of the further development of the Internet or our offer. We will announce any changes on this page in good time. In order to be informed about the current status of our data usage regulations, this page should be called up regularly. (Current status: February 2022)