We are pleased that you are visiting our website and about your interest in our company and our products and services.
We consider data protection to be a client-orientated quality feature. The protection of your personal data is very important to us, especially in terms of protecting your right to privacy. If you provide us with your personal data, we will treat this with customary banking diligence and in accordance with the provisions of applicable data protection law.
We would like to inform you here about the types of personal data concerning you that we collect when you visit our website and the purposes for which we collect this information.
The entity responsible for the lawful processing of your data is Union Investment Real Estate GmbH, Valentinskamp 70 / EMPORIO, D-20355 Hamburg.
1 Data you transfer to us
During your visit to our website, we process information such as your IP address and browser data to ensure the security and stability of the system. The legal basis for processing this data is Article 6(1)(f) of the GDPR.
Data that you send to us via a contact form will be forwarded to the Union Investment Group company responsible for using the data, where it will be processed.
We or the Union Investment Group company responsible for responding to your request only use this data to answer your questions or fulfil your request for information, and to provide you with your desired information using, where necessary, a dispatch service provider which is bound by an obligation of confidentiality. Your data will not be disclosed to third parties. The legal grounds for processing the data described above are provided in Article 6(1)(b) and (f) of the GDPR.
The protection of your personal data is very important to us. For this reason, technical and organisational measures are taken to provide appropriate safeguards for the data and around the editing of the content. Your data will be stored on specially protected computers. Reading and further processing of your data is, firstly, subject to strict internal regulations and, secondly, is only carried out for the purpose for which you have given it to us.
If we offer a newsletter on our website and you wish to receive the newsletter, we need an e-mail address from you, together with information that allows us to verify that you are the owner of the specified e-mail address. We, or our carefully selected service providers, use this data solely for sending out the newsletter. The legal basis for passing on personal data in this context is Article 28 of the GDPR.
The legal basis for processing the data described above is your consent in accordance with GDPR Article 6(1)(a).
You can, at any time, withdraw the consent you have given to have your data stored and used to send the newsletter. You can send your withdrawal of consent to our customer service team at email@example.com.
3 Cookies and web analysis tools
You can disable or restrict the transfer of cookies by changing the settings in your Internet browser. You can delete stored cookies at any time. This process can also be automated. If cookies are deactivated for our website, you may not be able to use the full functionality of the website.
To enable you to manage your consents yourself on our website, we use a consent management service provided by Usercentrics GmbH, Sendlingerstr. 7, 80331 Munich. Usercentrics GmbH is the recipient of your data within the meaning of Article 13(1)(e) of the GDPR. Consent data includes the following: date and time of visit, consent or rejection, and device information.
The data is processed for the purpose of complying with statutory requirements and the associated documentation or obligation to provide evidence of consents (Article 7(1) of the GDPR) and thus on the basis of Article 6(1)(c) of the GDPR.
Local storage is used to store data. Consent data is stored for 3 years in the European Union. Further information on the data collected and options for getting in touch are available directly at Usercentrics under https://usercentrics.com/privacy-policy/.
To collect statistical data regarding the usage of our Web offering and to optimise our offering based on that data, we use services provided by Webtrekk GmbH (‘Webtrekk’), Robert-Koch-Platz 4, 10115 Berlin. Webtrekk has been certified by TÜV Saarland for data protection in the category Web Controlling Software.
Using this Webtrekk technology, a ‘pixel’ collects and stores data for optimisation purposes. Your anonymised IP address, date and time of visit, device information, referrer URL and browser information are processed. Usage profiles are generated from this data under a pseudonym. Cookies may also be used for this, though they only collect and store data using pseudonyms. You have the option of configuring your browser to inform you as soon as cookies are about to be saved so that you can reject them, if desired.
By default, we only allow cookies that last a maximum of six months.
Please note that Webtrekk may transfer data to a third country that does not provide an appropriate level of data protection that is comparable to the requirements of the GDPR. If the data is transferred to the USA, there is the risk that your data may be processed by US authorities for control and monitoring purposes, possibly without you being entitled to any legal remedies.
The legal basis for processing the data is Article 6(1)(a) of the GDPR. You have the right to withdraw your consent at any time.
3.3 Microsoft Dynamics CRM
We use Microsoft Dynamics 365 Marketing forms on our website. These allow us to transfer data input from the website directly into our CRM system. When you submit a form, Dynamics 365 Marketing correlates the cookie ID with the incoming contact data. In this way the cookie ID becomes mapped to a Dynamics 365 Marketing contact ID. This allows us to determine which browser the user was using when completing the registration form. This data is used to analyse how users access the form pages on our website and to provide you with a personalised experience.
If these cookies are not used, it would not be possible to access the registration forms and thus to register for our marketing mailings. Likewise, existing data could not be processed in the subscription centre (management of newsletter subscriptions or updating of personal data).
4 Disclosure of your data to third parties
For certain technical processes associated with the processing of data, we draw on the support of external service providers. We select these service providers carefully and they meet high standards for data privacy and security. They are bound to strict secrecy and process data only when we contract them and in accordance with our instructions. The legal basis for passing on personal data in this context is Article 28 of the GDPR. With the exception of the situations explained in this privacy notice, we only disclose your data to third parties without your explicit consent when we are required to do so by law or by order of a public authority or court.
5 Duration of storage
Your personal data will be erased when it is no longer required for the specified purposes and legal retention periods have expired.
6 Social media
Privacy provisions for the use of Facebook
The data controller has integrated components from Facebook into this website. Facebook is a social network.
The company operating Facebook is Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, United States. Their controller for the processing of personal data concerning persons (‘data subjects’) living outside of the United States or Canada is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Central Harbour, Dublin 2, Ireland.
Every time an individual page is visited on this website, the latter being operated by the controller and featuring an integrated Facebook component (Facebook plug-in), the relevant Facebook component automatically causes the Web browser on the data subject’s information technology system to download a rendering of the corresponding Facebook component from Facebook. An overview of all Facebook plug-ins can be found at https://developers.facebook.com/docs/plugins/?locale=en_UK. This technological process involves Facebook receiving knowledge of the particular sub-site on our website that the data subject is visiting.
The data policy published by Facebook can be seen by clicking this link: https://www.facebook.com/about/privacy/. The policy provides information about Facebook’s collection, processing and usage of personal data. Furthermore, it explains the settings that Facebook offers to protect the privacy of data subjects. Additionally, there are various applications available that make it possible to stop data from being transferred to Facebook. Data subjects can use these applications to prevent data from being transferred to Facebook.
Sharing on Facebook, LinkedIn, Twitter, WhatsApp or Xing
The content on our website can be shared on social networks such as Facebook (based in Menlo Park, California, United States), LinkedIn (based in Mountain View, California, United States), Twitter (based in San Francisco, California, United States), WhatsApp (based in Mountain View, California, United States) or Xing (based in Hamburg, Germany). If you click on the share function for one of the services listed above, your browser will establish a direct connection to the servers of Facebook, LinkedIn, Twitter, WhatsApp or Xing. The text and URL being shared are transferred through this connection. Following this, Facebook and Twitter also extract the metadata from the website being shared (text, description, image). If you are logged in to one of the social networks, a window will appear when using the share function for Facebook, LinkedIn, Twitter, WhatsApp or Xing where you will be able to edit the text before posting it.
7 Rights regarding stored personal data
In accordance with Article 15 of the GDPR, you have the right to request information on the personal data stored about you. If you discover that your stored personal data is inaccurate or incomplete, you have the right at any time to obtain rectification of inaccurate data or completion of incomplete data without undue delay in accordance with Article 16 of the GDPR. Under the conditions set out in Article 17(1) and Article 18(1) of the GDPR, you also have the right to obtain the erasure or restriction of processing of personal data.
If your data has been processed on the basis of consent (Article 6, Section 1(a), GDPR) or a contract (Article 6, Section 1(b), GDPR), you have the right according to Article 20 of the GDPR to receive the data you provided in a structured, commonly used and machine-readable format and to have this data transmitted to a third party. If you have given your consent (Article (6)(1)(a) of the GDPR), you have the right to withdraw your consent at any time. If your data was processed on the basis of a legitimate interest (Article 6 (1)(f) of the GDPR), you have the right to object at any time according to Article 21 of the GDPR.
If you have complaints about the use of data, you can also contact the competent supervisory authority.
We reserve the right to update or supplement this policy as necessary (if new products and services are offered by the respective companies of the Union Investment Group or if there are further developments to Internet and IT security technology). Any amendments will be published on this page.