a) "Personal data" means any information relating to an identified or identifiable natural person (hereinafter referred to as the "data subject"). Identifiable refers to a person who can be identified directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
b) The "data subject" is any identified or identifiable natural person whose personal data are processed by the data controller.
c) "Processing" is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
d) The "data controller or the person responsible for processing" means the natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are laid down by Union law or by the law of the Member States, the controller or controllers may be designated in accordance with Union law or with the law of the Member States on the basis of certain criteria.
e) An "order processor" is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller
f) "Consent" of the data subject is any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
Below we have compiled the most important information for you about the typical individual data processing for groups of data subjects:
1. 1. Visiting our website
In principle, you can visit the SorgerTec Hausverwaltung AG website without us knowing who you are. We only learn the name of your Internet service provider, the website from which you visit us, and the websites you visit through our website, as well as the date and time of accessing our website. This information will be used for statistical purposes and subsequently deleted. As an individual user, you will remain anonymous as we are unable to assign these data to a specific individual.
However, if a data subject makes use of specific services of our company via our website, processing of personal data may become necessary. The processing of your personal data, such as your name, address, email address or telephone number, is carried out for the purpose of presenting our company on the Internet and for communicating with applicants, interested parties, tenants and business partners. The legal basis of the processing is based on our legitimate interest in a needs-based design of our website in accordance with Article 6 para. 1 lit. f) GDPR. If the processing of personal data is necessary and there is no legal basis for such processing, you must consent to us processing your data as a general rule.
Cookies contain a cookie ID. This is a unique identifier for the cookie, through which internet pages and servers can be assigned to the specific Internet browser. This allows Internet sites and servers that have been visited to distinguish the individual's browser from other Internet browsers that contain other cookies. A particular Internet browser can be recognised and identified by the unique cookie ID.
Cookies enable us to recognise the users of our website and make their use easier. You will not have to re-enter your access data each time you visit our website because this is assumed by the cookies that have been stored.
You can deactivate cookie storage or set your browser so that it notifies you when cookies are sent.
Our website uses social plugins ("plugins") from social networks. In order to increase the protection of your data when visiting our website, these plugins are not unrestricted, but are merely integrated into the site using an HTML link. This integration ensures that no connection to the servers of the provider of the respective social network is established when you access a page of our website that contains such plugins. If you click on one of the buttons, a new window of your browser will open and access the page of the respective service provider. As long as you don't press the link to share content, you will at least remain invisible to Facebook & Co.
For the purpose and scope of data collection and further processing and use of data by the providers, as well as your rights and settings options for protecting your privacy, please see the privacy policies of the providers. https://www.google.com/intl/en/policies/privacy/ http://www.facebook.com/policy.php https://twitter.com/privacy http://www.google.com/intl/en/+/policy/+1button.html
You can register on our website by entering your personal data. The registration and use of our online customer portal requires the provision of personal data. The respective input form determines which personal data are transmitted to us. These data are collected and stored solely for internal use. By registering on our website, the IP address assigned by the Internet service provider (ISP), the date and time of registration are also stored. Data are stored in order to prevent the misuse of our services. These data enable us to investigate past offences and copyright infringements, where necessary. These data will not be passed onto third parties unless we are legally obliged to do so or for the purpose of the criminal or legal prosecution.
These data are processed on the basis of Art. 6 para. 1 clause 1 lit. b) and lit. f) GDPR. If you provide voluntary information during registration, you consent to the processing of these data by us. The processing of your voluntary data is based on your consent under Art. 6 para. 1 clause 1 lit. a) GDPR.
We collect and process the personal data of our clients or contractual partners solely for the purpose of initiating, preparing and executing contracts or other obligations.
The legal basis for the processing in the case of contracts, contract initiations or other obligations is Article 6 para. 1 lit. b) GDPR. In the examination, enforcement or rejection of claims, the legal basis of Article 6 para. 1 lit. f) GDPR a legitimate interest in the enforcement or defence of claims.
Recipients of data may be courts, regulators or lawyers, to the extent permitted or required by law. Contact details and contractual data can be transmitted to other service providers and business partners, as well as offices and authorities, insofar as this is necessary for the execution or initiation of the contract or other obligations.
We process the personal data of tenants solely for the fulfilment of the contractual obligations arising from rental agreements in accordance with Art. 6 para. 1 lit. b) GDPR. Those of our employees who need it to fulfil their contractual obligations have access to the data.
In exceptional cases, data will also be transmitted to third parties. The recipient of such data may be banks for the purpose of settling payments and craft enterprises for the purpose of executing repair work. When moving in, your data (name, address) will be sent to the local basic utilities provider. Authorities and offices can be recipients within the scope of their responsibilities, insofar as we are obliged or authorised to transmit data. In addition, data may be transmitted to lawyers and courts in individual cases. If a crime is suspected or in the context of investigative proceedings, data may be transmitted to the police and public prosecutor. We also use service providers as a means of order processing in the provision of services, in particular for reading or taking meter readings for the service charge settlement.
As an existing tenant, you can report a defect in your home or a damage to the building which you inhabit, on our defect form on our homepage, by phone or by email. In the event of repair or damage, we may commission external service providers (such as craftsmen) to carry out the repairs and rectify the damage. As part of this, we will process your personal data for the execution of the rental agreement on the basis of Art. 6 para. 1 p. 1 lit. b) GDPR and on the basis of our legal obligation to maintain the rental property in accordance with Art. 6 para. 1 clause 1 c) GDPR.
In the event of damage covered by insurance, we will process your personal data to settle the damage with the insurance provider. The data for the implementation of the rental agreement are processed on the basis of Art. 6 para. 1 clause 1 lit. b) GDPR and on the basis of our legitimate interest in asserting and/or enforcing legal claims, on the basis of Art. 6 para. 1 clause 1 lit. f) GDPR.
You can give us a SEPA direct debit mandate to pay your rent and utility bills and authorise us to collect your payments. As part of this, we will process your personal data in order to execute the rental agreement with you and to settle the payment obligations arising therefrom on the basis of Art. 6 para. 1 clause 1 lit. b) GDPR. We transfer your personal data to banks in order to collect the payment of your rent, including the incidental charges for your utility bills. Your data is transferred in order to execute your rental agreement with us on the basis of Art. 6 para. 1 clause 1 lit. b) GDPR.
As soon as you move into your rented apartment, we are legally obliged to confirm your move to the registration office. For this purpose, we will provide you a landlord's certificate for submission to the registration office. As part of this, we process your personal data.
If you would like to sublet your property as a tenant, you can submit an application to us. We will process your personal data and the personal data of the potential subtenant on the basis of Art. 6 para. 1 p. 1 lit. b) GDPR, in order to process your application and based on our legitimate interest in identifying the possible subtenant within the framework of our consent to subletting, on the basis of Art. 6 para. 1 clause 1 lit. f) GDPR.
To carry out repairs in your home, it may be necessary for us and, for example, craftsmen commissioned by us, to have access to the property. If necessary, we will contact you and ask you to provide us with the contact details of your subtenant. In doing so, we process your personal data and the data of your subtenant in order to fulfil our obligations arising from the tenancy and to maintain the apartment on the basis of Art. 6 para. 1 clause 1 lit. b) GDPR.
We process the personal data of prospective tenants for the purpose of entering into a rental agreement. The legal basis for processing this data is Art. 6 para. 1 lit. b) of the GDPR. The legal basis for using your contact data for sending information about the desired rental property is your consent in accordance with Article 6 para. 1 lit. a) GDPR. We may transfer your personal information to external real estate agents for the purposes of viewing the property. The transfer of these data serves the purpose of being able to carry out your property-viewing appointment and for the initiation of the contract with you on the basis of Art. 6 para. 1 clause 1 lit. b) GDPR.
We also provide real estate agency services to prospective buyers. If you are interested, you can contact our sales department by phone or by email. You may request a specific property or to submit your interest profile to us for a general request. We process your personal data in order to respond to your request and to provide real estate agency services. If you decide to purchase a property, we will process your personal data in order to prepare and conclude your purchase contract. Your data are processed in order to initiate and possibly conclude a purchase agreement with you on the basis of Art. 6 para. 1 p. 1 lit. b) GDPR, as well as on the basis of our legitimate interest in responding to your requests on the basis of Art. 6 para. 1 clause 1 lit. f) GDPR. Your data may be transmitted to other service providers, business partners and offices and authorities, if this is necessary for the conclusion or execution of the purchase contract.
We process the personal data of our employees solely for the fulfilment of the contractual obligations arising from employment relationships in accordance with Art. 6 para. lit b) GDPR. Data will also be transmitted to third parties. Recipients of these data can be offices and authorities in the context of their legal tasks, as well as banks, insurance companies, professional associations and consultants.
We collect and process personal data of applicants for the purpose of processing an application. Data are processed electronically, provided that you send us the corresponding application documents by electronic means, for example by email. If we conclude an employment contract with you, we store the data transmitted for the purpose of conducting the employment relationship in compliance with the statutory provisions. If no employment contract is concluded, the application documents will automatically be deleted six months after notification of that decision, provided that deleting the documents does not conflict with any other legitimate interests.
Minors should only submit data to us with the consent of their guardians. We do not knowingly ask minors to provide such information, nor do we knowingly save it.
We only process and store your personal data for the period required to achieve the purpose of the storage or as provided by law. If the purpose of the storage no longer applies or if the legally prescribed retention period has expired, your personal data will be routinely blocked or deleted in accordance with the statutory provisions.
a) The right to information according to Art. 15 GDPR gives the data subject the right to request confirmation from the data controller as to whether personal data concerning him is being processed; if this is the case, he shall have a right of access to such personal data and to the following information.
b) The right to data correction according to Art. 16 DSGVO gives every data subject the right to request that the data controller immediately corrects inaccurate personal data concerning him. Taking into account the purposes of the processing, the data subject has the right to request the completion of incomplete personal data, including by means of a supplementary declaration.
c) The right to erasure according to Art. 17 GDPR gives every data subject the right to request the data controller to delete the personal data concerning them immediately, and the data controller is obliged to delete personal data immediately.
d) The right to restriction of processing according to Art. 18 GDPR gives every data subject the right to request the data controller to restrict the processing of his data.
e) Under the notification obligation according to Art. 19 GDPR, the data controller shall notify all recipients whose personal data has been disclosed of any rectification or erasure of personal data or of any restriction of processing under Art. 16, 17 para. 1 and 18 of the GDPR, unless this proves impossible or involves a disproportionate effort. The data controller will inform the data subject about these recipients if the data subject requests it.
f) The right to data portability according to Art. 20 GDPR gives the data subject the right to receive the personal data concerning him which he has provided to a data controller in a structured, current, and machine-readable format, and to transmit these data to another data controller without interference by the data controller to whom the personal data has been provided.
g) The right to object to data collection according to Art. 21 GDPR gives the data subject the right to object at any time to the processing of personal data relating to him on the basis of Art. 6 para. 1 letters e or f for reasons arising from his particular situation, including profiling based on those provisions. The data controller will no longer process the personal data unless he can demonstrate compelling legitimate grounds for processing which outweigh the interests, rights and freedoms of the data subject, or the processing is for the purpose of enforcing, pursuing or defending legal claims.
h) The automated decision according to Art. 22 GDPR gives every data subject the right not to be subjected to a decision based solely on automated processing – including profiling – that has legal bearing on him or that significantly affects him in a similar manner.
i) The right to restrictions according to Art. 23 GDPR means that the data controller or processor may, by virtue of Union or Member State legislation to which they are subject, be subject to the obligations and rights set out in Articles 12 to 22 and Articles 34 and 5, insofar as the latter provide for the rights provided for in Articles 12 to 22 and obligations are limited by legislative measures, provided that such a restriction respects the essence of fundamental rights and freedoms, and insofar as it is a necessary and proportionate measure in a democratic society.
Version: March 2019