Privacy Policy

Last amended in July 2022

Table of content

  1. Name and address of controller
  2. Contact details of Data Protection Officer
  3. General information about data processing
  4. Rights of the data subject
  5. Provision of the website and creation of log files
  6. Use of cookies
  7. Use of WP-Statistics
  8. Email contact
  9. Contact form
  10. Hosting
  11. Vimeo Video
  12. Google Maps

I. Name and address of controller

The controller within the meaning of the General Data Protection Regulation (GDPR) and other data protection legislation is:

Kleinschmidt Immobilien GmbH & Co. KG
Sendlinger Str. 11
80331 Munich

Germany

+49 89 21 028 – 0

INFO@KLEINSCHMIDT-IMMOBILIEN.DE

https://www.kleinschmidt-immobilien.de/

II. Contact details of Data Protection Officer

The controller’s Data Protection Officer is:

DataCo GmbH
Dachauer Straße 65
80335 Munich

Germany

+49 89 7400 45840

www.dataguard.de

III. General information about data processing

1. Scope of personal data processing

As a general rule, we only process personal data concerning our users where necessary in order to provide a functional website and to provide our content and services. Personal data concerning our users will only be processed regularly if the user has given their consent. An exemption applies in such cases where it is impossible, for reasons of fact, to gain prior consent and the processing of data is necessary by law.

2. Legal basis for personal data processing

Where we obtain the consent of the data subject for processing procedures, the first sentence of Article 6(1)(a) GDPR serves as the legal basis.

When processing personal data that is necessary for the performance of a contract to which the data subject is party, the first sentence of Article 6(1)(b) GDPR serves as the legal basis. The same applies for processing procedures that are necessary in order to take steps prior to entering into a contract.

Where it is necessary to process personal data for compliance with a legal obligation to which our company is subject, the first sentence of Article 6(1)(c) GDPR serves as the legal basis.

In the event that the vital interests of the data subject or of another natural person require the processing of personal data, the first sentence of Article 6(1)(d) GDPR serves as the legal basis.

If processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party and if the aforementioned interests are not overridden by the interests or fundamental rights and freedoms of the data subject, then the first sentence of Article 6(1)(f) GDPR serves as the legal basis for processing.

3. Erasure of data and storage period

The personal data concerning the data subject will be erased or made unavailable as soon as the purpose of storage ceases to apply. Data may also be stored where provision has been made for this by European or national legislators in Union regulations, laws or other provisions to which the controller is subject. Data will also be made unavailable or erased where a storage period prescribed by the aforementioned legislation expires, unless there is a need for the further storage of the data for the purpose of entering into or performing a contract.

IV. Rights of the data subject

If personal data concerning you is processed, you are the data subject within the meaning of the GDPR and have the following rights vis-à-vis the controller:

1. Right of access

You have the right to obtain from the controller confirmation as to whether or not personal data concerning you is being processed.

If such processing is performed, you have the right to obtain from the controller the following information:

  • the purposes of the processing of personal data concerned;
  • the categories of personal data concerned;
  • the recipients or categories of recipient to whom the personal data concerning you has been or will be disclosed;
  • the envisaged period for which the personal data concerning you will be stored, or, if no specific information can be provided, the criteria used to determine that period;
  • the existence of the right to request from the controller rectification or erasure of personal data concerning you, the right to restrict processing of personal data concerning you or to object to such processing;
  • the right to lodge a complaint with a supervisory authority;
  • where the personal data is not collected from the data subject, any available information as to its source;
  • the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

You have the right to obtain information as to whether personal data concerning you is transferred to a third country or to an international organisation. In this context, you have the right to be informed of the appropriate safeguards pursuant to Article 46 GDPR relating to the transfer.

2. Right to rectification

Where processed personal data concerning you is inaccurate or incomplete, you have the right to obtain from the controller the rectification of such inaccurate data and/or the right to have such incomplete personal data completed. The controller shall rectify the data without undue delay.

3. Right to restriction of processing

You have the right to obtain restriction of the processing of personal data concerning you under the following conditions:

  • where you contest the accuracy of the personal data concerning you for a period enabling the controller to verify the accuracy of the personal data;
  • where the processing is unlawful and you oppose the erasure of the personal data and request the restriction of its use instead;
  • where the controller no longer needs the personal data for the purposes of processing, but you require it for the establishment, exercise or defence of legal claims; or
  • where you have objected to processing pursuant to Article 21(1) GDPR pending the verification whether the legitimate grounds of the controller override your grounds.

Where the processing of personal data concerning you has been restricted, such data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

Where processing has been restricted under the aforementioned conditions, you shall be informed by the controller before the restriction of processing is lifted.

4. Right to erasure
a) Obligation to delete data

You have the right to obtain from the controller the erasure of personal data concerning you without undue delay and the controller shall have the obligation to erase such data without undue delay where one of the following grounds applies:

  • The personal data concerning you is no longer necessary in relation to the purposes for which it was collected or otherwise processed.
  • You withdraw consent on which the processing is based according to the first sentence of point (a) of Article 6(1), or point (a) of Article 9(2) GDPR, and where there is no other legal ground for the processing.
  • You object to the processing pursuant to Article 21(1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2) GDPR.
  • The personal data concerning you has been unlawfully processed.
  • The personal data concerning you has to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.
  • The personal data concerning you has been collected in relation to the offer of information society services referred to in Article 8(1) GDPR.

b) Information to third parties

Where the controller has made the personal data concerning you public and is obliged pursuant to Article 17(1) GDPR to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you, as the data subject, have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.

c) Exceptions

There shall be no right to erasure to the extent that processing is necessary:

  • for exercising the right of freedom of expression and information;
  • for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
  • for reasons of public interest in the area of public health in accordance with points (h) and (i) of Article 9(2) as well as Article 9(3) GDPR;
  • for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) GDPR in so far as the right referred to in section (a) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
  • for the establishment, exercise or defence of legal claims.

5. Right to information

If you have exercised your right to the rectification, erasure or restriction of processing vis-à-vis the controller, the latter is obliged to communicate such rectification or erasure of personal data or restriction of processing to each recipient to whom the personal data concerning you has been disclosed, unless this proves impossible or involves disproportionate effort.

You have the right to request the controller to inform you about those recipients.

6. Right to data portability

You have the right to receive the personal data concerning you, which you have provided to a controller, in a structured, commonly used and machine-readable format. You also have the right to transmit that data to another controller without hindrance from the controller to which the personal data has been provided, where:

  • the processing is based on consent pursuant to the first sentence of Article 6(1)(a) GDPR or point (a) of Article 9(2) GDPR or on a contract pursuant to the first sentence of Article 6(1)(b) GDPR; and
  • the processing is carried out by automated means.

In exercising this right, you also have the right to have the personal data concerning you transmitted directly from one controller to another, where technically feasible. The freedoms and rights of others may not be adversely affected by this.

The right to data portability does not apply to the processing of personal data that is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

7. Right to object

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on the first sentence of Article 6(1)(e) or (f) GDPR, including profiling based on those provisions.

The controller shall no longer process the personal data concerning you unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

Where personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.

Where you object to processing for direct marketing purposes, the personal data concerning you shall no longer be processed for such purposes.

In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you have the possibility to exercise your right to object by automated means using technical specifications.

8. Right to withdraw declaration of consent under data protection law

You have the right to withdraw your declaration of consent under data protection law at any time. By withdrawing consent, the legitimacy of processing that took place on the basis of consent until its withdrawal is not affected.

9. Automated individual decision-making, including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This shall not apply if the decision

  • is necessary for entering into, or performance of, a contract between you and the data controller;
  • is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and your legitimate interests; or
  • is based on your explicit consent.

However, these decisions shall not be based on special categories of personal data referred to in Article 9(1) GDPR, unless point (a) or (b) of Article 9(2) GDPR applies and suitable measures to safeguard your rights and freedoms and legitimate interests are in place.

With regard to the cases referred to in 1. and 3., the controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express your point of view and to contest the decision.

10. Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data concerning you infringes the GDPR.

The supervisory authority with which the complaint has been lodged will inform the complainant on the progress and the outcome of the complaint, including the possibility of a judicial remedy pursuant to Article 78 GDPR.

V. Provision of the website and creation of log files

1. Description and scope of data processing

Every time our website is visited, our system automatically collects data and information from the computer system of the requesting computer.

The following data is collected:

  • Information about the browser type and version used
  • The user’s operating system
  • The user’s internet service provider
  • The user’s IP address
  • The date and time of access
  • Websites from which the user’s system accessed our website

This data will be stored in our system’s log files. It will not be stored together with other personal data concerning the user.

2. Purpose of data processing

The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user’s computer. For this purpose, the user’s IP address must be stored for the duration of the session.

Data is stored in log files in order to ensure the functionality of the website. In addition, the data serves the purpose of optimising the website and of preserving the security of our IT systems. An evaluation of the data for marketing purposes does not take place in this context.

These purposes also constitute our legitimate interest in the processing of data in accordance with the first sentence of Article 6(1)(f) GDPR.

3. Legal basis for data processing

The legal basis for the temporary storage of data and log files is the first sentence of Article 6(1)(f) GDPR.

4. Duration of storage

Data will be deleted as soon as it is no longer necessary for the purpose for which it was collected. In the case of the collection of data for the provision of the website, this occurs at the end of the session.

In the case of the storage of data in log files, data is deleted after seven days at the latest. Data may be stored for a longer period. In this case, users’ IP addresses are deleted or alienated so that it is no longer possible to assign them to the calling client.

5. Possibility of objection and removal

The collection of data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. Consequently, the user is unable to object to this.

VI. Use of cookies

1. Description and scope of data processing

Our website uses cookies. Cookies are text files that are stored in the internet browser or by the internet browser on the user’s computer system. When a user requests a website, a cookie can be stored on the user’s operating system. This cookie contains a characteristic string that enables the browser to be uniquely identified when the user next visits the website.

We use cookies to make our website more user-friendly. Some elements of our website require that the requesting browser can also be identified after changing to a different website.

In the process, the cookies store and transmit the following data:

  • Language settings
  • Consent to the use of the Cookie Consent Manager
  • Google cookies, when the contact page in which Google Maps is integrated is requested

The user data collected in this way is pseudonymised by technical measures. Consequently, it is no longer possible to assign the data to the calling user. The data will not be stored together with other personal data concerning the user.

2. Purpose of data processing

The purpose of using essential cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For such functions, the browser must be recognisable even after changing pages.

We need cookies for the following applications:

  • Copy language settings
  • Consent to the use of the Cookie Consent Manager

The user data collected by essential cookies will not be used to create user profiles.

3. Legal basis for data processing

The legal basis for processing personal data, involving the use of essential cookies, is the first sentence of Article 6(1)(f) GDPR.

4. Duration of storage, possibility of objection and removal

Cookies are stored on the user’s computer and transmitted from there to our website. As the user, you therefore have full control over the use of cookies. By changing the settings in your internet browser, you can disable or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also take place automatically. If cookies are disabled for our website, you may not be able to use the full functionality of the website.

If you use the Safari browser version 12.1 or higher, cookies are automatically deleted after seven days. This also applies to opt-out cookies, which are set to prevent tracking measures.

VII. Use of WP-Statistics

1. Scope of personal data processing We use the WordPress plugin WP-Statistics by VeronaLabs OÜ, Tatari 64, 10134 Tallinn, Estonia (hereinafter: VeronaLabs) for the statistical analysis of our online presence. In the process, personal data is stored and evaluated, and especially the user’s activity (in particular, which pages have been visited and which elements have been clicked on) as well as device and browser information (in particular, the IP address and the operating system). The data is stored on our server and is not transferred abroad. 2. Purpose of data processing The purpose of using the WP-Statistics plugin is to improve the usability of our online presence. We use this plug-in for the statistical analysis of our online presence. 3. Legal basis for personal data processing The legal basis for the processing of the user’s personal data in this case is the user’s own legitimate interest, which in this case does not conflict with the user’s interests and need for protection (Art. 6 Para. 1 lit. f GDPR). Because the data is collected for purely statistical purposes, Art. 89 GDPR and Section 27 (2) BDSG still apply. 4. Categories of data Data of the following categories is collected:
  • IP address (anonymized),
  • Referrer website,
  • Operating system used,
  • Browser used,
  • Search engine used
5. Duration of retention Data is stored for a maximum of 6 months. 6. Possibility of withdrawal and removal You have the right to revoke your data protection declaration of consent to data collection at any time. The revocation of consent does not affect the lawfulness of the processing carried out based on the consent before its revocation. You can prevent the collection and processing of your personal data by WP Statistics by preventing the storage of third-party cookies on your computer, blocking the corresponding cookie in our cookie banner, using the “Do Not Track” function of a supporting browser, disable the execution of script code in your browser or install and use a script blocker in your browser.

VIII. Email contact

1. Description and scope of data processing

Our website allows users to contact us via the email address provided. In this case, the user’s personal data transmitted with the email will be stored.

The data will be used exclusively for processing the conversation.

2. Purpose of data processing

In the case of contacting us by email, this also constitutes the necessary legitimate interest in processing the data.

3. Legal basis for data processing

The legal basis for processing data transmitted by email is Article 6(1)(f) GDPR. If the aim of the contact by email is to conclude a contract, the additional legal basis for processing is Article 6(1)(b) GDPR.

4. Duration of storage

Data will be deleted as soon as it is no longer necessary for the purpose for which it was collected. For personal data sent by email, this is the case when the relevant conversation with the user has ended. The conversation has ended when it can be inferred from the circumstances that the issue in question has been finally clarified.

5. Possibility of objection and removal

The user may withdraw their consent to the processing of personal data at any time. If the user contacts us by email, they can object to the storage of personal data concerning them at any time. In such a case, the conversation cannot be continued.

In this case, all personal data stored as a result of the contact will be deleted.

IX. Contact form

1. Description and scope of data processing

Our website contains a contact form that can be used to establish contact electronically. If a user uses this option, the data entered in the input mask will be transmitted to us and saved.

When sending the message, the following data will be stored:

  • Email address
  • IP address of the requesting computer
  • Name
  • Message

As part of the sending process, your consent will be obtained for the processing of your data and reference will be made to this Privacy Policy.

Alternatively, you can contact us via the email address provided. In this case, the user’s personal data transmitted with the email will be stored.

The data will be used exclusively for processing the conversation.

2. Purpose of data processing

Personal data obtained from the input mask is processed solely for the purpose of processing the contact request. In the case of contacting us by email, this also constitutes the necessary legitimate interest in processing the data.

The purpose of any other personal data processed during the sending process is to prevent misuse of the contact form and to ensure the security of our IT systems.

3. Legal basis for data processing

If the user’s consent has been given, the legal basis for processing data is the first sentence of Article 6(1)(a) GDPR.

The legal basis for processing data sent by email is the first sentence of Article 6(1)(f) GDPR. If the aim of the contact by email is to conclude a contract, the additional legal basis for processing is the first sentence of Article 6(1)(b) GDPR.

4. Duration of storage

Data will be deleted as soon as it is no longer necessary for the purpose for which it was collected. For personal data obtained from the input mask and for such data sent by email, this is the case when the relevant conversation with the user has ended. The conversation has ended when it can be inferred from the circumstances that the issue in question has been finally clarified.

To ensure that the information sent is not lost in the event of email communication being disrupted, it will additionally be stored on the server for no longer than seven days.

5. Possibility of objection and removal

The user may withdraw their consent to the processing of personal data at any time. If the user contacts us by email, they can object to the storage of personal data concerning them at any time. In such a case, the conversation cannot be continued.

In this case, all personal data stored as a result of the contact will be deleted.

X. Hosting

The website is hosted on servers managed by a service provider commissioned by us.

Our service provider is:

Wiethe Content GmbH
Hermann-Müller-Str. 12
49124 Georgsmarienhütte
Germany

The servers automatically collect and store information in “server log files”, which your browser automatically transmits when you visit the website. The following information is stored:

  • Browser type and browser version
  • Operating system used
  • Referrer URL
  • Host name of the accessing computer
  • Date and time of the server request
  • IP adress

This data will not be combined with data from other sources. The legal basis for collecting this data is Article 6(1)(f) GDPR. The website operator has a legitimate interest in ensuring and optimised website that can be presented free of technical errors, which is why server log files are recorded.

The geographical location of the website’s server is in Germany.

XI. Vimeo Video

a) Purpose of the collection and use of data

We embed videos provided by the Vimeo service into our website. Vimeo is a company based on the US. Google Analytics is embedded in these videos. Tracking is done by Vimeo. We have no influence on this. Vimeo also uses tracking pixels (web beacons) for embedded videos. The Vimeo privacy policy contains information about how you can influence Vimeo tracking yourself.

Content of third-party providers is embedded in this website. Such content is provided by Vimeo LLC. Vimeo is operated by Vimeo LLC, 555 West 18th Street, New York 10011, USA (“Vimeo”). The Google Analytics tracking tool is automatically integrated into Vimeo videos embedded on our website. We have no influence on the tracking settings and on the results of the analysis, and cannot view them. In addition, by embedding Vimeo videos, web beacons are set for website users. The purpose and scope of data collection and the further processing and use of the data by the provider and your rights and setting options for the protection of your privacy can be found in the privacy policy of Vimeo (https://vimeo.com/privacy).

b) Duration of storage

The data is stored by Vimeo. Consequently, Vimeo also governs the storage period.

The storage period is determined by Vimeo specifications.

c) Legal basis

The General Data Protection Regulation allows us to undertake this type of marketing.

The purpose of embedding videos is to safeguard our legitimate prevailing interests in the optimal marketing of our services in accordance with the first sentence of Article 6(1)(f) GDPR, to which we are entitled in the context of balancing interests.

d) Possibility of objection and removal

You can prevent cookies from being set on your browser/device. But it could be that some convenient functionalities will then no longer work.

You can also make a setting on the Vimeo page concerning cookies, which prevents Vimeo from setting cookies.

To stop Vimeo cookies from being set, you can prevent cookies from being saved by changing the appropriate setting in your browser software; we point out, however, that this may mean that you will not be able to use the full functionality of this website. You can also disable the setting of cookies by Vimeo on Vimeo’s “Cookie Policy” page.

XII. Google Maps

Google Maps displays maps on the website as an iframe or directly embedded in the website via JavaScript. No cookies are set on the user’s client device in the technical sense, but technical and personal data such as the IP address are transmitted from the client to the service provider’s server to enable the use of the service. Please refer to the provider’s Privacy Policy here.
This Privacy Policy was created with the help of DataGuard.
Cookie Consent with Real Cookie Banner