Privacy policy
General Data Protection Policy
General data protection provisions for the use of <your platform name> and the connected partner websites—version: January 2021.
Security and Anonymity
The portal <your platform name> (hereinafter referred to as the Operator or Platform) handles the topic of security with the utmost responsibility. The Operator makes every effort to protect data entrusted to it by its customers against unauthorized access.
To protect your data to the best extent possible, our website uses the SSL (Secure Socket Layer) procedure in connection with the highest level of encryption supported by your browser. You can tell by the unbroken key or closed lock icon in the status bar of your browser whether an individual page of our Internet website is transmitted in an encrypted manner. Apart from that, we make use of suitable technical and organizational security measures to protect your data against manipulation, loss, destruction, or unauthorized access by third parties.
Controller for Data Processing
<your company name>
<your company address>
<your company phone>
<your company email>
Data Protection Provisions
3.1 Collection, Processing, and Use of Personal Data during Visits to our Website
Each time the Operator’s services are accessed, usage data are transmitted by the respective internet browser and stored in server log files. These data include the following:
General data protection provisions for the use of <your platform name> and the connected partner websites—version: January 2021.
Security and Anonymity
The portal <your platform name> (hereinafter referred to as the Operator or Platform) handles the topic of security with the utmost responsibility. The Operator makes every effort to protect data entrusted to it by its customers against unauthorized access.
To protect your data to the best extent possible, our website uses the SSL (Secure Socket Layer) procedure in connection with the highest level of encryption supported by your browser. You can tell by the unbroken key or closed lock icon in the status bar of your browser whether an individual page of our Internet website is transmitted in an encrypted manner. Apart from that, we make use of suitable technical and organizational security measures to protect your data against manipulation, loss, destruction, or unauthorized access by third parties.
Controller for Data Processing
<your company name>
<your company address>
<your company phone>
<your company email>
Data Protection Provisions
3.1 Collection, Processing, and Use of Personal Data during Visits to our Website
Each time the Operator’s services are accessed, usage data are transmitted by the respective internet browser and stored in server log files. These data include the following:
- IP address (internet protocol address) of the accessing computer
- User ID on the platform
- Name of the visited page
- Date and time of visit
- The referrer URL (originating URL) from which the user came to the visited page
- Amount of data transferred
- Status report on whether the visit to the page was successful
- Session ID number
The so-called login records store the following usage data each time the customer logs into the network:
- Date and time of login
- User ID on the platform
- IP address (internet protocol address)
- Number of session cookies
- Session ID number
The legal basis for this processing is Art. 6 (1) (1) (f) GDPR. Our legitimate interest is to provide a functional website with correctly delivered content, to optimize our systems, and to provide law enforcement authorities with the information required for prosecution in the event of a cyberattack. As soon as there is no longer a legitimate interest and there is no legal obligation to retain these data, they are routinely erased.
3.2 Collection, Processing, and Use of Personal Data upon Conclusion of a Brokerage Contract by the User
In order for the Operator to provide the services described in more detail in the General Terms and Conditions of Business, it is necessary to collect, process, and use personal data that the customer provides, among other things, in the context of the contact field or when answering questions relevant to the contract.
Personal data are individual details about personal or factual circumstances of an identified or identifiable natural person.
When entering the contact details, the customer is asked to provide certain minimum information without which registration cannot be completed. The obligatory data consist of: name, email address, and phone number. In a subsequent phone call, further data, information on the engagement, and the address are requested.
The entry, request, and processing of these data is necessary to fulfill the brokerage contract concluded between the User and the Operator. The legal basis in this respect is Art. 6 (1) (1) (b) GDPR.
Within the framework of the legal requirements, the Operator does not make the use of its services dependent on the customer consenting to the use of their data for purposes other than for the purposes of establishing and fulfilling the contract.
3.3 Specific Purpose
The main purpose in the collection of personal data is to support the customer with the Operator’s services described in the GTCs. Among others, the personal data of the customers are used for the following:
3.2 Collection, Processing, and Use of Personal Data upon Conclusion of a Brokerage Contract by the User
In order for the Operator to provide the services described in more detail in the General Terms and Conditions of Business, it is necessary to collect, process, and use personal data that the customer provides, among other things, in the context of the contact field or when answering questions relevant to the contract.
Personal data are individual details about personal or factual circumstances of an identified or identifiable natural person.
When entering the contact details, the customer is asked to provide certain minimum information without which registration cannot be completed. The obligatory data consist of: name, email address, and phone number. In a subsequent phone call, further data, information on the engagement, and the address are requested.
The entry, request, and processing of these data is necessary to fulfill the brokerage contract concluded between the User and the Operator. The legal basis in this respect is Art. 6 (1) (1) (b) GDPR.
Within the framework of the legal requirements, the Operator does not make the use of its services dependent on the customer consenting to the use of their data for purposes other than for the purposes of establishing and fulfilling the contract.
3.3 Specific Purpose
The main purpose in the collection of personal data is to support the customer with the Operator’s services described in the GTCs. Among others, the personal data of the customers are used for the following:
- Provision of the services desired by the customer and the customer service desired by the customer
- Adjustment, measurement, and improvement of the services, contents, and advertisements of the Operator; in particular also the quality of the services, securing measures such as a customer survey (email and telephone), as well as review of the customer communication between the customers and employees of the Customer Service department after prior consent of the customer
- Sending of targeted marketing communication and advertising offers, also ones from cooperation partners of the Operator (see Section 3.4) according to the framework conditions existing at the customer after prior consent of the customer
- Information about new or supplementary products of the Operator on the basis of the framework conditions existing at the customer after prior consent of the customer
3.4 Sharing of Personal Data with Third Parties
There is no unauthorized use of personal data and information. Also, no exchange or sale to third parties will take place, unless the customer has given their consent to such or there is a legal obligation for the Operator to hand over the data. Sharing with third parties shall only be done with contracting partners of the Operator with whom the Platform provides the services requested by the customer, or with companies which the operator brokers for the customer. The contracting partners and companies include, for example, specialist companies through which the requested renovation and, if applicable, other services to be provided are to be handled. As a result, data are exchanged with these contracting partners in order to request or provide the contractually agreed services requested by the customer.
3.5 Use of Personal Data for Advertising
The Operator will send the customer information on new or supplementary products adapted to the respective customer within the framework of the contractual relationship after the prior and explicit consent of the user. Newsletters as well as information on products and services of partner companies will only be sent to the customer if the customer explicitly requests this. The legal basis in this regard is Art. 6 (1) (1) (a) GDPR. If the customer is no longer in agreement with the sending thereof, they can revoke consent at any time without providing reasons. At the end of each email/each newsletter, there are clear instructions on the possibility of revoking consent and a link for this is provided. The Platform also produces needs-based advertising for customers on the homepage and in emails after prior and explicit consent. In this advertising for specific target groups, the Operator uses parts of the customer data to decide whether or not a specific advertisement should be shown. The target groups for advertisements are selected anonymously. If advertisers select target groups for their advertisements based on demographic data, the Platform will automatically display these advertisements to the appropriate audience. The advertising customers of the Operator receive solely anonymous data reports, which do not allow for the establishment of any connection to a person.
3.6 Use of Analysis Programs
The Operator—after the prior and explicit consent of the user—conducts analyses on the behavior of its customers in the use of its service or has such analyses conducted. For this purpose, anonymized or pseudonymized use profiles are created. The creation of the use profile is solely for the purpose of constantly improving the service of the Platform. For web analysis, the Platform also uses Google Analytics, a web analytics service provided by Google Inc. (“Google”). The Operator uses Google Analytics with the extension “_anonymizeIp(),” so IP addresses are only processed in a shortened form in order to exclude a direct personal reference. The data collection and storage taking place in this context can be objected to at any time with effect for the future: https://tools.google.com/dlpage/gaoptout?hl=en. Google requires that its users—such as this Platform—include the following instruction in their data protection policies. The Operator complies with this requirement by reproducing the following text: “This website uses Google Analytics, a web analysis service of Google Inc. (“Google”). Google Analytics uses so-called “cookies,” text files that are stored on your computer and allow an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. In the event that IP anonymization is activated on this website, however, your IP address will be truncated beforehand by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a server of Google in the USA and truncated there. On behalf of the Operator of this website, Google will use this information for the purpose of analyzing your use of the website, compiling reports on website activity, and providing other services relating to website activity and internet usage to the website Operator. The IP address transmitted by Google Analytics from your browser is not combined with other data from Google. You may refuse the use of cookies by selecting the appropriate settings on your browser; however please note that if you do this, you may not be able to use the full functionality of this website. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) from being transmitted to Google and the processing of these data by Google by downloading and installing the browser plugin available at the following link https://tools.google.com/dlpage/gaoptout?hl=en.
(1) Session Cookies
The Operator mainly uses “session cookies,” which are only stored on the customer’s hard drive for a short period of time and are automatically deleted when the browser is exited. Session cookies are used for login authentication and for load balancing. The legal basis for this data processing consists of our legitimate interests in the correct presentation and functionality of our website in accordance with Art. 6 (1) (1) (f) GDPR.
(2) Partner and Affiliate Cookies
The Platform also uses cookies if a customer accesses the services of the Operator via an external advertising space and confirms this actively. These cookies are intended for settlement with the cooperation partner and do not contain any personal data of the customer. They are automatically erased if the customer logs onto the platform or after a period of four weeks.
(3) Permanent Cookies
The Platform uses so-called “permanent cookies” to store the personal usage settings that a customer enters when using the Platform and thus to be able to personalize and improve the service. The permanent cookies ensure that the customer will find their personal settings again when they return to the Platform. In addition, the service providers that the Operator has engaged to analyze user behavior use permanent cookies to recognize returning users. These services store the data transmitted by the cookie exclusively anonymously. There is no assignment to the IP address of the customer.
(4) Partner Sites/Advertising Customers
If the service of the Platform is integrated into the website of a partner company, these partner companies may also use cookies on the respectively integrated websites of the Operator. The Operator has no control over this and is not responsible for the practices of these partner companies. The Operator recommends that the data protection policies of the respective partner companies be checked.
(5) Avoidance of Cookies
The customer has the option to refuse the setting of cookies at any time. This usually occurs by selecting the appropriate option in the settings of the browser or by using additional programs. More detailed information can be found under the help function of the browser used by the customer. If the customer decides to switch off cookies, this may reduce the scope of service and have a negative impact on the use of the Operator’s services.
3.7 Information about Stored Data
The customer has the right to request information at any time about the data stored by the Operator on the customer, their origin, the purpose of storage, and the recipient of the shared data. This information is provided free of charge and in writing. The request must be made in writing, signed by the requesting person, and sent to the following address: <your company name and address>
3.8 Erasure and Rectification of Data
Within the framework of the legal requirements, the customer has the right to demand the rectification (Art. 16 GDPR) or erasure (Art. 17 GDPR) of the data stored on them by the Operator at any time. The request must be made in writing, signed by the requesting person, and sent to the following address: <your company name and address>
3.9 Right to Restriction of Data Processing
Within the framework of the legal requirements, the customer has the right to demand the restriction of the processing of the data stored about them on the Platform at any time (Art. 18 GDPR). The request must be made in writing, signed by the requesting person, and sent to the following address: <your company name and address>
3.10 Right to Data Portability
Within the framework of the legal requirements, the customer has the right to receive the data in a structured, commonly-used, and machine-readable format at any time or to request that it be transmitted to another data controller (Art. 20 GDPR). The request must be made in writing, signed by the requesting person, and sent to the following address: <your company name and address> Hamburg
3.11 Right to Object
If personal data of the customer are processed on the basis of legitimate interest in accordance with Art. 6 (1) (1) (f) GDPR, the customer has the right to object to the processing of the personal data, provided that there are grounds for doing so that arise from their particular situation. If the objection is aimed against direct advertising, the customer has a general right of objection, which is implemented by us without specifying a particular situation. The request must be made in writing, signed by the requesting person, and sent to the following address: <your company name and address>
3.12 Right to Revoke Consent
The customer has the right to revoke consent once given at any time, with the consequence being that we may no longer continue the data processing based on this consent in the future. The request must be made in writing, signed by the requesting person, and sent to the following address: <your company name and address>
3.13 Right to Complain
The customer has the right to complain to a supervisory authority. The customer can contact the supervisory authority at their place of residency or work, or the supervisory authority responsible for us.
Contact
If you have any questions or suggestions regarding data protection or the processing of your personal data on the Platform, you can contact our data protection office: <your company email>
There is no unauthorized use of personal data and information. Also, no exchange or sale to third parties will take place, unless the customer has given their consent to such or there is a legal obligation for the Operator to hand over the data. Sharing with third parties shall only be done with contracting partners of the Operator with whom the Platform provides the services requested by the customer, or with companies which the operator brokers for the customer. The contracting partners and companies include, for example, specialist companies through which the requested renovation and, if applicable, other services to be provided are to be handled. As a result, data are exchanged with these contracting partners in order to request or provide the contractually agreed services requested by the customer.
3.5 Use of Personal Data for Advertising
The Operator will send the customer information on new or supplementary products adapted to the respective customer within the framework of the contractual relationship after the prior and explicit consent of the user. Newsletters as well as information on products and services of partner companies will only be sent to the customer if the customer explicitly requests this. The legal basis in this regard is Art. 6 (1) (1) (a) GDPR. If the customer is no longer in agreement with the sending thereof, they can revoke consent at any time without providing reasons. At the end of each email/each newsletter, there are clear instructions on the possibility of revoking consent and a link for this is provided. The Platform also produces needs-based advertising for customers on the homepage and in emails after prior and explicit consent. In this advertising for specific target groups, the Operator uses parts of the customer data to decide whether or not a specific advertisement should be shown. The target groups for advertisements are selected anonymously. If advertisers select target groups for their advertisements based on demographic data, the Platform will automatically display these advertisements to the appropriate audience. The advertising customers of the Operator receive solely anonymous data reports, which do not allow for the establishment of any connection to a person.
3.6 Use of Analysis Programs
The Operator—after the prior and explicit consent of the user—conducts analyses on the behavior of its customers in the use of its service or has such analyses conducted. For this purpose, anonymized or pseudonymized use profiles are created. The creation of the use profile is solely for the purpose of constantly improving the service of the Platform. For web analysis, the Platform also uses Google Analytics, a web analytics service provided by Google Inc. (“Google”). The Operator uses Google Analytics with the extension “_anonymizeIp(),” so IP addresses are only processed in a shortened form in order to exclude a direct personal reference. The data collection and storage taking place in this context can be objected to at any time with effect for the future: https://tools.google.com/dlpage/gaoptout?hl=en. Google requires that its users—such as this Platform—include the following instruction in their data protection policies. The Operator complies with this requirement by reproducing the following text: “This website uses Google Analytics, a web analysis service of Google Inc. (“Google”). Google Analytics uses so-called “cookies,” text files that are stored on your computer and allow an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. In the event that IP anonymization is activated on this website, however, your IP address will be truncated beforehand by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a server of Google in the USA and truncated there. On behalf of the Operator of this website, Google will use this information for the purpose of analyzing your use of the website, compiling reports on website activity, and providing other services relating to website activity and internet usage to the website Operator. The IP address transmitted by Google Analytics from your browser is not combined with other data from Google. You may refuse the use of cookies by selecting the appropriate settings on your browser; however please note that if you do this, you may not be able to use the full functionality of this website. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) from being transmitted to Google and the processing of these data by Google by downloading and installing the browser plugin available at the following link https://tools.google.com/dlpage/gaoptout?hl=en.
(1) Session Cookies
The Operator mainly uses “session cookies,” which are only stored on the customer’s hard drive for a short period of time and are automatically deleted when the browser is exited. Session cookies are used for login authentication and for load balancing. The legal basis for this data processing consists of our legitimate interests in the correct presentation and functionality of our website in accordance with Art. 6 (1) (1) (f) GDPR.
(2) Partner and Affiliate Cookies
The Platform also uses cookies if a customer accesses the services of the Operator via an external advertising space and confirms this actively. These cookies are intended for settlement with the cooperation partner and do not contain any personal data of the customer. They are automatically erased if the customer logs onto the platform or after a period of four weeks.
(3) Permanent Cookies
The Platform uses so-called “permanent cookies” to store the personal usage settings that a customer enters when using the Platform and thus to be able to personalize and improve the service. The permanent cookies ensure that the customer will find their personal settings again when they return to the Platform. In addition, the service providers that the Operator has engaged to analyze user behavior use permanent cookies to recognize returning users. These services store the data transmitted by the cookie exclusively anonymously. There is no assignment to the IP address of the customer.
(4) Partner Sites/Advertising Customers
If the service of the Platform is integrated into the website of a partner company, these partner companies may also use cookies on the respectively integrated websites of the Operator. The Operator has no control over this and is not responsible for the practices of these partner companies. The Operator recommends that the data protection policies of the respective partner companies be checked.
(5) Avoidance of Cookies
The customer has the option to refuse the setting of cookies at any time. This usually occurs by selecting the appropriate option in the settings of the browser or by using additional programs. More detailed information can be found under the help function of the browser used by the customer. If the customer decides to switch off cookies, this may reduce the scope of service and have a negative impact on the use of the Operator’s services.
3.7 Information about Stored Data
The customer has the right to request information at any time about the data stored by the Operator on the customer, their origin, the purpose of storage, and the recipient of the shared data. This information is provided free of charge and in writing. The request must be made in writing, signed by the requesting person, and sent to the following address: <your company name and address>
3.8 Erasure and Rectification of Data
Within the framework of the legal requirements, the customer has the right to demand the rectification (Art. 16 GDPR) or erasure (Art. 17 GDPR) of the data stored on them by the Operator at any time. The request must be made in writing, signed by the requesting person, and sent to the following address: <your company name and address>
3.9 Right to Restriction of Data Processing
Within the framework of the legal requirements, the customer has the right to demand the restriction of the processing of the data stored about them on the Platform at any time (Art. 18 GDPR). The request must be made in writing, signed by the requesting person, and sent to the following address: <your company name and address>
3.10 Right to Data Portability
Within the framework of the legal requirements, the customer has the right to receive the data in a structured, commonly-used, and machine-readable format at any time or to request that it be transmitted to another data controller (Art. 20 GDPR). The request must be made in writing, signed by the requesting person, and sent to the following address: <your company name and address> Hamburg
3.11 Right to Object
If personal data of the customer are processed on the basis of legitimate interest in accordance with Art. 6 (1) (1) (f) GDPR, the customer has the right to object to the processing of the personal data, provided that there are grounds for doing so that arise from their particular situation. If the objection is aimed against direct advertising, the customer has a general right of objection, which is implemented by us without specifying a particular situation. The request must be made in writing, signed by the requesting person, and sent to the following address: <your company name and address>
3.12 Right to Revoke Consent
The customer has the right to revoke consent once given at any time, with the consequence being that we may no longer continue the data processing based on this consent in the future. The request must be made in writing, signed by the requesting person, and sent to the following address: <your company name and address>
3.13 Right to Complain
The customer has the right to complain to a supervisory authority. The customer can contact the supervisory authority at their place of residency or work, or the supervisory authority responsible for us.
Contact
If you have any questions or suggestions regarding data protection or the processing of your personal data on the Platform, you can contact our data protection office: <your company email>