The DIC Group is one of the leading investors in the German market for commercial real estate

DIC Deutsche Immobilien Chancen
DIC Deutsche Immobilien Chancen
DIC Deutsche Immobilien Chancen

1. Controller


The controller responsible for the processing described below is 

Deutsche Immobilien Chancen AG & Co. KGaA
Neue Mainzer Straße 32 - 36
60311 Frankfurt am Main
Germany

Tel.: + 49 69 9450709-0
Fax: + 49 69 9450709-9998
E-mail: info@dic-kgaa.de


2. General data processing when using our website


Purposes and scope of the processing/legal bases:

When your visit our website, usage data is temporarily processed on the web server to enable you to access our website. 

This data includes the following:

  • name and address of the requested content;
  • date and time of the request;
  • data volume transferred;
  • access status (content transferred, content not found);
  • description of the web browser and operating system used, including information on the selected language;
  • eferrer URL, which indicates the page from which you accessed our site; 
  • the IP address of the requesting terminal device.

The legal basis for the processing is Article 6(1) sentence 1 (f) GDPR and our legitimate interest in being able to provide you with an attractive and functional website.

We anonymise your IP address by truncating it in such a manner that it is no longer possible to determine an individual's identity based on any usage data.

Recipients/categories of recipients:

For the purpose of operating and providing our website, we transfer your data to the following processors which process the data on our behalf strictly subject to our instructions and bound by contract:

  • IONOS SE, Elgendorfer Str. 57, 56410 Montabaur, Germany;


3. Restricted access areas on our website


Purposes and scope of the processing/legal bases:

Our website may provide restricted access areas where further information and documents can be made available to a certain group of users, such as our investors and their employees or other business partners.

In this context, we only process the data that is required to log in to this area (user name and password). As a rule, the user name will be your e-mail address. 

The legal basis for the processing is Article 6(1) sentence 1 (b) GDPR or, in the case of employees of our investors or business partners, Article 6(1) sentence 1 (f) GDPR for the purposes of our legitimate interest in providing you with the information and documents in the restricted access area.

Storage time/criteria for determining storage time:

We process your data for as long as this is necessary to achieve the aforementioned purpose. Thereafter, we will delete your data unless processing, including in other systems where applicable, remains lawful on another legal basis or is obligatory for us (e.g., where statutory retention requirements exist).

Recipients/categories of recipients:

For the purpose of operating and providing the restricted access area, we transfer your data to processors which process data on our behalf strictly subject to our instructions and bound by contract. 

Currently, these are processors which support us in operating and making our website available.


4. Enquiries and contact by post, telephone, fax and e-mail


Purposes and scope of the processing/legal bases:

If you contact us directly by post, telephone, fax or e-mail, we process personal data that you provide to us as well as data associated with your selected mode of communication (e.g., name, address, e-mail address or fax or telephone number) for purposes of responding to your enquiry.

The legal basis for the processing is Article 6(1) sentence 1 (f) GDPR or Article 6(1) sentence 1 (b) GDPR if processing is necessary for the performance of a contract or in order to take steps prior to entering into a contract. 

We and you have a mutual (legitimate) interest in the processing of such data so that we can respond to your enquiries, resolve any problems that may exist, provide the requested information, etc., and thus maintain and promote your satisfaction as a (potential) client.

You are free to decide what other optional information or any special category of personal data you wish to provide to us. 

The legal basis for the processing is your consent given pursuant to Article 6(1) sentence 1 (a) GDPR.

Your consent is voluntary and may be withdrawn at any time with effect for the future. Please use the controller's contact details specified for this purpose.

Storage time/criteria for determining storage time:

We process your data for as long as this is necessary to achieve the aforementioned purpose. Thereafter, we will delete your data unless processing, including in other systems where applicable, remains lawful on another legal basis or is obligatory for us (e.g., where statutory retention requirements exist).


5. Data processing in the case of prospective clients, suppliers and business partners


5.1. General processing of business partners' data

Controller:

Where applicable, instead of the controller cited in section 1 above, the respective company which you contact, in whose products and services you or your company are interested, or with which you or your company already have or plan to enter into a business relationship, will be the controller responsible for collecting and processing your data as a client, business partner, supplier or prospective client or contact person for a business partner, supplier or prospective client. Please contact that company at its stated address.

Purposes and scope of the processing/legal bases:

In the context of the business relationship with you as our clients, business partners, suppliers and prospective clients, we process personal data such as name, address, e-mail address, telephone/fax number, tax ID, client number, bank account details and, where applicable, place of birth, date of birth, nationality if you have provided us with this data voluntarily, and creditworthiness data. The processing is carried out for the purposes of verifying identity, initiating, performing, managing and settling contracts, assessing creditworthiness and collateral and, in particular, preparing billing statements and credit notes or refunds, managing and enforcing claims, legal compliance, data security and in the interest of providing full customer service.

The legal basis for the processing is Article 6(1) sentence 1 (b) GDPR or, in the case of employees of prospective clients, suppliers and business partners, Article 6(1) sentence 1 (f) GDPR and Article 6(1) sentence 1 (c) GDPR.

Recipients/categories of recipients:

Your data will generally only be disclosed to third parties if you have expressly consented to the transfer in advance or we are obligated to do so by law. 

The legal basis for the processing is Article 6(1) sentence 1 (a) GDPR where consent has been given or Article 6(1) sentence 1 (c) GDPR where processing is necessary for compliance with a legal obligation. 

Within DIC Group[1] companies, your data will be disclosed to other entities for purposes including performing or initiating the business relationship. 

The legal basis for the processing is Article 6(1) sentence 1 (f) GDPR. 

The legitimate interest is to enable the other entities to perform or initiate contractual relations with you or your company.

In exceptional cases, data will be processed by processors on our behalf. These are carefully selected in each case and are also audited by us and bound by contract.

Storage time/criteria for determining storage time:

We store the data required in any given case for the duration of the business relationship with you and until expiry of the applicable limitation periods and any claims and statutory retention obligations arising therefrom.


5.2. Processing of contact persons' data

Purposes and scope of the processing/legal bases:

We process the contact data of contact persons at clients, prospective clients, suppliers and other business partners to enable communication by e-mail, telephone, fax and post. The legal basis for the processing is Article 6(1) sentence 1 (b) and (f) GDPR. 

In this respect, we have a legitimate interest in maintaining existing or initiating new business relationships with clients, prospective clients, suppliers and other business partners and in maintaining personal contact with contact persons in the process.

Recipients/categories of recipients:

Your data will only be disclosed to third parties if you have expressly consented to the transfer in advance or we are obligated to do so by law. 

The legal basis for the processing is Article 6(1) sentence 1 (a) GDPR where consent has been given or Article 6(1) sentence 1 (c) GDPR where processing is necessary for compliance with a legal obligation. 

Within DIC Group companies, your data will be disclosed to other entities for purposes including performing or initiating the business relationship. 

The legal basis for the processing is Article 6(1) sentence 1 (f) GDPR. 

The legitimate interest is to enable the other entities to perform or initiate contractual relations with you or your company.

In exceptional cases, data will be processed by processors on our behalf. These are carefully selected in each case and are also audited by us and bound by contract.

Storage time/criteria for determining storage time:

Personal data will be stored for the purpose of performing business relationships for as long as a legitimate interest therein exists.


5.3. Data processing for marketing purposes

Purposes and scope of the processing/legal bases:

DIC Group companies use personal data for marketing purposes, in particular for advertising by e-mail, telephone and post. The purpose of data processing in connection with marketing activities is to inform data subjects about the products and services offered by the DIC Group. 

The legal basis for sending advertising material by post is Article 6(1) sentence 1 (f) GDPR. In this respect, we have a legitimate interest in sending (prospective) clients information about products and services. 

The legal basis for e-mail and telephone marketing activities is generally Article 6(1) sentence 1 (a) GDPR and a separate declaration of consent given by you. Specific provisions may additionally apply in the case of marketing activities aimed at existing clients.

You may object to the receipt of advertising material at any time with effect for the future or withdraw any consent given by sending a message to that effect to ir@dic-asset.de or info@dic-kgaa.de

Recipients/categories of recipients:

No data is disclosed to third parties outside DIC Asset AG or the DIC Group. 

Whenever external processors are used to send advertising material, they are bound by contract and audited to ensure that appropriate organisational and technical security measures are in place. 

Within DIC Group companies, your data may be disclosed to other entities for marketing purposes. 

The legal basis for the processing is Article 6(1) sentence 1 (f) GDPR. 

The legitimate interest is to enable the other entities to perform or initiate contractual relations with you or your company.

Storage time/criteria for determining storage time:

If you object to the receipt of advertising material, your data will be blocked immediately and then deleted, unless it is also stored for other purposes.


6. Data processing in the employment application process


Controller:

Where applicable, instead of the controller cited in section 1 above, the respective company to which you have applied for employment will be the controller responsible for collecting and processing your data in the context of the application process. Please contact that company at its stated address.

Purposes and scope of the processing/legal bases:

In the context of your application, we process data from you that we require as part of the application process so that we can make a decision on potentially hiring you (establishing an employment relationship). 

This may include contact details, all data associated with the application (CV, references, qualifications, responses to questions, etc.) and, where applicable, data on bank account details (for reimbursing travel expenses). 

The legal basis for the processing is section 26 (1) of the German Federal Data Protection Act (Bundesdatenschutzgesetz, "BDSG") in conjunction with Article 6(1) sentence 1 (b) GDPR and Article 88 GDPR.

Storage time/criteria for determining storage time:

Insofar as we are not subject to any statutory retention requirements, the data will be deleted as soon as storage is no longer necessary or the legitimate interest in storage no longer exists. As a rule, this will be within six months after the application process is concluded, assuming that no employment relationship is established.

In individual cases, specific data may be stored for a longer period (e.g., travel expenses statement). The storage time then depends on the statutory retention requirements, for example under the German Fiscal Code (Abgabenordnung, "AO") (6 years) or the German Commercial Code (Handelsgesetzbuch, "HGB") (10 years).

If you were not hired but your application is still of interest to us, we will ask you separately for your permission to keep your application on file for future job openings.

Recipients/categories of recipients:

Your data will of course be treated confidentially and will not be disclosed to third parties. 

When you use the career portal, we transfer your data solely to processors which process data on our behalf strictly subject to our instructions and bound by contract:

  • HRworks GmbH, Waldkircher Str. 28, 79106 Freiburg, Germany.


7. Data processing on our social media sites


Joint controllers:

Where applicable, instead of the controller cited in section 1 above, the respective company specified in the legal information section on our respective social media site is the controller responsible for collecting and processing your data on our social media sites. Please contact that company at its stated address.

Social media sites may, for example, be operated on the following platforms:

XING: https://www.xing.com/

Kununu: https://www.kununu.com/

LinkedIn: https://www.linkedin.com/

Instagram: https://www.instagram.com/

Facebook: https://www.facebook.com/

The information on data processing on our social media sites also applies to other sites on other platforms, insofar as they are linked to this Privacy Policy.

In addition to the company specified in the legal information section on our respective social media site, the operator of the respective social media platform also acts as controller responsible for processing your personal data (joint controllers).

Insofar as we are able to influence this and parameterise the data processing, we work within the scope of our available options to ensure that the operator of the social media platform handles the data in a manner consistent with the requirements of data protection law. In this context, please also refer to the privacy policies of the respective social media platform.

Purposes and scope of the processing by us/legal bases:

Any data that you enter or post on our social media sites, such as user names, comments, videos, images, likes, public messages, etc., is published by the social media platform and is at no time processed by us for other purposes. We merely reserve the right to delete content should this be necessary. In some cases, we share your content on our site if this is a feature of the social media platform and we communicate with you via the social media platform. 

If you send us an enquiry via the social media platform, depending on the content, we may also refer you to other more secure communication channels that guarantee confidentiality. For example, you can always send your enquires to us using the contact addresses specified in the legal information section on our respective social media site. In this respect, you are responsible for choosing the appropriate communication channel. 

The legal basis for processing your data is Article 6(1) sentence 1 (f) GDPR. We have a legitimate interest in processing the data for our corporate public relations purposes and being able to communicate with you.

Some social media platforms generate statistics based on usage data and contain information about your interaction with our social media site. We cannot influence or prevent such statistics from being generated and made available. However, we do not utilise optional statistics from the social media platform.

We process this information on the basis of Article 6(1) sentence 1 (f) GDPR and our legitimate interest in validating the use of our social media sites and better tailoring our content to the respective target audience.

We also occasionally use those social media platforms to display targeted ads.

For this purpose, we use target group definitions made available to us by the social media provider. We only use anonymous target group definitions, defining attributes based for example on general demographics, behaviour, interests and connections. The social media platform operator uses these to display ads targeted to its users.

The legal basis for this is the consent given to the social media platform operator by its users. Should you wish to withdraw your consent, please avail yourself of the options furnished for this purpose by the provider of the social media platform, as the social media platform operator is the controller responsible for the processing in this case. 

Occasionally, we or the provider of the social media platform also use publicly available data for the purposes of defining target groups. The legal basis for the processing in that case is Article 6(1) sentence 1 (f) GDPR. In this respect, we have a legitimate interest in defining a target group as accurately as possible. Under no circumstances do we ever use sensitive categories of personal data (as referred to in Articles 9 and 10 GDPR) for the purposes of defining target groups.

We do not use any target group definitions based on location data. We do not disclose any personal data to the social media platform operator in the context of defining target groups. 

Occasionally, we also use information about visits to or interaction with other sites (remarketing) to define target groups. We also use cookies for this purpose, among other things. However, in such cases we use a consent banner on those other sites to first obtain the user's consent and then provide information about the data processing. You may withdraw that consent at any time by re-selecting the consent banner (consent management platform) for the relevant website.

If you wish to object to a particular data processing operation over which we have control, please use the contact details provided in the legal information section on our respective social media site.

Storage time/criteria for determining storage time:

We delete your personal data when the data is no longer required for the aforementioned purposes of processing and no statutory retention requirements exist that would prevent us from so doing.

Data processing by the social media platform operator:

The social media platform operator employs web tracking technologies. Web tracking may take place regardless of whether you are logged in to or registered with the social media platform.

Therefore, please be advised that the provider of the social media platform may use your profile and browsing data to analyse your habits, personal relationships, preferences, etc. We have no influence on the processing of your data by the social media platform provider in this respect. Therefore, use of the social media platform is at your own risk.

For more detailed information on data processing by the social media platform provider, configuration options to protect your privacy, further opt-out options and any data processing agreement entered into pursuant to Article 26 GDPR, see the privacy policies of the specified providers:

Insofar as the aforementioned privacy policies are also linked on other social media sites on other platforms, see the privacy policy of the respective provider for more detailed information on data processing by the social media platform provider, configuration options to protect your privacy, further opt-out options and any data processing agreement entered into pursuant to Article 26 GDPR.


8. Voluntary provision of your data


You are under no contractual or legal obligation to provide your personal data. 

However, in certain cases this is necessary to allow us to respond to your enquiry or so that you can use or access the services we offer. 

If you do not provide your personal data, we may not be able to respond to your enquiry, you may not be able to use the services offered, or we may not be able to process your application.

Excepted herefrom are, of course, those data processing operations that are based solely on your consent, which is always freely given. You may withdraw any consent you have given at any time with effect for the future.


9. Your rights


You have certain rights under the GDPR with respect to the processing of your personal data:


9.1. Right of access (Article 15 GDPR)

You have the right to request confirmation as to whether personal data concerning you is being processed; if this is the case, you have a right to obtain information about such personal data and to the specific information set out Article 15 GDPR.


9.2. Right to rectification (Article 16 GDPR) 

You have the right to have any inaccurate personal data be corrected without undue delay and to have any incomplete personal data completed.


9.3. Right to erasure (Article 17 GDPR)

You also have the right to have your personal data erased without undue delay where one of the grounds set out in Article 17 GDPR applies, e.g., where the personal data is no longer required for the purposes for which it was collected or processed.


9.4. Right to restriction of processing (Article 18 GDPR)

You have the right to have processing restricted where one of prerequisites set out in Article 18 GDPR applies, e.g., where you have objected to the processing pursuant to Article 21 GDPR or pending verification of whether our legitimate interests override your interests as the data subject.


9.5. Right to data portability (Article 20 GDPR)

In certain cases specified in detail in Article 20 GDPR, you have the right to receive your personal data in a structured, commonly used and machine-readable format and to have that data transferred to a third party.


9.6. Right to object (Article 21 GDPR)

Where data is collected on the basis of Article 6(1) sentence 1 (f) GDPR (processing necessary for legitimate interests), you have the right to object to the data processing at any time on grounds relating to your particular situation. In such case, we will no longer process the personal data unless there are demonstrably compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.


9.7. Right of withdrawal (Article 7(3) sentence 1 GDPR)

If your personal data is processed on the basis of consent given pursuant to Article 6(1) sentence 1 (a) GDPR, you have the right to withdraw your consent pursuant to Article 7(3) sentence 1 GDPR. You may withdraw your consent at any time with effect for the future.


9.8. Right to lodge a complaint with a supervisory authority (Article 77 GDPR)

Under Article 77 GDPR, you have the right to lodge a complaint with a supervisory authority if you consider that the processing of personal data relating to you infringes data protection law. The right to lodge a complaint with a supervisory authority may be exercised in particular in the member state of your habitual residence, place of work or place of the alleged infringement. 

The competent supervisory authority for us is the Commissioner for Data Protection and Freedom of Information of Hesse, Gustav-Stresemann-Ring 1, 65189 Wiesbaden, Germany.


10. Contact details of the data protection officer


Our company data protection officer will be happy to provide you with information or suggestions on the subject of data protection and may be contacted at:

 

datenschutz süd GmbH
Subject: "DIC Asset AG"
Wörthstraße 15
97082 Würzburg, Germany

E-mail: office@datenschutz-sued.de
Telephone: +49 (0)931 304 976 0
Web: www.datenschutz-nord-gruppe.de

 

11. Amendment of this Privacy Policy


This Privacy Policy was last updated on 20.01.2023



[1] The DIC Group comprises in particular DIC Asset AG, DIC Onsite GmbH, Deutsche Immobilien Chancen AG & Co. KGaA, Deutsche Immobilien Chancen Beteiligungs AG, GEG German Estate Group GmbH, GEG Real Estate Management GmbH, DIC Fund Balance GmbH and VIB Vermögen AG. 




© 2024 Deutsche Immobilien Chancen AG & Co. KGaA|Home|Search|Sitemap|Legal|Data Protection|Deutsch