Privacy Policy

This Data Privacy Policy informs you about the type, scope and purpose of the processing of personal data (referred to in the following in brief as “data”) on our website and on web pages, in functions and content linked to it, as well as at external websites, e.g. our social media profile (referred to jointly in the following as “websites”). We refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR) for the meaning of the terminology, such as “personal data” or “processing”, used in this text.

CONTROLLER
Townscape One Development GmbH & Co. KG
registered in the Charlottenburg Commercial Register under HRA 48762

Registered office: Berlin
Value added tax ID: DE293086537

Address:
Townscape One Development GmbH & Co. KG
Bleibtreustraße 24
10707 Berlin

Management:
Townscape One Properties GmbH
TSC Verwaltung GmbH

E-Mail: info@townscape.de
Telefon: +49 (0) 30 – 221 827 2-23

TYPES OF DATA PROCESSED
Contact details (e.g. email).
Content data (e.g. photographs, videos).
Meta/communication data (e.g. device information, IP addresses).
Processing of special categories of data (Article 9(1) GDPR):
No special categories of data are processed.
CATEGORIES OF DATA SUBJECTS:
Website visitors and users.
In the following we refer to these data subjects collectively as “users”.

PURPOSE OF PROCESSING
Response to contact enquiries and communication with users.
Marketing, advertising and market research.
Security measures.
DOCUMENT LAST UPDATED: 24/05/2018

1. RELEVANT LEGAL BASIS
In compliance with Article 13 GDPR, we hereby inform you about the legal basis for our processing of data. If the legal basis is not referred to in the Data Privacy Policy, the following applies: The legal basis for obtaining consent is Article 6(1) a) and Article 7 GDPR; the legal basis for processing which is necessary for the provision of our services and the performance of the contract as well as providing answers to enquiries is Article 6(1) b) GDPR; the legal basis for processing which is necessary for compliance with our legal obligations is Article 6(1) c) GDPR; and the legal basis for the processing which is necessary for the purposes of pursuing our legitimate interests is Article 6(1) f) GDPR. The legal basis for processing which is necessary in order to protect the vital interests of the data subject or of another natural person is Article 6(1) d) GDPR.

2. CHANGES AND UPDATES TO THE DATA PRIVACY POLICY
Please make sure that you re-read the contents of our Data Privacy Policy at regular intervals. We change our Data Privacy Policy as soon as any changes in the data processing which we perform make this necessary. We will inform you as soon as any changes require action to be taken by you (e.g. consent) or any other individual notification needs to be made.

3. SAFETY MEASURES
3.1. In accordance with Article 32 GDPR and taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of the varying likelihood and severity for the rights and freedoms of natural persons, we implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including inter alia measures to ensure the confidentiality, integrity and availability of data by controlling the physical availability of the data, access to them and the entry, disclosure, secured availability and separation of data. We have also set up procedures which guarantee that the rights of data subjects are safeguarded, that data are erased and responses are made to risks to data. We also incorporate the protection of personal data as soon as we begin developing or selecting hardware, software and procedures according to the principle of data protection by design and by default (Article 25 GDPR).

3.2. The security measures include in particular the encrypted transmission of data between your browser and our server.

4. COOPERATION WITH PROCESSORS AND THIRD PARTIES
4.1. When we process data we only disclose data to other persons and companies (processors or third parties), transmit data to other persons and companies or provide them access to the data in any other way if this is permitted by law (e.g. if transmission of data to a third party, such as a payment services provider, is necessary for the performance of a contract, within the meaning of Article 6(1) b) GDPR), you have given your consent, this is necessary for compliance with a legal obligation or is necessary for the purposes of our legitimate interests (e.g. when using agents, web hosts, etc.).

4.2. The engagement by us of the services of third-party processors under a “processing contract” is lawful under Article 28 GDPR.

5. TRANSFERS TO THIRD COUNTRIES
We only process data in a third country (i.e. a country outside the European Union (EU) or the European Economic Area (EEA)) or have data processed in the course of using third-party services, making disclosures or transfer to third parties for the purpose of meeting our (pre)contractual obligations, on the basis of your consent, to comply with a legal duty or for the purpose of our legitimate interests. Subject to legal or contractual authorisation, we only process data or arrange for data to be processed in a third country if the special conditions referred to in Article 44 ff. GDPR are met. This means that data are only processed if special guarantees are in place, such as official recognition of a level of data protection commensurate with EU levels of data protection (e.g. by the Privacy Shield for the USA) or compliance with officially recognised special contractual obligations (“standard contractual clauses”).

6. RIGHTS OF DATA SUBJECTS
6.1. You have the right to obtain confirmation as to whether or not relevant data are being processed and to obtain access to the data and a copy of them in accordance with Article 15 GDPR.

6.2. Article 16 GDPR grants you the right to obtain the rectification of inaccurate personal data concerning you and to have incomplete data completed.

6.3. Under Article 17 GDPR you have the right to obtain the erasure of data concerning you without undue delay or, alternatively under Article 18 GDPR, to obtain restriction of processing of the data.

6.4. You have the right under Article 20 GDPR to receive the data concerning you, which you have provided to us and the right to transmit the data transmitted to another controller.

6.5. Under Article 77 GDPR, you also have the right to lodge a complaint with a responsible supervisory authority.

7. RIGHT OF REVOCATION
You have the right under Article 7(3) GDPR to withdraw your consent with effect for the future.

8. RIGHT OF OBJECTION
You have the right under Article 21 GDPR to object at any time to the processing of data concerning you in the future. The objection may in particular be lodged against processing for the purposes of direct marketing.

9. COOKIES AND RIGHT OF OBJECTION TO DIRECT ADVERTISING
We set temporary and permanent cookies, i.e. small files which are stored on users’ devices (go to the last section of this Data Privacy Policy for an explanation of this terminology and of functions). Cookies are partly necessary in order to secure the operation (e.g. display of our website) or to store users’ decisions when they confirm cookie banners. In addition, we, or our technology partners, also use cookies for reach measurement and marketing purposes; users are informed about this in the Data Policy. General objection to the use of cookies for online marketing purposes can be lodged for a number of services, particularly to tracking, at the US American website http://www.aboutads.info/choices/ or the EU website http://www.youronlinechoices.com/. The storage of cookies can also be prevented by disabling the relevant browser settings. Please note that this may then prevent you from using all the functions available on this website.

10. DELETION OF DATA
10.1. The data which we process are erased or their processing restricted under Article 17 and 18 GDPR. Unless otherwise explicitly stated in this Data Privacy Policy, the data stored by us are erased as soon as they are no longer required for the purpose for which they have been stored and provided that they are not subject to legal retention requirements. If the data are not erased because they are required for other and legally permissible purposes, the processing of these data is restricted. This means that the data will be blocked and not processed for other purposes. This applies, e.g. to data which must be kept for commercial or tax law reasons.

10.2. Under section 257(1) German Commercial Code (HGB) in particular, data (trading books, inventories, opening balance sheets, end-of-year financial statements, commercial correspondence, accounting documents, etc.) must be stored for six years and under section 147(1) German Tax Code (AO) for ten years (accounts, records, management reports, accounting documents, commercial and business correspondence, documents relevant for tax purposes, etc.).

11. PROVISION OF CONTRACTUAL SERVICES
11.1. Within the context of using our online service, we store the IP address and the time of user action. The storage is based on our legitimate interests and is also done to protect users against misuse and other unauthorised use. These data are not transferred onward to third parties at all unless this is necessary for the purpose of pursuing our claims or in order to comply with a legal obligation (Article 6(1) c) GDPR).

11.2. These data are erased after expiry of our statutory guarantee and other comparable obligations; the need for such data to be stored is reviewed every three years; data which are subject to statutory retention periods are erased when these periods expire (expiry of commercial (six years) and tax (ten years) mandatory retention periods); information in customer accounts will remain in storage until erasure.

12. CONTACT
12.1. When contacting us (via the contact form or email), the user’s details are processed in order to handle the contact request and its settlement in accordance with Art. 6(1) lit. b) GDPR.

12.2. The user data can be stored in our Customer Relationship Management System (“CRM system”) or comparable enquiry system.

12.3. We erase enquiries as soon as they are no longer necessary. We check whether enquiries need to be kept every two years; we store enquiries from customers with a customer account indefinitely and refer for erasure purposes to the information about the customer account. Data which are subject to statutory retention periods are erased when these periods expire (expiry of commercial (six years) and tax (ten years) mandatory retention periods).

13. COLLECTING ACCESS DATA AND LOGFILES
13.1. On the basis of our legitimate interests within the meaning of Art. 6(1) lit. f. GDPR, we collect data on each access to the server on which this service is located (so-called server log files). The access data includes the name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address and the requesting provider.

13.2. Log file information is stored for security purposes (e.g. to clarify abusive or fraudulent use) for a maximum period of seven days after which it is erased. Data that needs to be further stored for evidence purposes is excluded from deletion until the respective incident has been finally clarified.

14. ONLINE PRESENCE IN SOCIAL MEDIA
14.1. In pursuit of our legitimate interests under Article 6(1) f) GDPR we are active in social networks and platforms, where we communicate with and inform active customers, prospective customers and users about our services. Every time the applicable networks and platforms are requested, the terms and conditions of business and data processing regulations of the applicable operators apply.

14.2. Unless stated otherwise in our Data Privacy Policy, we process users’ data to the extent that these users communicate with us on social networks and platforms, e.g. by posting on our websites or by sending us messages.

15. COOKIES & RANGE MEASUREMENT
15.1. Cookies are items of information that are transferred from our web server or third-party web servers to the user’s web browser and stored there for later retrieval. Cookies can be small files or other types of information storage.

15.2. Users are informed within the scope of this privacy statement about how cookies are used for pseudonymous range measurement.

15.3. If users do not wish cookies to be stored on their computer, they are requested to deactivate the relevant option in the system settings of their browser. Stored cookies can be deleted in the browser’s system settings. Please note that the exclusion of cookies can restrict some of the functionalities of this online offering.

15.4. You may oppose the use of cookies for range measurement and advertising purposes via the network advertising initiative’s opt-out page (http://optout.networkadvertising.org/) and via the US website (http://www.aboutads.info/choices) or the European website (http://www.youronlinechoices.com/uk/your-ad-choices/).

17.1. As part of our online offering, we use content or service offerings of third parties on the basis of our legitimate interests (i.e. interest in analysing, optimising and efficiently operating our online offering within the meaning of Art. 6(1) lit. f. GDPR) in order to integrate their content and services, such as videos or fonts (hereinafter jointly referred to as “content”). This always presupposes that the third-party providers of this content can note the user’s IP address, otherwise they would not be able to send the content to the browsers of the aforesaid users without the IP address. The IP address is therefore required for presenting this content. We endeavour to only use the content of providers that use the IP address solely for the distribution of content. Third parties can also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. The pixel tags can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information can also be stored in cookies on the user’s device and can include technical information about the browser and operating system, referring websites, visiting times and other information about the use of our website, and can also be linked to such information from other sources.

17.2. Below is a list of the third-party providers and their contents, along with links to their privacy statements which contain further information on how data is processed and on the opt-out possibilities, some of which have already been named here:

External fonts from Google, LLC., https://www.google.com/fonts (“Google Fonts”). The Google fonts are integrated via a server called up at Google (usually in the USA). Data Privacy Policy: https://policies.google.com/privacy, opt-out: https://adssettings.google.com/authenticated. On our pages, we use map services from Mapbox, Inc., 1714 14th St NW, Rear Entrance, Washington DC 20009, USA. When you visit the pages that contain maps (e.g. the Contact page), a connection to the Mapbox servers is established right from when the page is opened. In addition to your IP address, they also learn which of our pages you are currently on. In addition, other personal data, such as your location, may be transmitted to Mapbox when you access such pages.