Townscape One Development GmbH & Co. KG
registered in the Charlottenburg Commercial Register under HRA 48762
Registered office: Berlin
Value added tax ID: DE293086537
Townscape One Development GmbH & Co. KG
Townscape One Properties GmbH
TSC Verwaltung GmbH
TYPES OF DATA PROCESSED
Contact details (e.g. email).
Content data (e.g. photographs, videos).
Meta/communication data (e.g. device information, IP addresses).
Processing of special categories of data (Article 9(1) GDPR):
No special categories of data are processed.
CATEGORIES OF DATA SUBJECTS:
Website visitors and users.
In the following we refer to these data subjects collectively as “users”.
PURPOSE OF PROCESSING
Response to contact enquiries and communication with users.
Marketing, advertising and market research.
DOCUMENT LAST UPDATED: 24/05/2018
1. RELEVANT LEGAL BASIS
3. SAFETY MEASURES
3.1. In accordance with Article 32 GDPR and taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of the varying likelihood and severity for the rights and freedoms of natural persons, we implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including inter alia measures to ensure the confidentiality, integrity and availability of data by controlling the physical availability of the data, access to them and the entry, disclosure, secured availability and separation of data. We have also set up procedures which guarantee that the rights of data subjects are safeguarded, that data are erased and responses are made to risks to data. We also incorporate the protection of personal data as soon as we begin developing or selecting hardware, software and procedures according to the principle of data protection by design and by default (Article 25 GDPR).
3.2. The security measures include in particular the encrypted transmission of data between your browser and our server.
4. COOPERATION WITH PROCESSORS AND THIRD PARTIES
4.1. When we process data we only disclose data to other persons and companies (processors or third parties), transmit data to other persons and companies or provide them access to the data in any other way if this is permitted by law (e.g. if transmission of data to a third party, such as a payment services provider, is necessary for the performance of a contract, within the meaning of Article 6(1) b) GDPR), you have given your consent, this is necessary for compliance with a legal obligation or is necessary for the purposes of our legitimate interests (e.g. when using agents, web hosts, etc.).
4.2. The engagement by us of the services of third-party processors under a “processing contract” is lawful under Article 28 GDPR.
5. TRANSFERS TO THIRD COUNTRIES
We only process data in a third country (i.e. a country outside the European Union (EU) or the European Economic Area (EEA)) or have data processed in the course of using third-party services, making disclosures or transfer to third parties for the purpose of meeting our (pre)contractual obligations, on the basis of your consent, to comply with a legal duty or for the purpose of our legitimate interests. Subject to legal or contractual authorisation, we only process data or arrange for data to be processed in a third country if the special conditions referred to in Article 44 ff. GDPR are met. This means that data are only processed if special guarantees are in place, such as official recognition of a level of data protection commensurate with EU levels of data protection (e.g. by the Privacy Shield for the USA) or compliance with officially recognised special contractual obligations (“standard contractual clauses”).
6. RIGHTS OF DATA SUBJECTS
6.1. You have the right to obtain confirmation as to whether or not relevant data are being processed and to obtain access to the data and a copy of them in accordance with Article 15 GDPR.
6.2. Article 16 GDPR grants you the right to obtain the rectification of inaccurate personal data concerning you and to have incomplete data completed.
6.3. Under Article 17 GDPR you have the right to obtain the erasure of data concerning you without undue delay or, alternatively under Article 18 GDPR, to obtain restriction of processing of the data.
6.4. You have the right under Article 20 GDPR to receive the data concerning you, which you have provided to us and the right to transmit the data transmitted to another controller.
6.5. Under Article 77 GDPR, you also have the right to lodge a complaint with a responsible supervisory authority.
7. RIGHT OF REVOCATION
You have the right under Article 7(3) GDPR to withdraw your consent with effect for the future.
8. RIGHT OF OBJECTION
You have the right under Article 21 GDPR to object at any time to the processing of data concerning you in the future. The objection may in particular be lodged against processing for the purposes of direct marketing.
9. COOKIES AND RIGHT OF OBJECTION TO DIRECT ADVERTISING
10. DELETION OF DATA
10.2. Under section 257(1) German Commercial Code (HGB) in particular, data (trading books, inventories, opening balance sheets, end-of-year financial statements, commercial correspondence, accounting documents, etc.) must be stored for six years and under section 147(1) German Tax Code (AO) for ten years (accounts, records, management reports, accounting documents, commercial and business correspondence, documents relevant for tax purposes, etc.).
11. PROVISION OF CONTRACTUAL SERVICES
11.1. Within the context of using our online service, we store the IP address and the time of user action. The storage is based on our legitimate interests and is also done to protect users against misuse and other unauthorised use. These data are not transferred onward to third parties at all unless this is necessary for the purpose of pursuing our claims or in order to comply with a legal obligation (Article 6(1) c) GDPR).
11.2. These data are erased after expiry of our statutory guarantee and other comparable obligations; the need for such data to be stored is reviewed every three years; data which are subject to statutory retention periods are erased when these periods expire (expiry of commercial (six years) and tax (ten years) mandatory retention periods); information in customer accounts will remain in storage until erasure.
12.1. When contacting us (via the contact form or email), the user’s details are processed in order to handle the contact request and its settlement in accordance with Art. 6(1) lit. b) GDPR.
12.2. The user data can be stored in our Customer Relationship Management System (“CRM system”) or comparable enquiry system.
12.3. We erase enquiries as soon as they are no longer necessary. We check whether enquiries need to be kept every two years; we store enquiries from customers with a customer account indefinitely and refer for erasure purposes to the information about the customer account. Data which are subject to statutory retention periods are erased when these periods expire (expiry of commercial (six years) and tax (ten years) mandatory retention periods).
13. COLLECTING ACCESS DATA AND LOGFILES
13.1. On the basis of our legitimate interests within the meaning of Art. 6(1) lit. f. GDPR, we collect data on each access to the server on which this service is located (so-called server log files). The access data includes the name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address and the requesting provider.
13.2. Log file information is stored for security purposes (e.g. to clarify abusive or fraudulent use) for a maximum period of seven days after which it is erased. Data that needs to be further stored for evidence purposes is excluded from deletion until the respective incident has been finally clarified.
14. ONLINE PRESENCE IN SOCIAL MEDIA
14.1. In pursuit of our legitimate interests under Article 6(1) f) GDPR we are active in social networks and platforms, where we communicate with and inform active customers, prospective customers and users about our services. Every time the applicable networks and platforms are requested, the terms and conditions of business and data processing regulations of the applicable operators apply.
15. COOKIES & RANGE MEASUREMENT
15.1. Cookies are items of information that are transferred from our web server or third-party web servers to the user’s web browser and stored there for later retrieval. Cookies can be small files or other types of information storage.
15.2. Users are informed within the scope of this privacy statement about how cookies are used for pseudonymous range measurement.
15.3. If users do not wish cookies to be stored on their computer, they are requested to deactivate the relevant option in the system settings of their browser. Stored cookies can be deleted in the browser’s system settings. Please note that the exclusion of cookies can restrict some of the functionalities of this online offering.
17.1. As part of our online offering, we use content or service offerings of third parties on the basis of our legitimate interests (i.e. interest in analysing, optimising and efficiently operating our online offering within the meaning of Art. 6(1) lit. f. GDPR) in order to integrate their content and services, such as videos or fonts (hereinafter jointly referred to as “content”). This always presupposes that the third-party providers of this content can note the user’s IP address, otherwise they would not be able to send the content to the browsers of the aforesaid users without the IP address. The IP address is therefore required for presenting this content. We endeavour to only use the content of providers that use the IP address solely for the distribution of content. Third parties can also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. The pixel tags can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information can also be stored in cookies on the user’s device and can include technical information about the browser and operating system, referring websites, visiting times and other information about the use of our website, and can also be linked to such information from other sources.
17.2. Below is a list of the third-party providers and their contents, along with links to their privacy statements which contain further information on how data is processed and on the opt-out possibilities, some of which have already been named here: