The protection of your private information when using our website is very important to us, PATRIZIA SE. In the following, we would like to provide you with information on the type, scope and purpose of the collection and use of personal data when using our website. A version in other languages is available upon request.
The data protection declaration (including legally required informational content) is divided into three parts:
Information on data protection concerning our data processing under Articles (Art.) 13, 14 and 21 of the General Data Protection Regulation (GDPR). We take data protection seriously; in this section, we would like to provide you with information on how we process your data and what claims and rights you are entitled to under the relevant legal provisions on data protection. In effect from 25 May 2018 onwards.
Tel: +49 821 50910-000
Fax: +49 821 50910-999
and its subsidiaries.
In exceptional cases there may also be a joint controllership with other third parties. This is currently limited to individual constellations in the area of property and facility management.
Contact details of our data protection officer:
HEC Harald Eul Consulting GmbH
Data Protection + Data Security
Harald Eul (PATRIZIA data protection officer)
Auf der Höhe 34
We process personal data in compliance with the provisions of the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG) and other applicable data protection regulations (details in the following). The details of what specific data are processed and the manner in which they are used depend primarily on the respective services requested or agreed. Further details and supplemental information on the purposes of data processing can be found in the respective contractual documents, forms, declarations of consent and/or other information provided to you (e.g. in the context of the use of our website or our terms and conditions). In addition, this data protection information may be updated from time to time.
The processing of personal data takes place for the performance of our contracts with you and the implementation of your orders, as well as for the execution of measures and activities in the context of pre-contractual relationships, e.g. with potential customers. In particular, the processing thus serves to facilitate the performance of services in accordance with your orders and wishes, and encompasses the services, measures and activities this requires. This includes all business activities focusing on real estate (especially acquisition, sale, brokerage, lease-out and management) and investments in real estate (funds and direct investments). These primarily include contract-related communication with you, the traceability of transactions, orders and other agreements, for quality control through corresponding documentation, goodwill procedures, measures for the control and optimisation of business processes, and for the fulfilment of general due diligence obligations, management and control by associated companies (e.g. a parent company); statistical evaluations for corporate management, cost recording and controlling, reporting, internal and external communication, emergency management, settlement and tax evaluation of operational services, risk management, assertion of legal claims and defence in the event of legal disputes; ensuring IT security (including system and plausibility tests) and general security, including building and plant security, safeguarding and exercising domiciliary rights (e.g. through entry controls); ensuring the integrity, authenticity and availability of data, prevention and clarification of criminal offences; controls by supervisory committees or other supervisory bodies (e.g. Internal Audit).
Beyond the actual fulfilment of the contract / preliminary contract, we may potentially process your data if necessary in order to protect our legitimate interests or those of third parties, particularly for the following purposes:
Processing of your personal data for specific purposes (e.g. use of your email address for marketing purposes) can also take place on the basis of your consent. You can generally revoke this consent at any time. This also applies for the revocation of declarations of consent that were issued to us before the GDPR entered into effect, i.e. before 25 May 2018. You will be informed of the purposes and of the consequences of revoking or withholding consent separately in the corresponding text of the consent.
As a general principle, revocations of consent apply only to the future. Instances of processing which took place before the revocation are not affected by it and remain legitimate.
In the same manner as anyone involved in business affairs, we are also subject to numerous legal obligations. These primarily encompass statutory requirements (e.g. commercial law and tax law), but may also include supervisory or other official provisions. The purposes of processing may potentially include identity and age verification, fraud and money laundering prevention, the prevention, combating and detection of terrorism financing and asset-endangering criminal offences, comparisons with European and international antiterrorism lists, the fulfilment of control and reporting requirements under tax law and the archiving of data for purposes of data protection and data security as well as review by tax authorities and other public agencies. In addition, the disclosure of personal data may be necessary in the context of official/judicial measures for purposes of evidence collection, criminal prosecution or the enforcement of civil claims.
If necessary for the performance of our services, we process personal data permissibly obtained from other companies or other third parties (e.g. credit agencies, address publishers, property and facility management). In addition, we process personal data that we have permissibly collected, obtained or acquired from publicly accessible sources (such as telephone directories, commercial registries and registers of associations, civil registers, records of debtors, land registers, press, internet and other media) and are permitted to process.
Relevant personal data categories may include the following in particular:
Within our company, your data are received by the internal departments or organisational units that need them for the fulfilment of our contractual and statutory obligations or in the context of the handling and implementation of our legitimate interests. Your data are shared with external parties exclusively:
We will not share your data with third parties under any other circumstances. If we hire service providers in the context of contracted processing, your data will be subject to the same security standards there as with us. In other cases, the recipients are only permitted to use the data for the purposes for which it was shared with them.
We process and store your data for the duration of our business relationship. This also includes the initiation of a contract (pre-contractual legal relationship) and the execution of a contract.
In addition, we are subject to various obligations of retention and documentation such as those under the German Commercial Code (HGB) and the German Fiscal Code (AO). The periods of retention or documentation specified therein amount to up to ten years beyond the end of the business relationship / pre-contractual legal relationship.
Furthermore, special statutory provisions may require a longer period of retention, such as the retention of evidence within the scope of statutory limitation requirements. While the regular statutory limitation period under sections 195 et seq. of the German Civil Code (BGB) amounts to three years, limitation periods of up to 30 years may be applicable.
If the data are no longer needed for the fulfilment of contractual or statutory obligations and rights, they are normally deleted unless temporary continued processing of them is required for the fulfilment of purposes listed under Section 2.2 on the basis of an overriding legitimate interest. An overriding legitimate interest of this type also exists, for example, if deletion is impossible or only possible with disproportionate effort due to the type of storage and processing for other purposes has been made impossible by means of appropriate technical and organisational measures.
Data are only shared with parties in countries outside the European Union (EU) / the European Economic Area (EEA) (‘third countries’) when this is necessary for the execution of an order/contract from/with you, when required by law (e.g. reporting obligations under tax law), when this falls within the scope of a legitimate interest of us or a third party or when you have given us your consent.
In this context, processing of your data in a third country may also take place in connection with the engagement of service providers (e.g. in the context of contracted processing). If there is no European Commission resolution on the existence of an appropriate level of data protection for the country in question, then we will ensure that your rights and freedoms are appropriately protected and guaranteed by means of corresponding contracts in accordance with EU data protection provisions. We can provide you with corresponding detailed information on request.
Information on the suitable or appropriate guarantees and the possibility of obtaining a copy for you can be requested from the company data protection officer.
Subject to specific requirements, you can assert your data protection rights against us:
Whenever possible, your applications for the exercise of your rights should be made in writing and addressed to the address provided above or directly to our data protection officer.
You only need to provide the data which is required for the establishment and implementation of a business relationship or for a pre-contractual relationship with us or which we are obligated by law to collect. Without these data, we are generally unable to conclude or implement the contract. This can also pertain to data required later within the scope of the business relationship. If we request any data beyond this from you, you will be separately informed of the voluntary nature of providing the information.
We do not employ any purely automatic decision-making procedures as defined in Article 22 GDPR. If we employ any such procedure in individual cases in the future, however, we will inform you of this separately if legally required to do so.
We may potentially process your data in some cases with the goal of evaluating specific personal characteristics (profiling).
We may potentially employ evaluation tools in order to be able to provide you with information on products and advise you in a targeted manner. These facilitate needs-oriented product design, communication and advertising including market and opinion research.
Such procedures may also be employed in order to be able to evaluate your creditworthiness and for combating money-laundering and fraud. ‘Scores’ may be used to evaluate your creditworthiness. In the event of scoring, mathematical procedures are employed to calculate the probability that a customer will meet their payment obligations in compliance with the contract. Scores like this provide us with assistance for purposes such as the evaluation of creditworthiness and decision-making in the context of product conclusions, and are also taken into consideration by our risk management. The calculation is based on recognised and proven statistical mathematical procedures and is carried out based on your data, particularly income situation, expenses, existing liabilities, profession, employer, duration of employment, experiences from previous business relationships, contractually compliant repayment of past loans and information from credit agencies.
Information on nationality and special categories of personal data as defined in Art. 9 GDPR are not processed in this context.
1. You have the right to lodge an objection to the processing of your data on the basis of Art. 6 (1f) GDPR (data processing on the basis of a balancing of interests) or Art. 6 (1e) GDPR (data processing in the public interest) if there are reasons for doing so which originate from your specific situation. This also applies for any profiling based on this determination within the meaning of Art. 4 No. 4 GDPR. If you lodge an objection, we will no longer process your personal data unless we can produce evidence of compelling reasons worth protecting for the processing which outweigh your interests, rights and freedoms, or if the processing serves the purpose of the assertion, exercise or defence of legal claims.
2. We also may potentially process your personal data in order to conduct direct advertising. If you would not like to receive any advertising, however, you have the right to lodge an objection to it at any time. This also applies to profiling, insofar as it is connected with direct advertising of this type. We will comply with this objection in the future.
We will no longer process your data for direct advertising purposes if you object to processing for these purposes. The objection does not need to be made in accordance with any specific formal requirements, and should be directed to the following address if possible:
86150 Augsburg, Germany
Tel: +49 821 50910-000
Fax: +49 821 50910-999
and its subsidiaries.
Our data protection declaration and the information on data protection concerning our data processing under Articles (Art.) 13, 14 and 21 of the GDPR may change from time to time. We will publish all changes on this page.
The responsible party for data collection, data processing and data use in connection with the use of our internet offering is PATRIZIA SE and its subsidiaries.
The use of our website does not require prior registration except in the institutional login area. When you visit our website, we collect and process the information that you automatically share with us digitally (see Section 3) and/or personal data (see Section 4).
When you visit our website or use our services, the device you are using and the internet browser you use to access our website automatically transmit log data to our server. This log data particularly includes the names of the files accessed (web pages), the volume of data transferred, the type and version of the web browser used, the operating system used (type and version), the date and time the website is accessed, the referrer URL (the website from which you were sent to our website via a link) and the IP address of the requesting computer. After it is no longer technically required for accessing the website, the IP address is stored for statistical evaluation exclusively in abbreviated (anonymised) form.
The automatically transmitted data described above is collected and evaluated exclusively for the purpose of the proper and optimal presentation of the information offered and for the purpose of statistical evaluations. It is not possible for us to assign the data automatically transmitted to the server to specific natural persons, i.e. it is fundamentally impossible to directly identify you based on the automatically transmitted data. We would like to inform you, however, of the fact that with the cooperation of your internet access provider, it could theoretically be possible to determine the holder of the internet connection through which you access our site over a specific period of time on the basis of the transmitted IP address. Information on the duration of the storage of used and assigned IP addresses by the internet access provider is provided by your internet access provider.
We collect, process and use personal data such as names, addresses, telephone numbers and email addresses on this website only for the purpose of contract execution and for the protection of our own legitimate business interests in regard to advice and support for our clients. Apart from this, we use your voluntarily provided data exclusively for the purpose for which you shared it with us. Your data will only be used for the additional purposes of further offers or marketing purposes if you provide us with your consent to use them for these purposes as well. Your personal data will be deleted as soon as knowledge of them is no longer necessary for fulfilling the purpose of storage, but no later than the complete execution of the contract and the expiration of the periods stipulated under tax and commercial law.
a) Contact form
You have the option of contacting us through the provided email address. As a matter of course, providing personal information in this manner is voluntary. The personal data you share in this context are used exclusively for handling your inquiry, insofar as you have not separately consented to the use of your data beyond this purpose. If you use our contact form in the Shareholders area to contact us, the data entered from your PC are transferred encoded in line with the latest technical standard (SSL) to protect it against misuse by third parties.
b) Sharing with third parties
Personal data transmitted when using our website are only shared in consideration of the strict requirements of the German Federal Data Protection Act, namely if you have given consent to the data being shared in advance, if we have the right to do so on the basis of statutory provisions and/or if we are obligated to share the data on the basis of laws, regulations or official or judicial orders. As a general principle, data are not shared with third parties for advertising purposes.
c) Information, correction, locking, deletion
You have the right to request information on the personal data stored about you, the recipients or categories of recipients with whom these data are shared and the purpose of storage from us free of charge. In addition, you may potentially have a right to the correction, locking or deletion of personal data subject to the applicable legal requirements. Contact information can be found in our legal notice.
We also use a cookie as part of our disclaimer for accessing protected pages of our website (e.g. web pages for real estate funds) which is activated when you confirm the disclaimer by selecting the check box and clicking ‘Confirm’ and makes it possible for you to navigate within protected pages. This cookie is automatically deleted again when the browser window is closed.
This website uses heatmap.me, a web analysis tool from HeatMap, Inc., 6724 Monroe Ave, Eldersburg, MD 21784, USA. This tool records the interactions of anonymised, randomly selected individual visitors with the website. This produces a log of, for example, mouse clicks and the use of individual page elements (no keyboard activity) with the goal of pointing out possibilities for the optimisation of the website. In addition, information on the operating system and browser, as well as the resolution and type of device, links to domains, geographic location, pages visited and the date and time at which the website was accessed is recorded for statistical purposes.
This information is not personal and is not shared with third parties by heatmap.me. The sole purpose of collecting your page navigation information is to improve your experience with the use of our website and web services. If you would not like your activity to be recorded, you can deactivate this by activating the ‘do not track’ header in your browser. Information on this can be found on the following page: https://heatmap.me/privacy
c) Social plugins
Our website makes use of plugins from social networks (Twitter, Facebook etc.). Every time you access a page of our website that contains a plugin of this type, the plugin causes the browser you are using to load and display the visual presentation of the plugin from the server of the social network. When this happens, the social network server is informed of which specific page of our website you are visiting and further data such as your IP address.
In order to guarantee an appropriate standard of data protection for our website, we have thus initially deactivated these plugins with the associated buttons and added a brief data protection notice.
We have no influence over the scope of the data that social networks collect using these plugins. For more information, please consult the data protection notices of the respective social networks:
If you are not satisfied with the data protection measures presented here or still have questions regarding the collection, processing and/or use of your personal data, we would be happy to hear from you. We will do our best to answer your questions as quickly as possible and to implement your suggestions. Please contact us at datenschutz-patrizia(at)he-c.de.
d) LinkedIn Insight Tag
This website uses the conversion tool "LinkedIn Insight Tag" from LinkedIn Ireland Unlimited Company. This tool creates a cookie in your web browser that enables the collection of information including: referrer URL, IP address, device and browser characteristics and page events (e.g., page views), LinkedIn demographic information if the user is an active LinkedIn member, and timestamps. IP addresses are truncated or (if used to reach members across devices) hashed.
This technology allows us to generate reports on the performance of our ads and website interaction information. To do this, the LinkedIn Insight tag is embedded in this website, which connects to the LinkedIn server when you visit this website and are logged into your LinkedIn account.
We process the data to evaluate campaigns and collect information about website visitors who may have reached us through our campaigns on LinkedIn. The legal basis of the processing is Art. 6 para 1 sentence 1 lit. a. DSGVO.
The direct identifiers of members will be removed within seven days in order to pseudonymise the data. This remaining pseudonymised data will then be deleted after 180 days, unless you have already revoked your consent beforehand.
This Data Protection Declaration applies for all websites and services or offers for which PATRIZIA AG and its subsidiaries are responsible. This Data Protection Declaration does not apply to services which are subject to separate data protection declarations which do not encompass the present Data Protection Declaration, such as pages which fall under the responsibility of efonds Solution AG.
If you access an external website from our site (external link), the external provider will potentially receive information from your browser on which of our web pages you are coming from. The external provider is responsible for these data. We are unable to influence this process, as are all other website providers.
PATRIZIA employs both technical and organisational security measures to protect the data you have provided from random or intentional manipulation, loss, destruction or access of unauthorised persons. Where personal data are collected and processed, the information is transferred in encoded form to prevent misuse of the data by third parties. Our security measures are continually updated in line with technological developments. Our employees are obligated to maintain confidentiality.
Information on data protection concerning our processing of applicant data under Articles (Art.) 13, 14 and 21 of the General Data Protection Regulation (GDPR), available here for download in PDF format.
Your trust is important to us. If you have any questions that this Data Protection Declaration could not answer for you or if you would like more detailed information on a specific point, please contact our data protection officer at any time. As a matter of course, we will fulfil your standardised right to information in this regard.
Contact details of our data protection officer:
HEC Harald Eul Consulting GmbH
Data Protection + Data Security
Harald Eul (PATRIZIA data protection officer)
Auf der Höhe 34
Occasional adjustments must be made to our data protection declaration in response to the continual development of the Internet. We reserve the right to make appropriate amendments at any time.
Last updated: 04 February 2020