Privacy policy
We are legally obliged to inform you about the processing of your personal data (hereinafter referred to as "data") when you use our website. This data protection notice informs you about the details of the processing of your data and your legal rights in this regard. For terms such as "personal data" or "processing", the legal definitions from Art. 4 GDPR are authoritative. We reserve the right to adapt the privacy policy with effect for the future, in particular in the event of further development of the website, the use of new technologies or changes to the legal basis or the corresponding case law. We recommend that you read the privacy policy from time to time and take a printout or copy for your records.
This data protection information applies to all pages of www.derag.de. It does not extend to any linked websites or internet presences of other providers. Insofar as reference is made in this data protection information to the Telecommunications and Digital Services Privacy Protection Act (hereinafter: TDDDG), this applies accordingly to the national laws of other member states with which Art. 5 Para. 3 of the ePrivacy Directive (Directive 2002/58/EC) was implemented.
Responsible for the processing of personal data within the scope of this privacy policy is
DERAG Deutsche Realbesitz AG + Co. KG
Fraunhoferstrasse 2
80469 Munich
Phone: +49 89 23701-250
Fax: +49 89 23701-299
Email: info@derag.de
Web: www.derag.de
If you have any questions about data protection with regard to our company or our website, you can contact our data protection officer:
SPIRIT LEGAL Fuhrmann Hense Partnerschaft von Rechtsanwälten
Lawyer and data protection officer
Peter Hense
Postal address:
Data Protection Officer
c/o DERAG Deutsche Realbesitz AG + Co. KG
Hotel Headquarters
Fraunhoferstrasse 2
80469 Munich
Contact us via the encrypted online form:
Contact data protection officer
We have taken comprehensive technical and organizational precautions to protect your personal data from unauthorized access, misuse, loss and other external interference. To this end, we regularly review our security measures and adapt them to the state of the art.
You have the following rights with regard to the personal data concerning you, which you can assert against us:
Right to information: You can request information in accordance with Art. 15 GDPR about your personal data that we process.
Right to rectification: If the information concerning you is not (or no longer) accurate, you can request rectification in accordance with Art. 16 GDPR. If your data is incomplete, you can request that it be completed.
Right to erasure: You can request the erasure of your personal data in accordance with Art. 17 GDPR.
Right to restriction of processing: In accordance with Art. 18 GDPR, you have the right to request that the processing of your personal data be restricted.
Right to object to processing: You have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data which is based on point (e) or (f) of Article 6(1) GDPR pursuant to Article 21(1) GDPR. In this case, we will no longer process your data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms. Further processing will also take place if the processing serves the assertion and exercise of or defense against legal claims (Art. 21 para. 1 GDPR). You also have the right to object at any time to the processing of your personal data for the purpose of direct marketing in accordance with Art. 21 para. 2 GDPR; this also applies to any profiling insofar as it is associated with such direct marketing. We draw your attention to the right to object in this privacy policy in connection with the respective processing.
Right to withdraw your consent: If you have given your consent for processing, you have the right to withdraw your consent in accordance with Art. 7 (3) GDPR.
Right to data portability: You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format ("data portability") and the right to transmit this data to another controller if the requirements of Art. 20 para. 1 lit. a, b GDPR are met (Art. 20 GDPR).
You can assert your rights by notifying us using the contact details provided in the "Controller" section or by contacting the data protection officer appointed by us. If you believe that the processing of your personal data violates data protection law, you also have the right to lodge a complaint with a data protection supervisory authority of your choice in accordance with Art. 77 GDPR. This also includes the data protection supervisory authority responsible for the controller:
Bavarian State Office for Data Protection Supervision, Promenade 18, 91522 Ansbach, postal address: Postfach 1349, 91504 Ansbach, telephone: 0981/180093-0, e-mail: poststelle@lda.bayern.de, https://www.lda.bayern.de.
In principle, you can use our website for purely informational purposes without disclosing your identity. When accessing the individual pages of the website in this sense, only access data is transmitted to our web space provider so that the website can be displayed to you. The following data is processed:
Protocols (browser type/browser version),
Date and time of access,
Host name of the accessing end device,
IP address (anonymized),
Content of the request (specific web pages accessed),
Access status/HTTP status code,
Websites that are accessed via the website,
Referrer URL (the previously visited website),
Message as to whether the call was successful (error logs),
User Agent and
Amount of data transferred.
The temporary processing of this data is necessary to technically enable the course of a website visit and delivery of the website to your end device. The access data is not used to identify individual users and is not merged with other data sources. Further storage in log files takes place in order to ensure the functionality of the website and the security of the information technology systems. The legal basis for processing is Art. 6 para. 1 sentence 1 lit. f) GDPR. Our legitimate interests lie in ensuring the functionality of the website and the integrity and security of the website. Storing access data in log files, in particular the anonymized IP address, for a longer period of time enables us to detect and prevent misuse. This includes, for example, the defense against requests that overload the service or any bot usage. The access data is deleted as soon as it is no longer required to achieve the purpose for which it was processed. In the case of the collection of data for the provision of the website, this is the case when you end your visit to the website. The log data is always stored directly and only accessible to administrators and is deleted after seven days at the latest. After that, it is only available indirectly via the reconstruction of backup tapes and is permanently deleted after a maximum of four weeks. The anonymized IP addresses are deleted by the hosting service provider after 60 days at the latest.
Pursuant to Section 25 (1) TDDDG, we generally require your consent to use these technologies. According to Section 25 (2) TDDDG, such consent is only not required if the technologies either enable the transmission of a message via a public telecommunications network or if they are absolutely necessary in order to provide a telemedia service expressly requested by you:
Some elements of our website serve the sole purpose of transmitting a message (§ 25 para. 2 no. 1 TDDDG) or are absolutely necessary in order to make our website or individual functionalities of our website available to you (§ 25 para. 2 no. 2 TDDDG):
Language settings,
User preferences
Item in shopping cart,
Online forms
Load balancer
Log-in information.
The elements are deleted after storage is no longer required.
You can prevent processing by making the appropriate settings in your browser software. In the case of elements whose storage duration is not limited to the session, you can delete the elements in the settings of your browser software after your session has expired.
We also use elements on the website that are not technically necessary. We only use these technologies with your consent in accordance with the legal requirements. Information on the individual technologies and functions can be found in our "Privacy settings" (https://derag.de/#cmpscreen) within the consent management platform ("cookie banner") and sorted by individual functions in the following information.
We use a consent management platform ("cookie banner") to request consent for the processing of your device information and personal data using cookies or other tracking technologies on our website. This gives you the option of consenting to or rejecting the processing of your device information and personal data using cookies or other tracking technologies for the purposes listed. Such processing purposes may statistical analysis or reach measurement.
You can give or refuse your consent for all processing purposes or give or refuse your consent for individual purposes or individual third-party providers.
The settings you have made within the consent management platform can also be changed by you retrospectively. The purpose of integrating the consent management platform is to allow users of our website to decide on the setting of cookies and similar functionalities and to offer the option of changing settings that have already been made as part of the further use of our website. In the course of using the Consent Management Platform, we process personal data and information about the end devices used. The information about the settings you have made is also stored on your device.
The legal basis for the processing is Art. 6 para. 1 sentence 1 lit. c) GDPR in conjunction with Art. 7 para. 1 GDPR. Art. 7 para. 1 GDPR, insofar as the processing serves to fulfil the legally standardized obligations to provide evidence for the granting of consent. Otherwise, Art. 6 para. 1 sentence 1 lit. f) GDPR is the relevant legal basis. Our legitimate interests in the processing lie in the storage of user settings and preferences in relation to the use of cookies and the evaluation of consent rates.
At the end of twelve months after the user settings have been made, a new request for consent will be made. The user settings made will then be saved again for this period, unless you delete the information about your user settings in the terminal device capacities provided for this purpose yourself beforehand.
The recipients of the personal data processed are the provider of the consent management platform we use:
consentmanager GmbH (Eppendorfer Weg 183, 20253 Hamburg) with regard to the consent management platform "consentmanager".
When you contact our company, e.. by e-mail on the website, the personal data you provide will be processed by us in order to respond to your inquiry. In order to process inquiries, it is mandatory to provide a valid e-mail address at which we can reach you for the purpose of answering your inquiry; further information is provided voluntarily. The legal basis for the processing is Art. 6 para. 1 sentence 1 lit. f) GDPR or Art. 6 para. 1 sentence 1 lit. b) GDPR if the contact is aimed at concluding a contract. If the request is aimed at concluding a contract, the provision of your data is required and mandatory. If you do not provide the aforementioned data, it will not be possible to conclude or execute a contract or process your request. We delete the data collected in this context after processing is no longer necessary - usually two years after the end of communication - or, if necessary, restrict processing to compliance with existing mandatory statutory retention obligations.
We use web hosting services from the provider "Framer" (Framer B.V., Rozengracht 207B, 1016 LZ Amsterdam, Netherlands; hereinafter referred to as "Framer"), which serve to provide the following services: Framer) to provide the following services: Infrastructure and platform services, computing capacity, storage resources, security and technical maintenance services. For these purposes, all data - including the access data and end device information mentioned under "Use of our website" - that is required for the operation and use of our website is processed.
The legal basis for the processing is Art. 6 para. 1 sentence 1 lit. f) GDPR. By using hosting services, we are pursuing our legitimate interests in the efficient and secure provision of our website. "Framer" also processes some of the data in countries outside the EU. We have therefore concluded so-called standard contractual clauses with Framer in order to commit Framer to an appropriate level of data protection. You can obtain a copy of the standard contractual clauses at https://www.framer.com/legal/data-processing-addendum. Further information on data processing at "Framer" can be found at: https://www.framer.com/legal/privacy-statement.
We use the Framer Analytics analysis functions of the “Framer” software (Framer B.V., Rozengracht 207B, 1016 LZ Amsterdam, Netherlands; hereinafter referred to as “Framer”) to optimize our website for user interests: Framer). Framer uses so-called “cookies”, which are stored on your end device for recognition, as well as similar tracking methods for recognizing end devices, such as tracking pixels, in order to process information from your end device across websites. For this purpose, your device is assigned a randomly generated, pseudonymized identification number (visitor ID). Framer uses these technologies to process the information generated about the use of our website by your device as well as access data for the purpose of statistical analysis - e.g. information on accessing a specific web page, number of visitors, entry and exit pages, length of stay, click, swipe and scroll behavior, button clicks, bounce rates, UTM parameters (Urchin Traffic Monitor) and similar user interactions with our website. UTM parameters are text additions that are appended to the end of the URL of a link in order to track the success of a marketing or advertising activity across websites. The access data includes, in particular, the pseudonymized IP address, browser and device information (e.g. browser type/version), visitor ID/device ID, the previously visited website, duration of the website visit, websites visited, country identifiers and the date and time of the respective server request. Framer's servers only process pseudonymized IP addresses that have previously been supplemented with a randomly generated, daily changing random value (salt). This enables Framer to recognize how often you have visited our website in a day. Framer processes this information to evaluate your use of the website and to compile reports on website activity for us in a dashboard. With regard to the storage of and access to information in your terminal device, your consent is the legal basis in accordance with Section 25 (1) TDDDG; for further processing, your consent is also the legal basis in accordance with Art. 6 (1) sentence 1 lit. a) GDPR. “Framer” also processes some of the data in countries outside the EU. We have therefore concluded so-called standard contractual clauses with Framer in order to oblige Framer to an appropriate level of data protection. You can obtain a copy of the standard contractual clauses at https://www.framer.com/legal/data-processing-addendum/. Your data in connection with Framer will be deleted after 12 months at the latest. Further information on data protection at Framer can be found at: https://www.framer.com/legal/privacy-statement/.
