PRIVACY­­INFORMATION

In the following, we inform you about the processing of your personal data by us and the claims and rights to which you are entitled under data protection regulations, in particular the European General Data Protection Regulation (GDPR).

This data protection information explains the type, scope and purpose of the processing of personal data within our website (hereinafter “website”). The data protection information applies regardless of the domains, platforms and devices used (e.g. desktop, mobile, etc.).

Personal data within the meaning of the GDPR is all data that can be related to you personally, e.g. name, address, e-mail addresses, user behavior. Which data is processed in detail and how it is used depends largely on the services you use with us.

In our data protection information, we use various other terms within the meaning of the GDPR. These include terms such as processing, restriction of processing, profiling, pseudonymization, controller, processor, recipient, third party, consent, supervisory authority and international organization. You can find the corresponding definitions for these terms in Art. 4 GDPR.

1. Who is responsible for data processing and who can I contact?

The responsible body is:

Velero Immobilien GmbH
Hardenbergstraße 32
10623 Berlin

Phone number: +49 (0) 30 / 21 30 01 9 – 00
Fax: +49 (0) 30 / 21 30 01 9 – 99

Email: info@velero.com
Website: www.velero.com

You can reach our company data protection officer at:

mip Consult GmbH
Rechtsanwalt Asmus Eggert
Wilhelm-Kabus-Straße 9
10829 Berlin

Phone number: +49 (0) 30 / 20 88 999 – 0
Email: datenschutz@velero.com
Website: www.mip-consult.de

2. What sources and data do we use?

We process personal data that we receive from you as part of your use of our website and, where applicable, our business relationship.

If you use the website purely for information purposes, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. When you visit our website, we collect the following access data, which is technically necessary for us to display our website to you and to ensure stability and security. The access data includes the IP address, date and time of the request, time zone difference to Greenwich Mean Time (GMT), content of the request (i.e. name of the specific website accessed), access status/HTTP status code, amount of data transferred in each case, referrer URL (previously visited page), operating system and its interface, language and version and type of browser software, notification of successful access.

We also receive your personal data if you contact us by contact form or e-mail. Personal data here includes, for example, title, name, e-mail, tenant number, address, telephone number and, if applicable, the data that you send us as a message (hereinafter referred to as “contact data”). Please note that we cannot guarantee complete data security when communicating by e-mail, so we recommend that you send information requiring a high level of confidentiality by post.

3. What do we process your data for (purpose of processing) and on what legal basis?

We process personal data in accordance with the provisions of the European General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG) for the following purposes and on the basis of the following legal bases:

Purposes:
If you have given us your consent to process personal data for specific purposes, in particular for contacting you (e.g. by e-mail for processing and handling your inquiry, sending newsletters, advertising by telephone, e-mail, SMS, etc.), the lawfulness of this processing is based on your consent
Any consent given can be revoked at any time. Please note that the revocation is only effective for the future. Processing that took place before the revocation is therefore not affected by the revocation. The revocation can be sent to the contact details above or to datenschutz@velero.com.

Legal basis: Consent. Art. 6 para. 1 sentence 1 lit. a) GDPR

Purposes:
When contacting us (via contact form or e-mail), your data will be processed in addition to any consent given to process the contact request and its handling on the basis of the implementation of pre-contractual measures, Art. 6 para. 1 sentence 1 lit. b) GDPR.

Legal basis: Implementation of pre-contractual measures at the request of the person, Art. 6 para. 1 sentence 1 lit. b) GDPR

Purposes:
When contacting us (via contact form or email), your data will be processed on the basis of the implementation of pre-contractual measures, Art. 6 para. 1 sentence 1 lit. b) GDPR, in addition to any consent given to process the contact request and its processing.

Legal basis: As part of the balancing of interests to safeguard legitimate interests, Art. 6 para. 1 sentence 1 lit. f) GDPR, and § 25 para. 2 no. 2 TTDSG; consent, § 25 para. 1 TTDSG, Art. 6 para. 1 sentence 1 lit. a GDPR

Purposes:
When you contact us (via contact form or e-mail) in connection with your application, we process your data in order to check your suitability for the position (or any other open positions in our company) and to carry out the application process. Your application data will be reviewed by the HR department after receipt of your application. Suitable applications will then be forwarded internally to the department responsible for the respective open position. They will then decide on the next steps. Within the company, only those persons have access to your data who need it for the proper course of our application procedure.

Legal basis: Establishment of an employment relationship, § 26 BDSG and after completion of the application procedure in the event of rejection to safeguard legitimate interests, Art. 6 para. 1 sentence 1 lit. f) GDPR (defense against claims), if applicable, if consent has been given, Art. 6 para. 1 sentence 1 lit. a) GDPR

Purposes:

We process your access data (see data listed above under point 2) to protect our legitimate interests or those of third parties. In particular, we pursue the following legitimate interests:

  • Ensuring IT security, in particular the security of the website;
  • Advertising or market and opinion research, provided you have not objected to the use of your data;
  • Assertion of legal claims and defense in legal disputes

Legal basis: As part of the balancing of interests to safeguard legitimate interests, Art. 6 para. 1 sentence 1 lit. f) GDPR

4. Who receives my data?

Within our company, those departments that require your data to fulfill our contractual and legal obligations will have access to it.

Processors employed by us (Art. 28 GDPR) may also receive data for the above-mentioned purposes. These are companies in the categories of IT services, logistics, printing services, telecommunications, debt collection, advice and consulting as well as sales and marketing. If we use processors to provide our services, we take appropriate legal precautions and appropriate technical and organizational measures to ensure the protection of personal data in accordance with the relevant legal regulations.

Data is only passed on to third parties who are not processors in accordance with the legal requirements. We only pass on user data to third parties if this is necessary, for example, on the basis of Art. 6 para. 1 sentence 1 lit. b) GDPR for contractual purposes or on the basis of legitimate interests pursuant to Art. 6 para. 1 sentence 1 lit. f) GDPR in the economic and effective operation of our business operations or if you have consented to the transfer of data. When using the website for purely informational purposes, we do not pass on any data to third parties.

 

5. How long will my data be stored?

5.1 Access data
For security reasons (e.g. to investigate misuse or fraud), log file information is stored for a maximum of seven days and then deleted (see point 2 above). Data whose further storage is required for evidentiary purposes is excluded from deletion until the respective incident has been finally clarified.

5.2 (Pre-)contractual measures
Where necessary, we process and store your personal data for the duration of our business relationship, which also includes, for example, the initiation and execution of a contract via the contact form or by email.

5.3 Applicant data
Applicant data will be deleted after 6 months in the event of a rejection. In the event that you have consented to further storage of your personal data, we will transfer your data to our applicant pool. The data will be deleted there if you revoke your consent or after 2 years at the latest. If we fill the advertised position with you, your data will be stored in our personnel management system.

5.4 Statuory retention periods
In addition, we are subject to various retention and documentation obligations, including those arising from the German Commercial Code (HGB) and the German Fiscal Code (AO). The retention and documentation periods specified there are two to ten years.

5.5 Limitation periods
Finally, the storage period is also assessed according to the statutory limitation periods, which, for example, according to §§ 195 ff. of the German Civil Code (BGB), are generally 3 years, but in certain cases can also be up to thirty years, whereby the regular limitation period is three years.
If you assert your rights as a data subject, we will store the information provided to you in this regard until the expiry of the statutory limitation period in accordance with Section 31 (2) No. 1 OWiG, Section 41 (1) BDSG, Art. 83 (5) lit. b GDPR for 3 years. This period may be extended if the statutory limitation period is extended due to interruptions of the limitation period (e.g. in the context of inquiries by the supervisory authorities).

5.6 Cookies and comparable technologies
See section 10.

Is data transferred to a third country or to an international organization?

The data provided will be processed within the European Union and in the USA. Please note that with recipients of your data for countries without an adequacy decision by the Commission pursuant to Article 45 GDPR, we ensure that we have agreed EU standard data protection clauses with these recipients or that we obtain your consent for the data transfer. When transferring data to the USA, we ensure that the recipients of the data are certified in accordance with the EU-U.S. Data Privacy Framework or that we agree EU standard data protection clauses with recipients without certification. In the latter case, we take additional measures to ensure adequate protection. This is in order to protect your data and to achieve an appropriate level of protection for your personal data.

7. What data protection rights do I have?

Each person concerned has:

  • the right to information in accordance with Art. 15 GDPR (i.e. you have the right to request information about your personal data stored by us at any time),
  • the right to rectification pursuant to Art. 16 GDPR (i.e. in the event that your personal data is incorrect or incomplete, you can request the rectification of this data),
  • the right to erasure pursuant to Art. 17 GDPR and the right to restriction of processing pursuant to Art. 18 GDPR (i.e. you may have the right to request the erasure or restriction of processing of your personal data if, for example, there is no longer a legitimate business purpose for such processing and statutory retention obligations do not require further storage),
  • the right to data portability under Art. 20 GDPR (i.e. you may have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and to transmit those data to another controller without hindrance).

Furthermore, you can revoke your consent with effect for the future.

You also have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR in conjunction with Section 19 BDSG). You can find the supervisory authority responsible for you at https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html
We would also like to draw your attention to your right to object in accordance with Art. 21 GDPR:

Information about your right to object in accordance with Art. 21 GDPR

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Article 6 (1) sentence 1 (e) GDPR (data processing in the public interest) and Article 6 (1) sentence 1 (f) GDPR (data processing on the basis of a balancing of interests).

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defense of legal claims.

In individual cases, we process your personal data for direct marketing purposes. You have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct advertising. If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes.

The objection can be made informally and no costs other than the transmission costs according to the basic rates will be incurred.
If you wish to make use of your right to object, an informal notification, e.g. to the above-mentioned contact details, is sufficient.

8. To what extent is there automated decision-making in individual cases, including profiling?

When you access our website or contact us by form or email, we generally do not use fully automated decision-making pursuant to Article 22 GDPR. If we use these procedures in individual cases, we will inform you of this separately if this is required by law. We do not process your data automatically with the aim of evaluating certain personal aspects (profiling).

9. Do I have an obligation to provide data?

As part of our website, you must provide the personal data that is technically necessary for the use of our website or for IT security reasons. If you do not provide this data, you will not be able to use our website.
When contacting us by form or email, you only need to provide the personal data that is required to process your request. Otherwise we will not be able to process your request.

10. Cookies and comparable technologies

10.1 General information

We ourselves and the service providers we use process personal data on this website and use cookies and similar technologies, such as web storage or web beacons, in this context. These technologies can store information on your device or access information that is stored on your device (so-called client-based tracking).

Cookies are stored in the browser on the user’s device. They contain information that is stored about a visited page. The cookie is either sent to the browser by the web server or generated in the browser by a script (JavaScript). The web server can read this cookie information directly on subsequent visits to this page or transmit the cookie information to the server via a script on the website. If cookies are set, they generally collect and process certain user information such as browser and location data and IP address values to an individual extent. Some of these cookies are essential for the functioning of our website, while other cookies help us to improve our website by providing us with insights into how you use the website.

With web storage, information is stored locally in the cache of your browser. The stored information is either automatically deleted again after the browser window is closed (“session storage”) or remains there so that it can be read again when you visit the website again (“local storage”), unless you delete your browser cache (“browser data”).

Web beacons are 1×1 pixel-sized graphics that are integrated into websites or emails (newsletters) in various ways and are also used to collect and analyze user data.

By default, we only use necessary cookies. Necessary cookies enable the core functionalities of our website. The website cannot be displayed correctly without these cookies or individual areas may not function properly. Necessary cookies can only be prevented by making the appropriate settings in your browser.

We only use cookies that are not necessary for the website to function (“non-essential cookies”) if you have given your consent via our cookie banner. You can return to our data protection information at any time and withdraw your consent or make changes.
Click here for information on the cookies and similar technologies we use:

Change cookie settings

Alternatively, you can prohibit the storage of cookies individually via the settings of your browser (you can find out how to set the cookie handling on the browser’s help page). You can find help on cookie management in the most common browsers at the following addresses:

Mozilla Firefox:
https://support.mozilla.org/de/kb/cookies-loeschen-daten-von-websites-entfernen

Internet Explorer:
https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies

Google Chrome:
https://support.google.com/accounts/answer/61416?hl=de

Opera:
http://www.opera.com/de/help

Safari:
https://support.apple.com/kb/PH17191?locale=de_DE&viewlocale=de_DE

Microsoft Edge:
https://support.microsoft.com/de-de/microsoft-edge/cookies-in-microsoft-edge-l%C3%B6schen-63947406-40ac-c3b8-57b9-2a946a29ae09

Please note that deactivating cookies can lead to functional restrictions on this website.

10.2 Consent management

A consent banner is displayed when you first visit our website so that you can manage your consents conveniently. You will be given the opportunity to find out about the use of cookies and similar technologies and the processing of personal data on our website and to give your consent to services requiring consent. In this context, the IP address and geographical location, the opt-in and opt-out data, the referrer URL, the user agent, your user settings, a consent ID, as well as the time of consent and the type of consent are collected.

If you have given us your consent to set cookies and similar technologies and to process your data, you can revoke your consent at any time via the cookie settings in the footer of our website with effect for the future.

10.3 Matomo

We use the web analysis service Matomo to analyze and regularly improve the use of our website. We can use the statistics obtained to improve our offer and make it more interesting for you as a user. The legal basis for the use of Matomo is your consent in accordance with Art. 6 para. 1 sentence 1 lit. a) GDPR.

Cookies are stored on your computer for this analysis. We store the information collected in this way exclusively on our servers in Germany, i.e. third parties have no access to this data.

If you consent to web analysis using Matomo, the following data will be collected when you access individual pages of our website:

  • Abbreviated IP address of the user’s accessing system,
  • the website accessed,
  • the website from which the user came to the accessed website (referrer)
  • the subpages that are accessed from the accessed website
  • the time spent on the website,
  • the frequency with which the website is accessed.

You can prevent the storage of cookies either by rejecting them in our cookie banner or by deleting any existing cookies on your computer. You can also prevent the storage of cookies by selecting the appropriate settings in your browser.

This website uses Matomo with IP anonymization. This means that IP addresses are further processed in abbreviated form, so that they cannot be directly linked to individuals. The IP address transmitted by your browser via Matomo is not merged with other data collected by us.

The Matomo program is an open source project. Information from the third-party provider on data protection can be found at http://matomo.org/privacy-policy.

10.4 Adobe TypeKit Fonts

We use the font directory Adobe TypeKit Fonts, a service of Adobe Inc. Responsible for the European area is the Irish company Adobe Systems Software Ireland Companies, 4-6 Riverwalk, Citywest Business Campus, Dublin 24, Ireland.

In order to provide the “Adobe Fonts” service for websites, Adobe may collect information about the fonts or typefaces provided for the website. The information is used for billing and compliance purposes and may include the following

  • Account ID (identifies the customer from which the web project originated)
  • Service that provides the fonts (e.g. Adobe Fonts)
  • Server providing the fonts (e.g. Adobe Fonts server or corporate CDN)
  • Host name of the page on which the fonts are loaded
  • IP address (the IP address is transmitted so that the font can be delivered correctly; however, it is not saved)

By giving your consent via our cookie banner, you consent to the processing of this data by Adobe.
Further information can be found in Adobe’s data protection information at https://www.adobe.com/de/privacy.html.

10.5 Usage of Google Maps

On this website, we use the Google Maps service provided by Google Ireland Limited (registration number: 368047), Gordon House, Barrow Street, Dublin 4, Ireland.

This enables us to show you interactive maps directly on the website and allows you to use the map function conveniently.

When you visit our website, Google receives the information that you have accessed the relevant sub-page of our website, as well as the date and time of your visit to the website in question and your IP address. This takes place regardless of whether you are logged in to Google. However, if you are logged in, your data will be assigned to your account. If you do not wish to be associated with your Google profile, you must log out before activating a map.

Google stores your data as user profiles and uses them for the purposes of providing the services, maintaining and improving the services, measuring performance, developing new services and providing personalized services, including content and advertisements. You have the right to object to the creation of these user profiles, whereby you must contact Google to exercise this right.

The processing of the data is a joint responsibility between Google and us in accordance with Art. 26 GDPR. It has been agreed with Google that the primary responsibility under the GDPR for the processing of personal data lies with Google and that all obligations under the GDPR with regard to the processing of personal data are fulfilled by Google (in particular the information obligations pursuant to Article 12 et seq. GDPR, safeguarding the rights of data subjects pursuant to Article 15 et seq. GDPR, notification of data breaches pursuant to Articles 33, 34 GDPR). Google processes the data in order to evaluate the use of our website by website visitors, to compile reports on the activities within our website and to provide other services associated with the use of the website. Pseudonymous usage profiles of website visitors are created from the processed data.

Further information on the purpose and scope of data collection and its processing by the plug-in provider can be found in Google’s privacy policy. There you will also find further information on your rights in this regard and setting options to protect your privacy: https://policies.google.com/technologies/partner-sites and an opt-out from personalized advertising is possible at https://www.google.com/settings/ads/.

Further information can be found in Google’s data protection information at https://www.google.de/intl/de/policies/privacy/.

10.6 Usage of Friendly Captcha

We use the Friendly Captcha from Friendly Captcha GmbH, Am Anger 3-5, 82237 Wörthsee, Germany. Friendly Captcha protects websites and online services from spam and abuse.

The data processed includes the request headers User-Agent, Origin and Referrer, the puzzle itself, which contains information about the account and the website key to which the puzzle relates, the version of the widget and a timestamp.

We store an anonymized counter per IP address for dynamic scaling of puzzle difficulty on the Edge network to detect malicious users and minimize blocking of legitimate users. This data is stored separately from the rest of the data and cannot be associated with specific websites. Friendly Captcha anonymizes IP addresses via one-way hashing so that they cannot be personally identified.

No other personal data, such as your name, your e-mail address and your online profiles are requested.

By giving your consent via our cookie banner, you consent to the processing of this data by Friendly Captcha GmbH.

The data protection information can be found at https://friendlycaptcha.com/de/legal/privacy-end-users/.