{"status":"OK","message":"\n\u003Cdiv class=\u0022overlay-lightbox information-duty-lightbox\u0022\u003E\n \u003Cdiv class=\u0022table-lightbox table-form-lightbox\u0022\u003E\n \u003Cdiv class=\u0022header-lightbox\u0022\u003E\n \u003Ch2\u003EInformation to be provided\u003C\/h2\u003E\n \u003Ca href=\u0027#\u0027 class=\u0022table-lightbox-close light\u0022\u003E \u003C\/a\u003E\n \u003C\/div\u003E\n \u003Cdiv class=\u0022lightbox-content information-duty-content\u0022\u003E\n \u003Ch2\u003EInformation to be provided where personal data are collected from the data subject Art. 13 GDPR\u003C\/h2\u003E\n \u003Ch2\u003EData controller\u003C\/h2\u003E\n \n \n \u003Cp\u003EName and contact details of the controller:\u003Cbr\u003EBauwerk Capital GmbH \u0026 Co.KG, \u003Cbr\u003EPrinzregentenstrasse 22, 80538 Munich, \u003Cbr\u003EManaging Directors: Christoph Lemp, J\u00fcrgen Schorn, \u003Cbr\u003ERegistered office of the company: Munich, Munich Local Court, HRA 80602, HRB 144928, \u003Cbr\u003EE-mail: \u003Ca href=\u0027mailto:info@bauwerk.de\u0027\u003Einfo@bauwerk.de\u003C\/a\u003E \u003Cbr\u003E\u003Ca href=\u0027https:\/\/www.bauwerk.de\u0027\u003Ehttps:\/\/www.bauwerk.de\u003C\/a\u003E\u003C\/p\u003E\n \u003Cp\u003EName and contact details of the data protection officer:\u003Cbr\u003E Reinhold Okon \u003Cbr\u003E Data protection officer\u003Cbr\u003ERosenstr. 1\u003Cbr\u003E85757 Karlsfeld\u003Cbr\u003EE-mail: \u003Ca href=\u0027mailto:info@dsb-okon.de\u0027\u003Einfo@dsb-okon.de\u003C\/a\u003E\u003Cbr\u003E\u003Ca href=\u0027https:\/\/www.dsb-okon.de\u0027 target=\u0027_blank\u0027\u003Ehttps:\/\/www.dsb-okon.de\u003C\/a\u003E\u003Cbr\u003E\u003C\/p\u003E\n \u003Ch2\u003EWhat data do we process?\u003C\/h2\u003E\n \u003Cp\u003ECategories of personal data that are processed:\u003Cbr\u003ESuppliers (address and functional data) and contact persons for the groups listed below where they are also legal persons (contact details and information concerning support).\u003C\/p\u003E\n \u003Cp\u003EKey categories of data are:\u003C\/p\u003E\n \u003Cul\u003E\n \u003Cli\u003E\u003Cp\u003EName\u003C\/p\u003E\u003C\/li\u003E\n \u003Cli\u003E\u003Cp\u003EAddress\u003C\/p\u003E\u003C\/li\u003E\n \u003Cli\u003E\u003Cp\u003EDate and place of birth\u003C\/p\u003E\u003C\/li\u003E\n \u003Cli\u003E\u003Cp\u003ETelephone number (mobile and private)\u003C\/p\u003E\u003C\/li\u003E\n \u003Cli\u003E\u003Cp\u003EData about account numbers and banks\u003C\/p\u003E\u003C\/li\u003E\n \u003Cli\u003E\u003Cp\u003EE-mail addresses (e-mail provided by you for correspondence purposes)\u003C\/p\u003E\u003C\/li\u003E\n \u003Cli\u003E\u003Cp\u003EPossible open receivables\u003C\/p\u003E\u003C\/li\u003E\n \u003Cli\u003E\u003Cp\u003EAuthentication data (check on legal age)\u003C\/p\u003E\u003C\/li\u003E\n \u003Cli\u003E\u003Cp\u003EData from documentation\u003C\/p\u003E\u003C\/li\u003E\n \u003Cli\u003E\u003Cp\u003ESales data from payment transactions\u003C\/p\u003E\u003C\/li\u003E\n \u003Cli\u003E\u003Cp\u003EData from fulfilling contractual obligations\u003C\/p\u003E\u003C\/li\u003E\n \u003Cli\u003E\u003Cp\u003EData about the use of our services via telemedia (website, newsletter, apps)\u003C\/p\u003E\u003C\/li\u003E\n \u003Cli\u003E\u003Cp\u003EAuthentication data (signatures)\u003C\/p\u003E\u003C\/li\u003E\n \u003Cli\u003E\u003Cp\u003EPayment orders\u003C\/p\u003E\u003C\/li\u003E\n \u003C\/ul\u003E\n \n \u003Ch2\u003EWhere do data come from? (Source)\u003C\/h2\u003E\n \u003Cp\u003EStored data were collected in the course of our contractual relationship and individual orders or they resulted from business relationships and during business initiation. The storage of data is effected in order to perform and process the orders you place with us and for commercial and tax-related documentation and archiving obligations; signatures come from e-mail and documents.\u003C\/p\u003E\n \n \u003Ch2\u003EWhy do we process your data and on what legal basis is this done? \u003Cbr\u003EPurpose and legal basis for processing \u2013 Art. 6 GDPR\u003C\/h2\u003E\n \u003Cp\u003EWe process personal data in strict compliance and in accordance with the provisions of the GDPR and the Federal Data Protection Act 2018 (BDSG-neu)\u003C\/p\u003E\n \u003Cp\u003EThe Bauwerk Capital \u0026 Co. KG group of companies offers services in the area of project development, consulting, sales and marketing of premium real estate.\u003C\/p\u003E\n \u003Cp\u003EData storage is performed in pursuit of our own business interests and to safeguard our legitimate interests as controller.\u003C\/p\u003E\n \u003Cp\u003ESimilarly, permitted data storage is performed to safeguard the legitimate interests of a third party, to defend against threats to public security and to prosecute criminal offences.\u003C\/p\u003E\n \n \u003Ch2\u003EPerformance of a contract \u003Cbr\u003E(Art. 6 Sect. 1 Subsect. b GDPR)\u003C\/h2\u003E\n \u003Cp\u003EPersonal data are processed primarily for the purpose of performing contracts or pre-contractual measures that have been concluded with you and for executing your orders.\u003C\/p\u003E\n \u003Cp\u003E\u003Cstrong\u003ECustomer data:\u003C\/strong\u003E The collection, processing or use of personal data is carried out in order to fulfil the business purpose; also to initiate business contacts and to notify customers.\u003C\/p\u003E\n \u003Cp\u003E\u003Cstrong\u003EPersonnel data:\u003C\/strong\u003E The collection, processing or use of our employees\u2019 personal data is carried out in order to perform and process the relevant contract of employment.\u003C\/p\u003E\n \u003Cp\u003E\u003Cstrong\u003EApplicant data:\u003C\/strong\u003E The collection, processing or use of applicants\u2019 personal data is carried out in order to initiate contracts of employment.\u003C\/p\u003E\n \n \u003Ch2\u003EBalance of interests \u003Cbr\u003E(Art. 6 Sect. 1 Subsect. f GDPR)\u003C\/h2\u003E\n \u003Cp\u003EThe data we process, while taking account of, and safeguarding, legitimate interests (by us or associated third parties), include the following data:\u003C\/p\u003E\n \u003Cp\u003ECredit rating enquiries and the exchange of data with credit agencies (e.g. Creditreform, SCHUFA, B\u00fcrgel), technical default settings to safeguard IT security within our company, measures aimed at ensuring security (property access) and safeguarding house rules, video surveillance (safeguarding house rules, tracking vandalism, property damage, disturbances, criminal acts), securing evidence.\u003C\/p\u003E\n \n \u003Ch2\u003EConsent \u003Cbr\u003E(Art. 6 Sect. 1 Subsect. a GDPR)\u003C\/h2\u003E\n \u003Cp\u003EFurther processing of your personal data is lawful provided you have given us written (in some cases also electronic) consent. Based on this consent, it is then possible that we are allowed to use your e-mail address to send out newsletters. Any consent given can be withdrawn at any time.\u003C\/p\u003E\n \n \u003Ch2\u003EWho receives your data? \u003Cbr\u003ERecipients (categories) of personal data\u003C\/h2\u003E\n \u003Cp\u003E\u003Cstrong\u003EPublic agencies\u003C\/strong\u003E that receive data owing to statutory regulations (e.g. social insurance agencies, tax authorities).\u003C\/p\u003E\n \u003Cp\u003E\u003Cstrong\u003EInternal units\u003C\/strong\u003E that are involved in executing the relevant business process (HR administration, bookkeeping, financial accounting, real estate brokering, marketing, sales, telecommunications and IT).\u003C\/p\u003E\n \u003Cp\u003E\u003Cstrong\u003EExternal parties\u003C\/strong\u003E(contractual partners) where this is necessary for contractual performance. External processors (service companies) in accordance with Art. 28 GDPR in order to perform the processing of data on our account. Furthermore, data are passed on to contractors for which you have given your consent.\u003C\/p\u003E\n \u003Cp\u003E\u003Cstrong\u003EOther external bodies\u003C\/strong\u003E such as banks (salary payments, supplier invoices), affiliate companies or other external bodies in order to perform the aforementioned purposes provided the data subject has given written consent. This is necessary for contract performance, or data transmission is permissible for some overriding legitimate interest.\u003C\/p\u003E\n \n \u003Ch2\u003ETransfer to third countries\u003C\/h2\u003E\n \u003Cp\u003EThere is currently no transfer of data to third countries.\u003C\/p\u003E\n \n \u003Ch2\u003EHow long are my personal data stored?\u003C\/h2\u003E\n \u003Ctable\u003E\n \u003Ctr\u003E\n \u003Ctd\u003E10 years\u003C\/td\u003E\n \u003Ctd\u003EFor documents covered by the German Commercial Code (HGB), Tax Code (AO), Income Tax Act (EStG), Corporate Tax Act (KStG), Trade Tax Act (GewStG), Sales Tax Act (UStG), Companies Act (AktG), Limited Liability Companies Act (GmbHG), Cooperative Societies Act (GenG)\u003C\/td\u003E\n \u003C\/tr\u003E\n \u003Ctr\u003E\n \u003Ctd\u003E6 years\u003C\/td\u003E\n \u003Ctd\u003EFor commercial and business correspondence and other records (German Commercial Code \u2013 HGB, German Civil Code \u2013 BGB)\u003C\/td\u003E\n \u003C\/tr\u003E\n \u003Ctr\u003E\n \u003Ctd\u003E4 years\u003C\/td\u003E\n \u003Ctd\u003EFor examination in accordance with \u00a7 35 Para. 2 No. 4 German Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG)\u003C\/td\u003E\n \u003C\/tr\u003E\n \u003Ctr\u003E\n \u003Ctd\u003E6 months\u003C\/td\u003E\n \u003Ctd\u003EFor unsolicited applications (e-mail), digital applications, general tenant\u2019s voluntary declaration (in digital form)\u003C\/td\u003E\n \u003C\/tr\u003E\n \u003Ctr\u003E\n \u003Ctd\u003E3 months\u003C\/td\u003E\n \u003Ctd\u003ETenant\u2019s voluntary declaration in paper form\u003C\/td\u003E\n \u003C\/tr\u003E\n \u003C\/table\u003E\n \n \u003Cp\u003EThe period of storage varies between 3 months and up to 30 years. The period of storage also results from statutory periods of limitation. As a general principle, data are processed and stored for as long as is necessary to maintain our business relationship. It should be noted that a business relationship is a long-term relationship that may last for years.\u003C\/p\u003E\n \n \u003Ch2\u003EI have the following rights:\u003C\/h2\u003E\n \u003Cul\u003E\n \u003Cli\u003E\u003Cp\u003ERight to information\u003C\/p\u003E\u003C\/li\u003E\n \u003Cli\u003E\u003Cp\u003ERight of access and right to object\u003C\/p\u003E\u003C\/li\u003E\n \u003Cli\u003E\u003Cp\u003ERight to rectification, erasure and restriction\u003C\/p\u003E\u003C\/li\u003E\n \u003Cli\u003E\u003Cp\u003ERight to data portability\u003C\/p\u003E\u003C\/li\u003E\n \u003C\/ul\u003E\n \u003Ch3\u003ERight to information\u003C\/h3\u003E\n \u003Cp\u003E\u003Cstrong\u003EThe following information will be disclosed on request:\u003C\/strong\u003E\u003C\/p\u003E\n \u003Cul\u003E\n \u003Cli\u003E\u003Cp\u003EName and contact details of the controller (where applicable also of its representative)\u003C\/p\u003E\u003C\/li\u003E\n \u003Cli\u003E\u003Cp\u003EContact details of the data protection officer (if such exists)\u003C\/p\u003E\u003C\/li\u003E\n \u003Cli\u003E\u003Cp\u003EPurpose and legal basis for processing\u003C\/p\u003E\u003C\/li\u003E\n \u003Cli\u003E\u003Cp\u003ELegitimate interests (when processing is performed in accordance with Art. 6 GDPR)\u003C\/p\u003E\u003C\/li\u003E\n \u003Cli\u003E\u003Cp\u003ERecipients or categories of recipients\u003C\/p\u003E\u003C\/li\u003E\n \u003Cli\u003E\u003Cp\u003ETransmission to a third country or international organisation\u003C\/p\u003E\u003C\/li\u003E\n \u003Cli\u003E\u003Cp\u003EDuration of storage\u003C\/p\u003E\u003C\/li\u003E\n \u003Cli\u003E\u003Cp\u003ERight to information, rectification, erasure, restriction, objection and to data portability\u003C\/p\u003E\u003C\/li\u003E\n \u003Cli\u003E\u003Cp\u003ERight to withdraw consent\u003C\/p\u003E\u003C\/li\u003E\n \u003Cli\u003E\u003Cp\u003ERight to lodge a complaint with a supervisory authorityv\u003C\/li\u003E\n \u003Cli\u003E\u003Cp\u003EInformation as to whether the provision of data is legally or contractually stipulated or is required for the conclusion of a contract and possible consequences of a failure to provide the data\u003C\/p\u003E\u003C\/li\u003E\n \u003Cli\u003E\u003Cp\u003EAutomated decision-making including profiling\u003C\/p\u003E\u003C\/li\u003E\n \u003Cli\u003E\u003Cp\u003EInformation about a possible change in the purpose of data processing\u003C\/p\u003E\u003C\/li\u003E\n \u003C\/ul\u003E\n \n \u003Ch3\u003ERight of access and right to object\u003C\/h3\u003E\n \u003Cul\u003E\n \u003Cli\u003E\u003Cp\u003EPurposes of data processing\u003C\/p\u003E\u003C\/li\u003E\n \u003Cli\u003E\u003Cp\u003ECategories of data\u003C\/p\u003E\u003C\/li\u003E\n \u003Cli\u003E\u003Cp\u003EThe recipients or categories of recipients\u003C\/p\u003E\u003C\/li\u003E\n \u003Cli\u003E\u003Cp\u003EDuration of storage\u003C\/p\u003E\u003C\/li\u003E\n \u003Cli\u003E\u003Cp\u003ERight to rectification, erasure and objection\u003C\/p\u003E\u003C\/li\u003E\n \u003Cli\u003E\u003Cp\u003ERight to complain to a supervisory authority\u003C\/p\u003E\u003C\/li\u003E\n \u003Cli\u003E\u003Cp\u003ESource of the data (if not collected from the data subject)\u003C\/p\u003E\u003C\/li\u003E\n \u003Cli\u003E\u003Cp\u003EAutomated decision-making including profiling\u003C\/p\u003E\u003C\/li\u003E\n \u003Cli\u003E\u003Cp\u003ETransmission to a third country or international organisation\u003C\/p\u003E\u003C\/li\u003E\n \u003C\/ul\u003E\n \n \u003Ch3\u003ERight to rectification, erasure and restriction\u003C\/h3\u003E\n \u003Cp\u003E\u003Cstrong\u003EThe following data are erased in accordance with Art. 17 GDPR:\u003C\/strong\u003E\u003C\/p\u003E\n \u003Cul\u003E\n \u003Cli\u003E\u003Cp\u003EWhen the storage of the data is no longer necessary\u003C\/p\u003E\u003C\/li\u003E\n \u003Cli\u003E\u003Cp\u003EWhen the data subject has withdrawn consent to data processing\u003C\/p\u003E\u003C\/li\u003E\n \u003Cli\u003E\u003Cp\u003EWhen the data have been unlawfully processed\u003C\/p\u003E\u003C\/li\u003E\n \u003Cli\u003E\u003Cp\u003EWhen there is a statutory obligation to erase the data under EU or national law\u003C\/p\u003E\u003C\/li\u003E\n \u003C\/ul\u003E\n \u003Cp\u003E\u003Cstrong\u003E\u00a7 35 German Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG neu) \u2013 right to erasure\u003C\/strong\u003E\u003C\/p\u003E\n \u003Cp\u003EThe right of the data subject and the obligation of the controller to the erasure of personal data does not exist according to Art. 17 Para. 1 of Regulation (EU) 2016\/679 supplemental to the exceptions listed in Art. 17 Para. 3 of Regulation (EU) 2016\/679 if erasure in the case of non-automated data processing is not possible due to the special type of storage, or is only possible with disproportionate effort, and if the interest of the data subject in erasure is deemed to be slight. In this case, restriction of processing in accordance with Art. 18 of Regulation (EU) 2016\/679 will supersede erasure. Clauses 1 and 2 do not apply if personal data were processed unlawfully.\u003C\/p\u003E\n \n \u003Cp\u003E\u003Cstrong\u003EThe right to be forgotten does not apply:\u003C\/strong\u003E\u003C\/p\u003E\n \u003Cul\u003E\n \u003Cli\u003E\u003Cp\u003EWhen freedom of expression or freedom of information takes precedence\u003C\/p\u003E\u003C\/li\u003E\n \u003Cli\u003E\u003Cp\u003EWhen data storage serves to meet a statutory obligation\u003C\/p\u003E\u003C\/li\u003E\n \u003Cli\u003E\u003Cp\u003EWhen public interest in the area of public health takes precedence\u003C\/p\u003E\u003C\/li\u003E\n \u003Cli\u003E\u003Cp\u003EWhen archiving or historical and research-related purposes oppose erasure\u003C\/p\u003E\u003C\/li\u003E\n \u003Cli\u003E\u003Cp\u003EWhen storage is necessary for the assertion, exercise of defence of legal claims\u003C\/p\u003E\u003C\/li\u003E\n \u003C\/ul\u003E\n \u003Cp\u003E\u003Cstrong\u003EPlease note:\u003C\/strong\u003E We can only comply with your request for erasure if no other statutory retention periods apply.\u003C\/p\u003E\n \n \u003Ch2\u003EWithdrawal of consent\u003C\/h2\u003E\n \u003Cp\u003EIn accordance Art. 6 Sect. 1 Subsect. a or Art. 9 Sect. 2 Subsect a, every data subject has the right to withdraw partial or all consent that was given, e.g. for the purpose of contract performance, at any time and without personal detriment, without affecting the lawfulness of the processing performed based on consent prior to its withdrawal.\u003C\/p\u003E\n \u003Cp\u003EWithdrawal of consent should be sent in writing to:\u003C\/p\u003E\n \u003Cp\u003EBauwerk Capital GmbH \u0026 Co.KG, Prinzregentenstrasse 22, 80538 Munich\u003C\/p\u003E\n \n \n \u003Ch2\u003EAutomated decision-making and profiling\u003C\/h2\u003E\n \u003Cp\u003ENo automated processes for decision-making as referred to in Art. 22 GDPR or other profiling measures as per Art. 4 Sect. 4 GDPR are used. \u003C\/p\u003E\n \n \u003Ch2\u003ERight to data portability\u003C\/h2\u003E\n \u003Cp\u003EArt. 20 GDPR grants the data subject the right to data portability. In accordance with this provision, the data subject has the right under the conditions of Art. 20 Subsect. a and b GDPR to receive the personal data concerning them and provided by them to the controller in a structured, commonly used and machine-readable format and to transmit these data to another controller without hindrance from the controller.\u003C\/p\u003E\n \n \u003Ch2\u003ERight to complain to a supervisory authority \u003Cbr\u003E(Art. 13 Sect. 2 Subsect. d, Art. 77 Sect. 1 GDPR)\u003C\/h2\u003E\n \u003Cp\u003EIn accordance with Art. 13 Sect. 2 Subsect. d, Art. 77 Sect. 1 GDPR, every company (controller) must inform all data subjects that they have a comprehensive right to complain to the responsible supervisory authority of their country. This right to lodge a complaint can be exercised when data subjects believe that the processing, storage and use of their data on our part is unlawful. This right to lodge a complaint should be performed in a targeted manner in response to a specific case. The data subject should provide cogent and justified information with the complaint. We would discourage lodging a complaint with the authority without sound information and facts. It is therefore advisable to contact our data protection officer \u2013 Mr Reinhold Okon \u2013 and seek a corresponding dialogue before submitting the complaint. Furthermore, the complaint is to be lodged with a single supervisory authority (Recital 141 Clause 1 GDPR). This is intended to avoid duplicate complaints.\u003C\/p\u003E\n \u003Cp\u003EOur data protection officer will always be happy to answer any questions you may have.\u003C\/p\u003E\n \n \u003Ch2\u003EInformation to be provided where personal data have not been obtained from the data subject \u003Cbr\u003E(Art. 14 GDPR)\u003C\/h2\u003E\n \n \u003Ch2\u003EData controller\u003C\/h2\u003E\n \u003Cp\u003EName and contact details of the controller:\u003Cbr\u003EBauwerk Capital GmbH \u0026 Co.KG, \u003Cbr\u003EPrinzregentenstrasse 22, 80538 Munich, \u003Cbr\u003EManaging Directors: Christoph Lemp, J\u00fcrgen Schorn, \u003Cbr\u003ERegistered office of the company: Munich, Munich Local Court, HRA 80602, HRB 144928, \u003Cbr\u003EE-mail: \u003Ca href=\u0027mailto:info@bauwerk.de\u0027\u003Einfo@bauwerk.de\u003C\/a\u003E \u003Cbr\u003E\u003Ca href=\u0027https:\/\/www.bauwerk.de\u0027\u003Ehttps:\/\/www.bauwerk.de\u003C\/a\u003E\u003C\/p\u003E\n \u003Cp\u003EName and contact details of the data protection officer:\u003Cbr\u003E Reinhold Okon \u003Cbr\u003E Data protection officer\u003Cbr\u003ERosenstr. 1\u003Cbr\u003E85757 Karlsfeld\u003Cbr\u003EE-mail: \u003Ca href=\u0027mailto:info@dsb-okon.de\u0027\u003Einfo@dsb-okon.de\u003C\/a\u003E\u003Cbr\u003E\u003Ca href=\u0027https:\/\/www.dsb-okon.de\u0027 target=\u0027_blank\u0027\u003Ehttps:\/\/www.dsb-okon.de\u003C\/a\u003E\u003Cbr\u003E\u003C\/p\u003E\n \n \u003Ch2\u003EWhy do we process your data and on what legal basis is this done? \u003Cbr\u003EPurpose and legal basis for processing \u2013 Art. 14 GDPR\u003C\/h2\u003E\n \u003Cp\u003EWe process personal data in strict compliance and in accordance with the provisions of the GDPR and the German Federal Data Protection Act 2018 (Bundesdatenschutzgesetz, BDSG neu).\u003C\/p\u003E\n \u003Cp\u003EWe process data for the purpose of performing and initiating transactions relating to a relationship with customers, prospects, contractual partners and service providers. (Art. 14 Sect 1 Subsect. c GDPR)\u003C\/p\u003E\n \u003Cp\u003EIf our company is subject to a legal obligation making it necessary to process personal data such as meeting tax obligations, processing will be performed on the basis of Art. 6 Sect. 1 Subsect. c GDPR.\u003C\/p\u003E\n \n \u003Ch2\u003EPerformance of a contract \u003Cbr\u003E(Art. 6 Sect. 1 Subsect. b and c GDPR)\u003C\/h2\u003E\n \u003Cp\u003EPersonal data are processed primarily for the purpose of performing contracts or pre-contractual measures that have been concluded with you and for executing your orders.\u003C\/p\u003E\n \u003Cp\u003E\u003Cstrong\u003ECustomer data:\u003C\/strong\u003E The collection, processing or use of personal data is carried out in order to fulfil the business purpose; also to initiate business contacts and to notify customers.\u003C\/p\u003E\n \u003Cp\u003E\u003Cstrong\u003EPersonnel data:\u003C\/strong\u003E The collection, processing or use of our employees\u2019 personal data is carried out in order to perform and process the relevant contract of employment.\u003C\/p\u003E\n \u003Cp\u003E\u003Cstrong\u003EApplicant data:\u003C\/strong\u003E The collection, processing or use of applicants\u2019 personal data is carried out in order to initiate contracts of employment.\u003C\/p\u003E\n \u003Cp\u003EIn accordance with Art. 6 Sect. 1 Subsect f GDPR, processing is permissible to pursue a legitimate interest on the part of the controller or third party provided this does not override the interests and fundamental rights and freedoms of the data subject. In accordance with Recital 47 Clause 2 GDPR, processing is permissible when a legitimate interest is to be assumed when the data subject receives performance (goods or services) from the controller, or has received such in the past.\u003C\/p\u003E\n \n \u003Ch2\u003ECategories of data \u003Cbr\u003E(Art. 14 Sect. 1 Subsect. d GDPR)\u003C\/h2\u003E\n \u003Cp\u003EThe following categories of personal data are processed:\u003Cbr\u003EData of customers, prospects, suppliers, employees\u003C\/p\u003E\n \n \u003Ch2\u003EWho receives your data? \u003Cbr\u003ERecipients (categories) of personal data\u003C\/h2\u003E\n \u003Cul\u003E\n \u003Cli\u003E\u003Cp\u003EPublic agencies\u003C\/p\u003E\u003C\/li\u003E\n \u003Cli\u003E\u003Cp\u003EInternal units (affiliate companies, governed by a contract processing agreement)\u003C\/p\u003E\u003C\/li\u003E\n \u003Cli\u003E\u003Cp\u003EExternal parties\u003C\/p\u003E\u003C\/li\u003E\n \u003Cli\u003E\u003Cp\u003EOther external bodies\u003C\/p\u003E\u003C\/li\u003E\n \u003Cli\u003E\u003Cp\u003EOther bodies\u003C\/p\u003E\u003C\/li\u003E\n \u003C\/ul\u003E\n \n \u003Ch2\u003ETransfer to third countries\u003C\/h2\u003E\n \u003Cp\u003EThere is currently no transfer of data to third countries.\u003C\/p\u003E\n \n \u003Ch2\u003EHow long are my personal data stored?\u003C\/h2\u003E\n \u003Ctable\u003E\n \u003Ctr\u003E\n \u003Ctd\u003E10 years\u003C\/td\u003E\n \u003Ctd\u003EFor documents covered by the German Commercial Code (HGB), Tax Code (AO), Income Tax Act (EStG), Corporate Tax Act (KStG), Trade Tax Act (GewStG), Sales Tax Act (UStG), Companies Act (AktG), Limited Liability Companies Act (GmbHG), Cooperative Societies Act (GenG)\u003C\/td\u003E\n \u003C\/tr\u003E\n \u003Ctr\u003E\n \u003Ctd\u003E6 years\u003C\/td\u003E\n \u003Ctd\u003EFor commercial and business correspondence and other records (German Commercial Code \u2013 HGB, German Civil Code \u2013 BGB)\u003C\/td\u003E\n \u003C\/tr\u003E\n \u003Ctr\u003E\n \u003Ctd\u003E4 years\u003C\/td\u003E\n \u003Ctd\u003EFor examination in accordance with \u00a7 35 Para. 2 No. 4 German Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG)\u003C\/td\u003E\n \u003C\/tr\u003E\n \u003Ctr\u003E\n \u003Ctd\u003E6 months\u003C\/td\u003E\n \u003Ctd\u003EFor unsolicited applications (e-mail), digital applications, general tenant\u2019s voluntary declaration (in digital form)\u003C\/td\u003E\n \u003C\/tr\u003E\n \u003Ctr\u003E\n \u003Ctd\u003E3 months\u003C\/td\u003E\n \u003Ctd\u003ETenant\u2019s voluntary declaration in paper form\u003C\/td\u003E\n \u003C\/tr\u003E\n \u003C\/table\u003E\n \n \u003Cp\u003EThe period of storage varies between 3 months and up to 30 years. The period of storage also results from statutory periods of limitation. As a general principle, data are processed and stored for as long as is necessary to maintain our business relationship. It should be noted that a business relationship is a long-term relationship that may last for years.\u003C\/p\u003E\n \n \u003Ch2\u003EI have the following rights:\u003C\/h2\u003E\n \u003Cul\u003E\n \u003Cli\u003E\u003Cp\u003ERight to information\u003C\/p\u003E\u003C\/li\u003E\n \u003Cli\u003E\u003Cp\u003ERight of access and right to object\u003C\/p\u003E\u003C\/li\u003E\n \u003Cli\u003E\u003Cp\u003ERight to rectification, erasure and restriction\u003C\/p\u003E\u003C\/li\u003E\n \u003Cli\u003E\u003Cp\u003ERight to data portability\u003C\/p\u003E\u003C\/li\u003E\n \u003C\/ul\u003E\n \u003Ch3\u003ERight to information\u003C\/h3\u003E\n \u003Cp\u003E\u003Cstrong\u003EThe following information will be disclosed on request:\u003C\/strong\u003E\u003C\/p\u003E\n \u003Cul\u003E\n \u003Cli\u003E\u003Cp\u003EName and contact details of the controller (where applicable also of its representative)\u003C\/p\u003E\u003C\/li\u003E\n \u003Cli\u003E\u003Cp\u003EContact details of the data protection officer (if such exists)\u003C\/p\u003E\u003C\/li\u003E\n \u003Cli\u003E\u003Cp\u003EPurpose and legal basis for processing\u003C\/p\u003E\u003C\/li\u003E\n \u003Cli\u003E\u003Cp\u003ELegitimate interests (when processing is performed in accordance with Art. 6 GDPR)\u003C\/p\u003E\u003C\/li\u003E\n \u003Cli\u003E\u003Cp\u003ERecipients or categories of recipients\u003C\/p\u003E\u003C\/li\u003E\n \u003Cli\u003E\u003Cp\u003ETransmission to a third country or international organisation\u003C\/p\u003E\u003C\/li\u003E\n \u003Cli\u003E\u003Cp\u003EDuration of storage\u003C\/p\u003E\u003C\/li\u003E\n \u003Cli\u003E\u003Cp\u003ERight to information, rectification, erasure, restriction, objection and to data portability\u003C\/p\u003E\u003C\/li\u003E\n \u003Cli\u003E\u003Cp\u003ERight to withdraw consent\u003C\/p\u003E\u003C\/li\u003E\n \u003Cli\u003E\u003Cp\u003ERight to lodge a complaint with a supervisory authority\u003C\/p\u003E\u003C\/li\u003E\n \u003Cli\u003E\u003Cp\u003EInformation as to whether the provision of data is legally or contractually stipulated or is required for the conclusion of a contract and possible consequences of a failure to provide the data\u003C\/p\u003E\u003C\/li\u003E\n \u003Cli\u003E\u003Cp\u003EAutomated decision-making including profiling\u003C\/p\u003E\u003C\/li\u003E\n \u003Cli\u003E\u003Cp\u003EInformation about a possible change in the purpose of data processing\u003C\/p\u003E\u003C\/li\u003E\n \u003C\/ul\u003E\n \n \u003Ch3\u003ERight of access and right to object\u003C\/h3\u003E\n \u003Cul\u003E\n \u003Cli\u003E\u003Cp\u003EPurposes of data processing\u003C\/p\u003E\u003C\/li\u003E\n \u003Cli\u003E\u003Cp\u003ECategories of data\u003C\/p\u003E\u003C\/li\u003E\n \u003Cli\u003E\u003Cp\u003EThe recipients or categories of recipients\u003C\/p\u003E\u003C\/li\u003E\n \u003Cli\u003E\u003Cp\u003EDuration of storage\u003C\/p\u003E\u003C\/li\u003E\n \u003Cli\u003E\u003Cp\u003ERight to rectification, erasure and objection\u003C\/p\u003E\u003C\/li\u003E\n \u003Cli\u003E\u003Cp\u003ERight to complain to a supervisory authority\u003C\/p\u003E\u003C\/li\u003E\n \u003Cli\u003E\u003Cp\u003ESource of the data (if not collected from the data subject)\u003C\/p\u003E\u003C\/li\u003E\n \u003Cli\u003E\u003Cp\u003EAutomated decision-making including profiling\u003C\/p\u003E\u003C\/li\u003E\n \u003Cli\u003E\u003Cp\u003ETransmission to a third country or international organisation\u003C\/p\u003E\u003C\/li\u003E\n \u003C\/ul\u003E\n \n \u003Ch3\u003ERight to rectification, erasure and restriction\u003C\/h3\u003E\n \u003Cp\u003E\u003Cstrong\u003EThe following data are erased in accordance with Art. 17 GDPR:\u003C\/strong\u003E\u003C\/p\u003E\n \u003Cul\u003E\n \u003Cli\u003E\u003Cp\u003EWhen the storage of the data is no longer necessary\u003C\/p\u003E\u003C\/li\u003E\n \u003Cli\u003E\u003Cp\u003EWhen the data subject has withdrawn consent to data processing\u003C\/p\u003E\u003C\/li\u003E\n \u003Cli\u003E\u003Cp\u003EWhen the data have been unlawfully processed\u003C\/p\u003E\u003C\/li\u003E\n \u003Cli\u003E\u003Cp\u003EWhen there is a statutory obligation to erase the data under EU or national law\u003C\/p\u003E\u003C\/li\u003E\n \u003C\/ul\u003E\n \u003Cp\u003E\u003Cstrong\u003E\u00a7 35 German Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG neu) \u2013 right to erasure\u003C\/strong\u003E\u003C\/p\u003E\n \u003Cp\u003EThe right of the data subject and the obligation of the controller to the erasure of personal data does not exist according to Art. 17 Para. 1 of Regulation (EU) 2016\/679 supplemental to the exceptions listed in Art. 17 Para. 3 of Regulation (EU) 2016\/679 if erasure in the case of non-automated data processing is not possible due to the special type of storage, or is only possible with disproportionate effort, and if the interest of the data subject in erasure is deemed to be slight. In this case, restriction of processing in accordance with Art. 18 of Regulation (EU) 2016\/679 will supersede erasure. Clauses 1 and 2 do not apply if personal data were processed unlawfully.\u003C\/p\u003E\n \n \u003Cp\u003E\u003Cstrong\u003EThe right to be forgotten does not apply:\u003C\/strong\u003E\u003C\/p\u003E\n \u003Cul\u003E\n \u003Cli\u003E\u003Cp\u003EWhen freedom of expression or freedom of information takes precedence\u003C\/p\u003E\u003C\/li\u003E\n \u003Cli\u003E\u003Cp\u003EWhen data storage serves to meet a statutory obligation\u003C\/p\u003E\u003C\/li\u003E\n \u003Cli\u003E\u003Cp\u003EWhen public interest in the area of public health takes precedence\u003C\/p\u003E\u003C\/li\u003E\n \u003Cli\u003E\u003Cp\u003EWhen archiving or historical and research-related purposes oppose erasure\u003C\/p\u003E\u003C\/li\u003E\n \u003Cli\u003E\u003Cp\u003EWhen storage is necessary for the assertion, exercise of defence of legal claims\u003C\/p\u003E\u003C\/li\u003E\n \u003C\/ul\u003E\n \u003Cp\u003E\u003Cstrong\u003EPlease note:\u003C\/strong\u003E We can only comply with your request for erasure if no other statutory retention periods apply.\u003C\/p\u003E\n \n \u003Ch2\u003EWithdrawal of consent\u003C\/h2\u003E\n \u003Cp\u003EIn accordance Art. 6 Sect. 1 Subsect. a or Art. 9 Sect. 2 Subsect a, every data subject has the right to withdraw partial or all consent that was given, e.g. for the purpose of contract performance, at any time and without personal detriment, without affecting the lawfulness of the processing performed based on consent prior to its withdrawal.\u003C\/p\u003E\n \u003Cp\u003EWithdrawal of consent should be sent in writing to:\u003C\/p\u003E\n \u003Cp\u003EBauwerk Capital GmbH \u0026 Co.KG, Prinzregentenstrasse 22, 80538 Munich\u003C\/p\u003E\n \n \n \u003Ch2\u003EAutomated decision-making and profiling\u003C\/h2\u003E\n \u003Cp\u003ENo automated processes for decision-making as referred to in Art. 22 GDPR or other profiling measures as per Art. 4 Sect. 4 GDPR are used. \u003C\/p\u003E\n \n \u003Ch2\u003ERight to data portability\u003C\/h2\u003E\n \u003Cp\u003EArt. 20 GDPR grants the data subject the right to data portability. In accordance with this provision, the data subject has the right under the conditions of Art. 20 Subsect. a and b GDPR to receive the personal data concerning them and provided by them to the controller in a structured, commonly used and machine-readable format and to transmit these data to another controller without hindrance from the controller.\u003C\/p\u003E\n \n \u003Ch2\u003ERight to complain to a supervisory authority \u003Cbr\u003E(Art. 13 Sect. 2 Subsect. d, Art. 77 Sect. 1 GDPR)\u003C\/h2\u003E\n \u003Cp\u003EIn accordance with Art. 13 Sect. 2 Subsect. d, Art. 77 Sect. 1 GDPR, every company (controller) must inform all data subjects that they have a comprehensive right to complain to the responsible supervisory authority of their country. This right to lodge a complaint can be exercised when data subjects believe that the processing, storage and use of their data on our part is unlawful. This right to lodge a complaint should be performed in a targeted manner in response to a specific case. The data subject should provide cogent and justified information with the complaint. We would discourage lodging a complaint with the authority without sound information and facts. It is therefore advisable to contact our data protection officer \u2013 Mr Reinhold Okon \u2013 and seek a corresponding dialogue before submitting the complaint. Furthermore, the complaint is to be lodged with a single supervisory authority (Recital 141 Clause 1 GDPR). This is intended to avoid duplicate complaints.\u003C\/p\u003E\n \u003Cp\u003EOur data protection officer will always be happy to answer any questions you may have.\u003C\/p\u003E\n\n \u003C\/div\u003E\n \u003C\/div\u003E\n\u003C\/div\u003E\n"}