Privacy statement

Rhein Real Immobilien Gesellschaft mbH
Dear Sir or Madam,
We are delighted that you are visiting our website and would like to inform you in the following about the data processing in the context of your visit:

I. Controller / Data protection officer

The controller within the meaning of the applicable data protection regulations is:
Company RheinReal Immobilien Gesellschaft mbH
Josef-Lammerting-Allee 18
50933 Cologne
Phone: 0221. 94 74 00
Fax: 0221. 94 74 040
E-mail: welcome[at]rheinreal.de
Managing Director: Mr. Dirk HindrichsExternal data protection officer:
Lawyer Nina Hiddemann
Am Römerturm 1
50667 Cologne, Germany
Phone: 0221 / 200 51 76
Fax: 0221 / 200 51 77
E-mail: datenschutz[at]hiddemann.de

II. General information on data processing

1.Scope of the processing of personal data
We fundamentally collect and use personal data of our users only insofar as this is necessary
– for the provision of a functional website
– for the performance of our services
– and the user has given his or her consent to this.
An exception applies in those cases in which prior consent cannot be obtained for actual reasons and the processing of the data is permitted by statutory provisions.
2. Legal basis for the processing of personal data
In the following, you will find the legal principles which the GDPR applies to the processing of personal data:
During the processing of personal data
– on the basis of the consent of the data subject the legal basis is Art. 6 Par. 1 Letter a EU General Data Protection Regulation (GDPR);
– which serves to fulfil a contract with the data subject the legal basis is Art. 6 Par. 1 Letter b GDPR.
– which is necessary for the implementation of pre-contractual measures the legal basis is Art. 6 Par. 1 Letter b GDPR;
– which is necessary to fulfil a legal obligation incumbent upon us, the legal basis is Art. 6 Par. 1 Letter c GDPR;
– which is necessary because of the vital interests of the data subject or other natural persons the legal basis is Art. 6 Par. 1 Letter d GDPR.
– which is necessary to safeguard a legitimate interest of our company or a third party and which outweighs the interests, fundamental rights and fundamental freedoms of the data subject, the legal basis for the processing is Art. 6 Par. 1 Letter f GDPR.
3. Data erasure and storage duration
As a basic rule, we delete or block personal data as soon as the purpose of storage ceases to apply. If we are legally obliged to store data, a blocking or deletion will only take place after expiry of the legal storage obligation, unless there is a necessity for further storage of the data for the conclusion or fulfilment of a contract.
4. Recipient of the collected data
The recipient of the data collected via the website is the named controller. In addition, contract processors (web hosts, technical support, IT service providers) have access to the data collected via the website. Compliance with the statutory regulations is, however, guaranteed in this regard by order processing contracts which we conclude with our order processors domiciled in the EU. Data will not be transferred to third countries.
5. No obligation to disclose personal data
When visiting our website, there is neither a contractual necessity nor a contractual or legal obligation to disclose personal data.
6. Profiling
We do not carry out any profiling on our website.

III. Provision of the website and creation of log files

1. Scope of data processing
Each time you access our website, our system automatically collects data and information from the computer system of the accessing computer.
The following data will be collected:
– Information about the browser type, language and character encoding as well as the version used
– The user’s operating system
– The IP address of the user
– Date and time of access, first and last visit
– Website from which the user accesses our website
– Websites accessed by the user’s system via our website
The data are also stored in the log files (log files / log of all or certain processes on a computer system) of our system. These data are not stored together with other personal data of the user.
2. Legal basis for data processing
The legal basis for the temporary storage of data and log files is Art. 6 Par. 1 Letter f GDPR.
3. Purpose of data processing
The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user’s computer. For this purpose, the IP address of the user must remain stored for the duration of the session.
The data are stored in log files in order to ensure the functionality of the website. The data are also used to optimise the website and to ensure the security of our information technology systems.
Our legitimate interest in data processing pursuant to Art. 6 Par. 1 Letter f GDPR is also found in these purposes. Since it is not easy for us to deduce a natural person from an IP address and since an IP address is not a sensitive date, it is deleted immediately after visiting the website and because we need it to offer our website, our interest outweighs the interest of the data subject.
4. Duration of storage
The collected data will be deleted as soon as they are no longer required for the purpose of their collection (provision of the website). If the data are stored in log files, this is the case after seven days at the latest. Storage beyond this is possible. In this case, however, the IP addresses of the users are deleted or alienated so that an assignment of the calling client is no longer possible.
5. Possibility of objection and removal
The collection of data for the provision of the website and the storage of data in log files is mandatory for the operation of the website. Consequently, there is no possibility of objection on the part of the user.

IV. Use of cookies

1. Description and scope of data processing
Our website uses technically necessary cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user’s computer system. When a user visits a website, a cookie may be stored on the user’s operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again. We use cookies to make our website more user-friendly. Some elements of our website require that the calling browser can be identified even after a page change.
This is the PHPSESSID cookie. This cookie serves to distinguish between users and is deleted after the end of the browser session.2. Legal basis for data processing
The legal basis for the processing of personal data using cookies is Art. 6 Par. 1 Letter f GDPR.3. Purpose of data processing
The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For these it is necessary that the browser is recognised also after a page change. This is also our legitimate interest.
The user data collected through technically necessary cookies are not used to create user profiles.4. Duration of storage, possibility of objection and removal
Cookies are stored on the user’s computer and transmitted to our site by the user. Therefore, you as a user also have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it is possible that not all functions of the website can be used to the full extent. By using this website, you consent to the processing of data collected about you by Google in the manner and for the purposes set out above.

V. E-mail contact

1. Scope of data processing
You can contact us via the e-mail addresses provided on our website. In this case, the personal data of the user transmitted with the e-mail will be stored. The data will be used exclusively for the processing of the conversation or request.
2. Legal basis for data processing
The legal basis for the processing of data in the course of sending an e-mail is Art. 6 Par. 1 Letter f GDPR. If the purpose of the contact is to conclude a contract, the additional legal basis for the processing is Article 6 Par. 1 Letter b GDPR.
3. Purpose of data processing
The processing of the personal data of the establishment of contact by e-mail is used by us only to handle the establishment of contact and your request. This is also our legitimate interest. Since the establishment of contact by e-mail emanates from you, you are free to do so and we inform you beforehand about how we handle the transmitted data, our legitimate interest outweighs your right to privacy in this regard.
4. Duration of storage
The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. For the personal data sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation ends when it can be inferred from the circumstances that the facts in question have been conclusively clarified.
5. Possibility of objection and removal
The user has the possibility to object to the storage of his or her personal data at any time. In such a case, the conversation cannot be continued. Objections can be made by e-mail, post or fax.
All personal data stored in the course of contacting us will be deleted by us in this case.
As far as data are collected within the scope of a contractual relationship, there is no possibility of objection as this is absolutely necessary for the execution of the contract.

VI. Enquiry form

1.Description and scope of data processing
On our website there is an enquiry form which can be used to contact us electronically in order to search for properties. If a user makes use of this option, the personal data entered in the input mask will be transmitted to us and stored.
At the time the message is sent, the following data will also be stored
– IP address
– Time and date of sending
Please refer to this data protection declaration for the processing of data.
The data will be used exclusively for the processing of your request.2. Legal basis for data processing
The legal basis for the processing of the data is Art. 6 Par. 1 Letter f GDPR. If the purpose of the request is to conclude a contract, the additional legal basis for the processing is Art. 6 Par. 1 Letter b GDPR.3. Purpose of data processing
The processing of personal data from the enquiry mask is only used by us to process your search. This is also the necessary legitimate interest in the processing of the data.
The other personal data processed during the sending process serve to prevent misuse of the form and to ensure the security of our information technology systems.

4. Duration of storage
The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. For the personal data from the input mask of the enquiry form, this is the case when the respective conversation with the user has ended. The conversation ends when it can be inferred from the circumstances that the facts in question have been conclusively clarified.

The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.

VII. Social media

On our website we provide references to various social media. However, these are only links to external websites of third-party social media providers and are not plug-ins. When you visit our website, no links will thus be established or personal data transmitted to third-party providers. If you click on the respective button marked with the provider’s symbol, you will be redirected to the website of this provider. You will leave our website at this moment. If you have any questions about third-party data collection, please read the privacy statements maintained by the third-party providers. We refer to the following social media:
1. Facebook
Our website refers via the button “f” to the social network facebook.com, whose operator for users outside the USA and Canada is Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, D2 Dublin, Ireland. Information on data protection can be found here: https://de-de.facebook.com/about/privacy/
2. LinkedIn
The “in” button takes you to the website of the LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland platform. You will find information on data protection there under https://www.linkedin.com/legal/privacy-policy?_l=en_EN
3. Xing
The button with the stylised “X” will take you to the website of XING AG, Dammtorstraße 30, 20354 Hamburg, Germany. Information on data protection can be found here: https://www.xing.com/privacy

VIII. Google Maps

1. Description and scope of data collection
This website uses the Google Maps API, a map service to display maps and create directions to help you find our location. Google Maps is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google is certified under the Privacy Shield Agreement, providing a guarantee of compliance with European data protection law. The Privacy Shield Agreement is based on the European Commission’s adequacy decision (EU) 2016/1250) of 12.07.2016. Further information can be found here: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI
When you visit our website, Google receives information about the visit to our site and, if necessary, other log files. Google stores and uses the data for the purposes of advertising, market research and/or the needs-based design of its own services. As a rule, this cookie is not deleted by closing the browser, but expires after a certain period of time (up to 24 months) unless you delete it beforehand.

2. Legal basis of the processing
The legal basis for the use of Google Maps is Art. 6 Par. 1 Sentence 1 Letter f GDPR.

3. Purpose of data processing
The purpose of data processing is to optimise the user-friendliness of our website and make it easier to find our location. This is also our legitimate interest in the use of Google Maps. Since Google Maps guarantees compliance with the European data protection level through Privacy Shield, our legitimate interest outweighs the personal rights of the user.

4. Possibilities of objection and elimination
You have the possibility to deactivate the service of Google Maps in a simple way and thus to prevent the data transfer to Google:
To do this, please deactivate JavaScript in your browser. Please note, however, that in this case you will not be able to use the map display.
By using this website and not deactivating the JavaScript function, you expressly declare, with knowledge of the data protection problem, that you consent to the processing of data collected about you by Google in the manner and for the purpose set out above.
Detailed information about collection of data by Google can be found here.

IX. Rights of the data subject

If your personal data are processed, you are the data subject within the meaning of the GDPR and are entitled to the following rights:

  1. Right to information
    You may request confirmation from us as to whether personal data relating to you are processed by us.
    In the event of such processing, you may request information about the following from us:
    (1) the purposes for which the personal data are processed;
    (2) the categories of personal data processed;
    (3) the recipients or categories of recipients to whom the personal data relating to you have been or will be disclosed;
    (4) the planned duration of storage of the personal data relating to you or, if it is not possible to provide specific information in this regard, criteria for determining the duration of storage;
    (5) the existence of a right to rectify or delete personal data concerning you, a right to limit the processing by the controller or a right to object to such processing;
    (6) the existence of a right of complaint to a supervisory authority;
    (7) all available information on the source of the data if the personal data are not collected from the data subject;
    (8) the existence of automated decision-making, including profiling, in accordance with Article 22 Par. 1 and 4 GDPR and – at least in these cases – meaningful information on the logic involved and the scope and intended effects of such processing for the data subject.
    You have the right to request information as to whether the personal data concerned will be transferred to a third country or to an international organisation. In this context, you may request to be informed of the appropriate guarantees pursuant to Art. 46 GDPR in connection with the transfer.
    2. Right to rectification
    You have the right to have your personal data that are processed corrected and/or completed if they are inaccurate or incomplete. We must then make the correction immediately.
    3. Right to limitation of processing
    Under the following conditions, you may request that the processing of your personal data be restricted:
    (1) if you dispute the accuracy of your personal data for a period of time that enables us to verify the accuracy of the personal data;
    (2) the processing by us is unlawful, you refuse to allow us to delete your personal data and instead request that we restrict the use of your personal data;
    (3) we no longer need the personal data for the purposes of processing, but you need them to assert, exercise or defend legal claims, or
    (4) if you have objected to the processing pursuant to Art. 21 Par. 1 GDPR and it has not yet been determined whether our legitimate reasons outweigh your reasons.
    If the processing of personal data relating to you has been restricted, such data may only be processed – apart from their storage – with your consent or for the purpose of asserting, exercising or defending legal claims or for the protection of the rights of another natural or legal person or for reasons of an important public interest of the Union or a Member State.
    If the limitation of the processing was restricted according to the aforementioned conditions, you will be informed by us before the restriction is lifted.
    4. Right to deletion
    (a) Duty to delete
    You can ask us to delete your personal data immediately. We are obliged to delete these data immediately if one of the following reasons applies:
    (1) Your personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
    (2) You revoke your consent on which the processing pursuant to Art. 6 Par. 1 Letter a or Art. 9 Par. 2 Letter a GDPR was based and there is no other legal basis for the processing.
    (3) You object to the processing pursuant to Art. 21 Par. 1 GDPR and there are no overriding legitimate reasons for the processing or you object to the processing pursuant to Art. 21 Par. 2 GDPR.
    (4) The personal data concerning you have been processed unlawfully.
    (5) The deletion of your personal data is necessary to fulfil a legal obligation under Union law or the law of the Member States to which we are subject.
    (6) The personal data relating to you have been collected in relation to information society services offered pursuant to Art. 8 Par. 1 GDPR.
    b) Information to third parties
    If we have made your personal data public and we are obliged to delete them pursuant to Art. 17 Par. 1 GDPR, we shall take appropriate measures (including technical measures) to inform controllers who process the personal data that you have requested the deletion of all links to these personal data, copies or replications of these personal data.
    (c) Exceptions
    The right to deletion does not exist if the processing is necessary
    (1) to exercise freedom of expression and information;
    (2) to fulfil a legal obligation or to perform a task which is in the public interest or is carried out in the exercise of public authority which may have been entrusted to us;
    (3) for reasons of public interest in the field of public health pursuant to Art. 9 Par. 2 Letter h and i and Art. 9 Par. 3 GDPR;
    (4) for archival purposes in the public interest, scientific or historical research purposes or for statistical purposes pursuant to Art. 89 Par. 1 GDPR, insofar as the law referred to in Section a) is anticipated to make the attainment of the objectives of such processing impossible or seriously impairs it, or
    (5) to assert, exercise or defend legal claims.
    5. Right to information
    If you have asserted the right to correction, deletion or restriction of processing against us, we are obliged to inform all recipients to whom your personal data have been disclosed of the correction, deletion or restriction of processing, unless this proves impossible or involves a disproportionate effort for us.
    You have the right to be informed of these recipients by us.
    6. Right to data portability
    You have the right to receive your personal data from us in a structured, common and machine-readable format. In addition, you have the right to transfer these data to another controller without any hindrance on our part, provided that
    (1) the processing is based on a consent pursuant to Art. 6 Par. 1 Letter a GDPR or Art. 9 Par. 2 Letter a GDPR or on a contract pursuant to Art. 6 Par. 1 Letter b GDPR and
    (2) the processing is carried out by automated means.
    In this respect, you also have the right for us to transfer your data to another controller, insofar as this is technically feasible. However, the freedoms and rights of other persons may not be affected thereby.
    This right to data transfer does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of public authority entrusted to us.
    7. Right of objection
    You have the right to object at any time, for reasons related to your particular situation, to the processing of your personal data carried out pursuant to Art. 6 Par. 1 Letter e or f GDPR; this also applies to profiling based on these provisions.
    We will no longer process your personal data unless we can prove compelling reasons for the processing worthy of protection which outweigh your interests, rights and freedoms, or the processing is used for the assertion, exercising or defence of legal claims.
    8. Right to revoke the declaration of consent under data protection law
    You have the right to revoke declarations of consent under data protection law at any time. The revocation of the consent does not affect the lawfulness of the processing carried out on the basis of the consent up to the revocation.
    9. Right of complaint to a supervisory authority
    Without prejudice to any other administrative or judicial remedy, you shall have the right to complain to a supervisory authority, in particular in the Member State of your residence, place of work or place of presumed infringement if you consider that the processing of your personal data is in breach of the GDPR.
    The supervisory authority to which the complaint was submitted will inform you as the complainant of the status and results of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 GDPR.

Status: May 2018