Click here to opt-out of Google Analytics

Privacy

Introduction

We are pleased about your interest in our company and our approach to data protection.

In this privacy policy we explain how we handle data protection at our company. Here we explain how we collect, use and process your personal data and how we comply with our legal obligations towards you. In doing so, we also refer to the rights you are entitled to according to the current legal situation.

The protection of your data is very important to us and we have made it our business to protect and safeguard your data protection rights and to meet the requirements of the basic data protection regulation (Regulation (EU) 2016/679) as well as our national laws.
Your personal data will always be processed in accordance with the Basic Data Protection Regulation (hereinafter referred to as DS-GVO).

In principle you can use our website without providing any personal data.

For further processing of your inquiry or use of our services, it may become necessary to process your personal data. If this is necessary and we have no legal basis for doing so, we will always obtain your consent as a data subject (hereinafter referred to as "data subject(s)*"). (*For the sake of simplicity, we use the term "data subject").

As a matter of principle, we process personal data such as your name, your address and contact data such as e-mail or telephone number. In relation to our business purpose, the processing of further personal data may be necessary. We have documented this in our lists of processing activities.


For the implementation of data protection and security (DS-GVO Art. 34), we have created a data protection concept for our company and implemented it on a risk-based basis on the basis of data protection impact assessments (DS-GVO Art. 35) using technical and organizational measures (TOM). In this way we also secure the web- or internet-based data transfer. Nevertheless, this can be compromised by security gaps for which we are not responsible, so that we leave you free to transmit personal data to us by other means such as telephone, fax or post.

Important: This privacy policy will be amended as necessary.


2 Terms of data protection

Our data protection guideline is based on the terms and their explanations that were documented by the European guideline and regulation authorities when the Basic Data Protection Regulation (DS-GVO) was issued. Our data protection guideline is intended to explain the implementation of data protection in our company in an easily readable and understandable way to all possible recipients, in particular our customers, suppliers and affected persons. You will find the definitions of terms in the Annex to the Data Protection Directive. They have been taken from the legal text and provided with sources.

 

3 Data controller

Responsible in the sense of the basic data protection regulation Art. 24 is:


Company

CB Freiham Operations GmbH

Street: Sachsendamm 4-5

POSTAL CODE: 10829

PLACE: Berlin

State: Berlin

Country: Germany

Phone: +49 30 120 8662-501

e-mail: info@capitalbay.de

Web page: www.capitalbay.de


Our business purpose is:

Accommodation and catering of guests, purchase and sale, mediation, management and exploitation of real estate, as well as economic management consulting in relation to real estate transactions. The company also develops, plans and supervises technical construction projects; it carries out construction projects as general contractor. Transactions requiring approval in accordance with § 34e GewO or KWG are excluded. Furthermore, the company's business purpose includes consulting services for the acquisition and sale of participations and companies of all kinds, the participation as general partner in companies and the assumption of the administration and management of other companies. The aforementioned activities are only carried out in the company's own name and on its own account.

For this we process

    - tenants,- customers and

    - Supplier data

    - Applicant data

    - as well as any data provided by third parties for the business processes

which we receive directly from you, which we receive from other sources or which we may automatically collect.

 

4 Contact possibility via our website

On our website, the information in the imprint is provided in accordance with legal requirements. This also includes the possibility of sending an e-mail or, if applicable, the use by the person concerned by means of a contact form.
With this type of transmission on a voluntary basis, the personal data is automatically stored for the purpose of processing or contacting. Personal data will not be passed on to third parties.

5 How we collect data and information

When you visit our website, a number of data and information is collected. This data is not used by us to draw conclusions about the persons concerned, but rather is required to

    - to be able to correctly provide or guarantee the content and functionality of our website,

    - to be able to optimize these contents,

    - in the event of attacks on our information technology systems, to be able to comply with the legal obligation within the framework of criminal prosecution,

During the use of our web pages we record among other things

    - the type of browser used including its version,

    - the operating system used,

    - the internet page and sub-pages (referrer) from which you can reach our website,

    - Date and time of access as well as Internet protocol address (IP address),

    - the provider of the accessing system,

as well as other similar data and information that serve to protect us in the event of attacks on our IT systems.

Furthermore, we process personal data which is made available to us by means other than the Internet (e.g. by post) and which we require to fulfil our business purpose. These are processed by us in automated as well as manual procedures.

Our company does not use automatic decision making or profiling.

etracker

The provider of this website uses the services of etracker GmbH, Hamburg, Germany (www.etracker.com) to analyse usage data. We do not use cookies for web analysis by default. If we use analysis and optimisation cookies, we will obtain your explicit consent separately in advance. If this is the case and you agree, cookies are used to enable a statistical range analysis of this website, a measurement of the success of our online marketing measures and test procedures, e.g. to test and optimise different versions of our online offer or its components. Cookies are small text files that are stored by the Internet browser on the user's device. etracker cookies do not contain any information that could identify a user.

The data generated by etracker on behalf of the provider of this website is processed and stored by etracker solely in Germany by commission of the provider of this website and is thus subject to the strict German and European data protection laws and standards. In this regard, etracker was independently checked, certified and awarded with the ePrivacyseal data protection seal of approval.

The data processing is based on Art. 6 Section 1 lit f (legitimate interest) of the General Data Protection Regulation (GDPR). Our legitimate interest is the optimisation of our online offer and our website. As the privacy of our visitors is very important to us, the data that may possibly allow a reference to an individual person, such as IP address, registration or device IDs, will be anonymised or pseudonymised as soon as possible. etracker does not use the data for any other purpose, combine it with other data or pass it on to third parties.

You can object to the outlined data processing at any time. Your objection has no disadvantageous consequences.



Further information on data protection with etracker can be found here.


6 Data protection in the application process

Our company collects and processes personal data of applicants for the purpose of processing the application procedure. The processing can also be carried out electronically, for example by e-mail or web form.

If an employment contract is concluded between the person concerned (applicant) and our company, the data transmitted is stored for the purpose of processing the employment relationship in compliance with the statutory provisions (see the annex "Country-specific peculiarity of the Data Protection Directive - Employment Data").

If no employment relationship is concluded with the applicant, the application documents will be deleted two months after notification of the rejection decision, provided that no other legitimate interests of the person responsible or legal requirements stand in the way of deletion. Another legitimate interest in this sense is, for example, a duty of proof in proceedings under the General Equal Treatment Act (AGG).

7 Legal basis of the processing

The legal basis for processing operations for which we obtain consent for a specific processing purpose is Art. 6 I lit. a DS-GVO for our company.

If personal data must be processed for the performance of a contract to which the data subject is a party (e.g. delivery of goods/services or other performance or consideration for which personal data are necessary), processing is based on Art. 6 lit. b DS-GVO, as are processing operations necessary for pre-contractual measures (e.g. offers, processing of inquiries about products, services or performances).

If our company has a legal obligation (e.g. due to tax laws), which requires the processing of personal data, this is done in accordance with Art. 6 I lit. c DS-GVO.

The processing of personal data to protect the vital interests of the person concerned (e.g. in the event of a medical emergency) is carried out by us on the basis of Art. 6 I lit. d DS-GVO.

Processing operations which are not covered by any of the aforementioned legal powers, but for which processing is necessary in order to safeguard a legitimate interest of our company or of a third party (unless the interests, fundamental rights and freedoms of the data subject do not prevail), are permitted because they are specifically mentioned by the legislator in recital 47 sentence 2 DS-GVO in conjunction with Art. 6 I lit. f DS-GVO

If the processing of personal data is based on Article 6 I lit. f DS-GVO, our legitimate interest is the execution of our business purpose and our business activities for the benefit of our company.

8 Deletion and blocking of personal data

The basis for the storage period of personal data is the respective legally prescribed retention period.

After expiry of the statutory storage period, the corresponding data will be deleted or - if this is possible with unjustifiable effort - blocked.

Our company processes and stores personal data of the persons concerned only for the period of time necessary for the processing purpose in the sense of the DS-GVO or any other applicable national or international law or regulation which the person responsible must implement.

9 Rights of the data subject

a.) Transparent information and communication with the person concerned

Our company shall take appropriate measures to provide the data subject with all information pursuant to Articles 13 and 14 and all notifications pursuant to Articles 15 to 22 and Article 34 of the DPA, which relate to the processing, in a precise, transparent, comprehensible and easily accessible form, in clear and simple language; this applies in particular to information specifically aimed at children.

The information shall be provided in writing or in another form, including, where appropriate, by electronic means. If requested by the data subject, the information may be given orally, provided that the identity of the data subject has been established in some other form.

We make it easier for the data subject to exercise his or her rights in accordance with Articles 15 to 22 DS-GVO.

In the cases referred to in Article 11 (2) DS-GVO, we may refuse to take action on the basis of the data subject's request to exercise his or her rights under Articles 15 to 22 DS-GVO only if we can demonstrate that we are not in a position to identify the data subject.

Our company will provide the data subject with information on the measures taken upon request pursuant to Articles 15 to 22 of the DS-GVO without delay and in any event within one month of receipt of the request. This period may be extended by a further two months if this is necessary taking into account the complexity and number of applications. We will inform the person concerned of any extension of the deadline within one month of receipt of the application, together with the reasons for the delay. If the data subject submits the request electronically, we will reply to the data subject by electronic means if possible.

If we have not acted on the data subject's request, we shall inform the data subject without delay, but at the latest within one month of receipt of the request, of the reasons for the delay and of the possibility of lodging a complaint with a supervisory authority or of seeking judicial redress.

We will provide information in accordance with Articles 13 and 14 DS-GVO and all notifications and measures in accordance with Articles 15 to 22 and Article 34 DS-GVO free of charge.

In the case of manifestly unfounded or - especially in the case of frequent repetition - excessive applications by a person concerned, we can either

    - request an appropriate fee, taking into account the administrative costs of providing information or notification or carrying out the requested measure; or

    - we may refuse to act on the basis of the application.

For this purpose, we will provide evidence of the manifestly unfounded or excessive nature of the application.

If we have reasonable doubt as to the identity of the natural person making the application pursuant to Articles 15 to 21 of the DS-BER, we will, without prejudice to Article 11 of the DS-BER, request additional information necessary to confirm the identity of the data subject.

The information to be provided to data subjects pursuant to Articles 13 and 14 of the DS-GVO may be provided in combination with standardized pictorial symbols in order to provide a meaningful overview of the intended processing in an easily perceivable, comprehensible and clearly comprehensible form. If the pictorial symbols are presented in electronic form, we will provide them in machine-readable form (Art. 12 (1) DS-GVO).

b.) Duty to inform when personal data is collected from the data subject

If our company collects personal data from the person concerned, we will inform the person concerned of the following at the time of collection:

    - the name and contact details of the person responsible and, if applicable, his or her representative,

    - if applicable, the contact details of the data protection officer,

- the purposes for which the personal data are to be processed and the legal basis for the processing

    - if the processing is based on Article 6(1)(f) of the DPA, the legitimate interests pursued by the controller or a third party,

    - where applicable, the recipients or categories of recipients of the personal data, and

    - where applicable, the intention of our company to transfer the personal data to a third country or international organisation, and the existence or absence of a Commission adequacy decision or, in the case of transfers under Article 46 or Article 47 or Article 49(1), second subparagraph, of the DS Block Exemption Regulation, a reference to the appropriate or adequate safeguards and how to obtain a copy of them, or where they are available

In addition to the information referred to in paragraph 1, we shall provide the data subject, at the time of collection of such data, with the following additional information necessary to ensure fair and transparent processing:

    - the period for which the personal data will be stored or, if this is not possible, the criteria for determining this period

    - the existence of a right of access by the controller to the personal data concerned and the right to rectification or erasure or to limit processing or a right to object to processing and the right to transfer the data;

    - if the processing is based on Article 6(1)(a) or Article 9(2)(a) of the Block Exemption Regulation, the existence of a right to withdraw consent at any time, without prejudice to the lawfulness of the processing carried out on the basis of the consent until such time as it is withdrawn;

    - the existence of a right of appeal to a supervisory authority;

    - whether the provision of the personal data is required by law or contract or is necessary for the conclusion of a contract, whether the data subject is obliged to provide the personal data, and the possible consequences of not providing it; and

    - the existence of automated decision-making, including profiling, in accordance with Article 22(1) and (4) of the DPA and, at least in these cases, meaningful information about the logic involved and the scope and intended impact of such processing on the data subject.

Where we intend to further process the personal data for a purpose other than that for which the personal data were collected, we shall provide the data subject with information on that other purpose and any other relevant information in accordance with paragraph 2 prior to such further processing.

Paragraphs 1, 2 and 3 do not apply if and to the extent that the data subject already has the information (Art. 13 (1) DS-GVO).

c.) Duty to inform if personal data have not been collected from the data subject

If personal data is not collected from the person concerned, our company will inform the person concerned of the following:

    - the name and contact details of the person in charge and, if applicable, his representative;

    - additionally, the contact details of the data protection officer;

    - the purposes for which the personal data are to be processed and the legal basis for the processing;

    - the categories of personal data processed;

    - where appropriate, the recipients or categories of recipients of the personal data;

    - where appropriate, the controller's intention to transfer the personal data to a recipient in a third country or an international organisation and the existence or otherwise of an adequacy decision by the Commission or, in the case of transfers made pursuant to Article 46 or Article 47 or Article 49(1), second subparagraph, of the DS-BER, a reference to the appropriate or adequate safeguards and the possibility of obtaining a copy of them or where they are available.

In addition to the information referred to in paragraph 1, we shall provide the data subject with the following information necessary to ensure fair and transparent processing vis-à-vis the data subject:

    - the period for which the personal data are stored or, if that is not possible, the criteria for determining that period;

    - if the processing is based on Article 6(1)(f) of the DPA, the legitimate interests pursued by the controller or a third party;

    - the existence of a right of access by the controller to the personal data concerned and the right to rectification or erasure or to limit processing and a right of objection to processing and the right to transfer the data;

    - if the processing is based on Article 6(1)(a) or Article 9(2)(a) of the Block Exemption Regulation, the existence of a right to withdraw consent at any time, without prejudice to the lawfulness of the processing carried out on the basis of the consent until such time as it is withdrawn;

    - the existence of a right of appeal to a supervisory authority;

    - the source of the personal data and, if applicable, whether it originates from publicly accessible sources;

    - the existence of automated decision-making, including profiling, in accordance with Article 22(1) and (4) of the DPA and, at least in these cases, meaningful information about the logic involved and the scope and intended impact of such processing on the data subject.

Our company shall provide the information referred to in paragraphs 1 and 2

- taking into account the specific circumstances of the processing of the personal data, within a reasonable time after obtaining the personal data, but not later than one month,

    - if the personal data are to be used to communicate with the data subject, at the latest at the time of the first communication to him/her, or,

    - if disclosure to another recipient is intended, no later than the time of the first disclosure.

If our company intends to further process the personal data for a purpose other than that for which the personal data were obtained, we shall provide the data subject with information on that other purpose and any other relevant information in accordance with paragraph 2 prior to such further processing.

Paragraphs 1 to 4 shall not apply if and insofar as

    - the data subject already has the information

    - the provision of such information proves impossible or would involve a disproportionate effort, in particular as regards processing for archiving purposes in the public interest, for scientific or historical research purposes or for statistical purposes, subject to the conditions and safeguards referred to in Article 89 (1) of the DPA, or where the obligation referred to in paragraph 1 of this Section is likely to make the attainment of the objectives of such processing impossible or seriously harm In such cases, the controller shall take appropriate measures to protect the rights and freedoms and legitimate interests of the data subject, including the making available of such information to the public,

    - the obtaining or disclosure is expressly provided for by legislation of the European Union or of the Member States to which the controller is subject and which lays down appropriate measures to protect the data subject's legitimate interests, or

    - the personal data are subject to professional secrecy, including a statutory obligation of secrecy, in accordance with Union law or the law of the Member States, and must therefore be treated confidentially (Article 14(1) DPA)

    d) Right to confirmation

Every data subject has the right to obtain confirmation from the data controller as to whether or not personal data concerning him/her is being processed. If this is the case, the data subject has the right to obtain information (Art. 15 para. 1 DS-GVO)

e) Right to information

If personal data are processed by the data subject, he/she has the right to be informed about these personal data and to receive the following information (Art. 15 Paragraph 1 DS-GVO)

    - the processing purposes,

    - the categories of personal data processed,

    - the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular to recipients in third countries or to international organizations,

    - if possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration

    - the existence of a right of rectification or erasure of personal data concerning him or her or of a right to have the processing limited by the controller or to object to such processing

    - the existence of a right of appeal to a supervisory authority,

    - if the personal data are not collected from the data subject: All available information about the origin of the data,

    - the existence of automated decision making, including profiling, in accordance with Article 22(1) and (4) of the DPA and, at least in these cases, meaningful information about the logic involved and the scope and intended impact of such processing on the data subject.

If personal data are transferred to a third country or to an international organization, the data subject has the right to be informed of the appropriate safeguards pursuant to Article 46 in connection with the transfer (Article 15 (2) FADP).

We provide a copy of the personal data that is the subject of the processing. For all further copies requested by the data subject, we will charge a reasonable fee based on the administrative costs. If the application is submitted electronically, we will provide the information in a standard electronic format, unless otherwise requested in the application (Art. 15 para. 3 DS-GVO)

f) Right of rectification

The data subject has the right to request the rectification of incorrect personal data concerning him/her without delay. Taking into account the purposes of the processing, the data subject has the right to request the completion of incomplete personal data - also by means of a supplementary declaration (Art. 16 DS-GVO).

g) Right of cancellation (right to be forgotten)

The person concerned has the right to demand from the controller that personal data concerning him/her be deleted without delay, and the controller is obliged to delete personal data without delay if any of the following reasons apply:

    - the personal data are no longer necessary for the purposes for which they were collected or otherwise processed

    - the data subject withdraws his or her consent on which the processing was based pursuant to Article 6(1)(a) DPA or Article 9(2)(a) DPA, and there is no other legal basis for the processing,

    - the data subject lodges an objection to the processing pursuant to Article 21(1) of the DPA and there are no overriding legitimate reasons for processing, or the data subject lodges an objection to the processing pursuant to Article 21(2) of the DPA,

    - the personal data have been processed unlawfully

    - the deletion of the personal data is necessary to comply with a legal obligation under Union law or the law of the Member States to which the controller is subject

    - the personal data was collected in relation to information society services offered in accordance with Art. 8 Paragraph 1 DS-GVO.

If our company has made the personal data public and we are obliged to delete them in accordance with paragraph 1, we shall take reasonable measures, including technical measures, taking into account the available technology and the implementation costs, to inform data controllers who process the personal data that a data subject has requested them to delete all links to such personal data or copies or replications of such personal data. (Art. 17 DS-GVO).

h) Right to limit processing

The data subject shall have the right to obtain from the controller the restriction of the processing if one of the following conditions is met: the accuracy of the personal data is contested by the data subject, for a period of time sufficient to enable the controller to verify the accuracy of the personal data in this respect,

    - whether the processing is unlawful and the data subject refuses to have the personal data deleted and instead requests that the use of the personal data be restricted,

    - whether the controller no longer needs the personal data for the purposes of the processing, but the data subject needs them in order to exercise or defend his rights, or,

    - whether the data subject has lodged an objection to the processing pursuant to Article 21(1), pending the determination of whether the legitimate reasons given by the controller outweigh those given by the data subject.

Where processing has been restricted in accordance with paragraph 1, such personal data may be processed, with the exception of storage, only with the consent of the data subject or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person or on grounds of an important public interest of the European Union or a Member State.

A data subject who has obtained a restriction on processing pursuant to paragraph 1 shall be informed by the controller before the restriction is lifted (Art. 18 DPA).

i.) Notification obligation in connection with the correction or deletion of personal data or the restriction of processing

As data controller, we will notify all recipients to whom personal data has been disclosed of any correction or deletion of personal data or of any restriction on processing under Article 16, Article 17(1) and Article 18 of the DPA, unless this proves impossible or involves a disproportionate effort. We inform the data subject of these recipients if the data subject so requests (Art. 19 DS-GVO).

j) Right to data transferability

The person concerned has the right to receive the personal data concerning him/her that he/she has provided to our company in a structured, common and machine-readable format and has the right to communicate this data to another person in charge without interference from the person in charge to whom the personal data has been provided, provided that

- the processing is based on a consent pursuant to Article 6(1)(a) or Article 9(2)(a) or on a contract pursuant to Article 6(1)(b) of the DS-BER and,

    - the processing is carried out using automated procedures.

In exercising his or her right to data transfer as per paragraph 1, the data subject shall have the right to obtain that the personal data be transferred directly from our company to another controller, insofar as this is technically feasible.

The exercise of the right under paragraph 1 of this article is without prejudice to Article 17 of the DS-GVO. This right does not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

The right under paragraph 1 may not interfere with the rights and freedoms of other persons (Art. 20 DS-GVO).

k) Right to appeal

The data subject shall have the right to object at any time, on grounds relating to his or her particular situation, to the processing of personal data concerning him or her carried out pursuant to Article 6(1)(e) or (f) of the DPA, including profiling based on these provisions.

    In the event of an objection, our company no longer processes the personal data, unless we can prove compelling reasons for processing worthy of protection that outweigh the interests, rights and freedoms of the person concerned, or the processing serves to assert, exercise or defend legal claims.

If we process personal data for the purpose of direct marketing, the data subject shall have the right to object at any time to the processing of his personal data for the purpose of such marketing. This also applies to profiling, insofar as it is related to such direct marketing.

If the data subject objects to us processing for the purposes of direct marketing, we will no longer process the personal data for this purpose.

We shall expressly inform the data subject of the right referred to in paragraphs 1 and 2 no later than at the time of the first communication with him/her; we shall provide this information in a comprehensible form that is separate from other information.

In connection with the use of information society services, and notwithstanding Directive 2002/58/EC, the data subject may exercise his/her right to object by means of automated procedures involving technical specifications.

In addition, the data subject has the right to object, for reasons arising from his or her particular situation, to the processing of personal data concerning him or her that is carried out in our company for scientific or historical research purposes or for statistical purposes in accordance with Art. 89, paragraph 1 of the DPA - unless such processing is necessary for the performance of a task carried out in the public interest (Art. 21 DPA).

l)Automated decisions in individual cases including profiling

The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects in relation to him or her or significantly affects him or her in a similar way.

Paragraph 1 shall not apply if the decision

    - (a) is necessary for the conclusion or performance of a contract between the data subject and the controller

    - (b) is authorised by the legislation of the European Union or of the Member States to which the controller is subject and that legislation provides for adequate measures to safeguard the rights and freedoms and legitimate interests of the data subject; or

    - (c) with the express consent of the data subject.

In the cases referred to in paragraph 2, letters a and c, we will take reasonable measures to safeguard the rights and freedoms as well as the legitimate interests of the data subject, including at least the right to obtain the intervention of a person responsible, to express his or her point of view and to challenge the decision.

Decisions pursuant to paragraph 2 may not be based on special categories of personal data pursuant to Article 9 paragraph 1 DS-GVO, unless Article 9 paragraph 2 letter a or g DS-GVO applies and appropriate measures have been taken to protect the rights and freedoms as well as the data subject's legitimate interests (Article 22 DS-GVO).

m) Right to withdraw consent to the processing of personal data

The person concerned has the right to revoke his or her consent to the processing of personal data at any time.

Every data subject may exercise these rights. To do so, he or she should contact our data protection officer directly (datenschutz@capitalbay.de).

10 Disclosure of personal data

We can and must transfer your personal information to the following recipients in many ways and for many purposes, as appropriate and in accordance with local laws and regulations:

    - tax, audit or other authorities, if we believe in good faith that we are required by law or other regulation to disclose such information (for example, because of a request from a tax authority or in connection with a prospective litigation),

    - Health care institutions such as health insurance companies,

    - external service providers who provide services on our behalf (including external consultants, business partners and professional advisors such as lawyers, auditors and accountants, technical support functions and IT consultants who perform development and testing work on our company's technological systems)

    - Providers of externally contracted IT services and storage providers, if a corresponding processing agreement (or comparable safeguards) exists,

If an order processing exists, it is based on a contract for order processing within the meaning of DS-GVO Chapter 4.


11 Provision of personal data for legal or contractual reasons

The provision of your personal data is required by law for our company (e.g. due to tax laws and regulations) or due to contractual regulations (e.g. information on the contractual partner or subcontractor).

It may be necessary for the person concerned to provide us with personal data in order to fulfil the contract. This is therefore a basis for our contract performance. If the person concerned does not provide us with the personal data, no contract could be concluded.

In the event of uncertainty, the data subject can contact the data protection officer, who can explain whether this is a legal or contractual obligation and what effect the failure to provide personal data would have on the conclusion of a contract.

 

Annex I: Our contact details

Country in which we use the services of companies or provide services for companies: Federal Republic of Germany

Company responsible for the processing of personal data of visitors to our website www.squareville.de: CB Micro Living GmbH

The company responsible for processing the personal data of data subjects, customers, suppliers and the employees of our company:

CB Micro Living GmbH, Sachsendamm 4-5, 10829 Berlin

This is how you can reach us:

    - to access, modify or withdraw any personal information you have provided to us,

    - if you suspect that your personal information has been misused, lost or has been accessed by unauthorized persons

    - to revoke your consent to the processing of your personal data (if the consent is the legal basis for the processing of your personal data)

    - any comments or suggestions regarding this privacy policy.

Mailing Address:

Capital Bay GmbH, Data Protection Officer, Sachsendamm 4-5, 10829 Berlin

Alternatively, you can contact our data protection officer by e-mail at

datenschutz@capitalbay.de

This is how you can reach us if you want to update your advertising settings:

Please send us an e-mail to: info@capitalbay.de

 

Annex II - Contact details of the competent local supervisory authority

Country in which we use the services of companies or provide services for companies: Federal Republic of Germany

Contact details of the responsible local regulatory authority:

For our company, which has its headquarters in Berlin

The Berlin Commissioner for Data Protection and Freedom of Information

    - Mail: Friedrichstr. 219, 10969 Berlin

    - Email: mailbox@datenschutz-berlin.de

    - Phone: 030/138 89-0

    - Fax: 030/215 50 50


Annex III - Country-specific specificity of the Data Protection Directive

Legal system: Federal Republic of Germany

Country specific legal regulation:

Requests to delete your data

If your data are not processed automatically, we are not obliged, unless your data are processed unlawfully, to delete your data if deletion would be impossible due to the storage method used or would require a disproportionate effort, provided we consider that your interest in deletion is minimal.

If your data are processed automatically, we are also entitled to refuse to delete your data if we have reason to believe that deletion would be contrary to your legitimate interests or if deletion would violate legal obligations to store your data for a certain period of time. Instead, the processing of your data under these circumstances will be restricted to the manner provided for in the DSG-VO.

Employee data

The provisions applicable to employment relationships permit the processing of personal data of employees for purposes related to the employment relationship if this is necessary for recruitment decisions or, after recruitment, for the execution or termination of the employment contract or in order to comply with and satisfy the rights and obligations of the employees' representatives provided for by law or by collective agreements or other agreements between the employer and a collective bargaining organisation. Further information can be found in § 26 of the new Federal Data Protection Act.

In Germany, we collect data on the affiliation of employees to a religious community in order to facilitate our employee compensation processes. Because this is required by law, we do not ask our employees for their express consent to process this information.

Annex IV - Definition of data protection

Our privacy policy uses the following terms, among others:

a) "personal data" and "data subject

Personal data is any information relating to an identified or identifiable natural person (hereinafter "data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person (Art. 4 para. 1 DPA).

Data subject is any identified or identifiable natural person whose personal data are processed by the controller.

c) "processing" means

Processing is any operation or set of operations, carried out with or without the aid of automated means, relating to personal data, such as collection, recording, organisation, organisation, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction (Art. 4 para. 2 DPA).

d) "Restriction of processing".

Restriction of processing is the marking of stored personal data with the aim of restricting their future processing (Art. 4 para. 3 DS-GVO).

e) "profiling"

Profiling is any type of automated processing of personal data which consists in using such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating to the performance of work, economic situation, health, personal preferences, interests, reliability, behaviour, whereabouts or change of location of that natural person (Art. 4 para. 4 DS-GVO).

f) "Pseudonymisation

Pseudonymization is the processing of personal data in such a way that the personal data can no longer be assigned to a specific data subject without the inclusion of additional information, provided that this additional information is kept separately and is subject to technical and organizational measures that ensure that the personal data is not assigned to an identified or identifiable natural person (Art. 4 Para. 5 DS-GVO).

g) "file system

A file system is any structured collection of personal data which is accessible according to specific criteria, regardless of whether this collection is managed centrally, decentrally or according to functional or geographical criteria (Art. 4 para. 6 FADP).

h) "controller" or "controller responsible for processing

Controller or data controller is the natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are laid down by Union law or by the law of the Member States, the controller or the specific criteria for his or her designation may be laid down by Union law or by the law of the Member States (Art. 4 (7) DPA).

(i) 'processor' means


A processor is a natural or legal person, authority, institution or other body that processes personal data on behalf of the controller (Art. 4 Par. 8 DS-GVO).

j) "recipient" means

The recipient is a natural or legal person, authority, institution or other body to whom personal data is disclosed, whether or not it is a third party. However, authorities that may receive personal data in the context of a specific investigation mandate under Union law or the law of the Member States are not considered to be recipients (Art. 4 (9) DPA).

k) "third party

Third party is a natural or legal person, public authority, agency or other body other than the data subject, the controller, the processor and the persons who, under the direct responsibility of the controller or the processor, are authorized to process the personal data (Art. 4 para. 10 DPA).

l) "Consent

Consent is any freely given, informed and unequivocal expression of the data subject's will in the specific case, in the form of a declaration or other unambiguous affirmative act by which the data subject indicates his or her consent to the processing of personal data relating to him or her (Art. 4 para. 11 DPA).

(m) 'violation of the protection of personal data

Violation of the protection of personal data is defined as a breach of security leading to the destruction, loss or alteration, whether accidental or unlawful, or unauthorized disclosure of or access to personal data that has been transmitted, stored or otherwise processed (Art. 4 para. 12 DS-GVO).

n) "genetic data

Genetic data are defined as personal data relating to the inherited or acquired genetic characteristics of a natural person which provide unambiguous information on the physiology or health of that natural person and which have been obtained in particular from the analysis of a biological sample from the natural person concerned (Art. 4 para. 13 DS-GVO).

(o) "biometric data

Biometric data are personal data obtained using special technical procedures relating to the physical, physiological or behavioural characteristics of a natural person which enable or confirm the unique identification of that natural person, such as facial images or dactyloscopic data (Art. 4 para. 14 DS-GVO).

(p) 'health data

Health data are personal data that relate to the physical or mental health of a natural person, including the provision of health services, and from which information on his or her state of health can be deduced (Art. 4 Para. 15 DS-GVO).

q) "principal place of business

1. principal place of business shall mean, in the case of a controller with establishments in more than one Member State, the place of his head office in the European Union, unless decisions concerning the purposes and means of the processing of personal data are taken at another establishment of the controller in the European Union and that establishment is empowered to implement those decisions, in which case the establishment which takes such decisions shall be deemed to be the principal place of business

2. in the case of a processor with establishments in more than one Member State, the place of its head office in the Union or, if the processor does not have a head office in the Union, the place of the processor's establishment in the European Union where the processing activities in the context of the activities of an establishment of a processor are mainly carried out, in so far as the processor is subject to specific obligations under this Regulation (Art. 4 (16) DPA).

r) "representative" means

A representative is a natural or legal person established in the European Union who has been appointed in writing by the responsible person or processor in accordance with Article 27 of the DS-GVO and who represents the responsible person or processor in respect of the obligations incumbent on them under this Regulation (Article 4 (17) DS-GVO).

s) "undertaking" means

An enterprise is a natural and legal person engaged in an economic activity, regardless of its legal form, including partnerships or associations which regularly carry out an economic activity (Art. 4 (18) DS-GVO).

(t) 'group of undertakings' means

A group of companies is defined as a group consisting of a controlling company and the companies dependent on it (Art. 4 (19) DS-GVO).

t) "binding internal data protection rules".

Personal data protection measures that a controller or processor established on the territory of a Member State undertakes to comply with in respect of data transfers or a category of data transfers of personal data to a controller or processor of the same group of companies or the same group of companies carrying out a joint economic activity in one or more third countries (Art. 4 para. 20 DPA).

u) "supervisory authority

A supervisory authority is an independent state body established by a Member State under Article 51 DS-GVO (Art. 4 para. 21 DSG-VO).

v) "supervisory authority concerned" means

A supervisory authority concerned is a supervisory authority that is affected by the processing of personal data because

1. the person responsible or the processor is established on the territory of the Member State of that supervisory authority

2. such processing has or may have a substantial impact on data subjects residing in the Member State of that supervisory authority; or

3. a complaint has been filed with this supervisory authority (Art. 4 para. 22 DS-GVO),

(w) 'cross-border processing' means

Cross-border processing means either

1. the processing of personal data carried out in the course of the activities of establishments of a controller or processor in the European Union in more than one Member State where the controller or processor is established in more than one Member State, or

2. processing of personal data which is carried out in the course of the activities of a single establishment of a controller or processor in the European Union and which has or may have a substantial impact on data subjects in more than one Member State (Article 4 (23) of the DPA)

x) "relevant and substantiated objection

An authoritative and justified objection is understood to be an objection as to whether or not there has been a breach of the DS-BER or whether or not the intended measure against the controller or the processor is in compliance with the DS-BER, whereby this objection clearly indicates the scope of the risks posed by the draft decision with regard to the fundamental rights and freedoms of the data subjects and, where applicable, the free movement of personal data within the European Union (Art. 4 (24) DS-BER).

(y) "information society service" means

Information society service constitutes a service within the meaning of Article 1(1)(b) of Directive (EU) 2015/1535 of the European Parliament and of the Council (Art. 4(25) DS-GVO).

z) "international organisation

An international organization is an organization under international law and its subordinate agencies or any other body established by or on the basis of an agreement concluded between two or more countries (Art. 4 para. 26 DS-GVO).

COOKIE POLICY

Capital Bay GmbH thanks you for your interest in our homepage and our company. Despite careful and regular checks, we cannot assume any liability for external links to third-party content.

The protection of your personal data during collection, processing and use during your visit to our homepage is very important to us and we want you to feel safe when visiting our Internet pages. Of course we observe the legal provisions of the Basic Data Protection Regulation (DS-GVO), the Data Protection Act (BDSG), the Telemedia Act (TMG) and other data protection regulations.

At this point we would therefore like to inform you about the use of cookies in our company.

 

What is a cookie?

    - A "cookie" is a piece of information that is stored on your computer's hard drive and records your navigation on a website. This allows us to offer you customized options based on the information stored about your last visit. Cookies can also be used to analyze traffic and for advertising and marketing purposes.

    - Cookies are used by almost all websites and will not harm your system. If you want to check or change which types of cookies are accepted, you can usually do this in your browser settings.

How do we use cookies?

    - In general, it is not necessary for you to provide personal information to use our website.

    - However, in order for us to actually provide our services, we may need your personal data.

    - This applies both to the sending of information material as well as to the answering of individual inquiries.

    - Further personal data is only collected if you provide this information voluntarily, for example in the context of an inquiry or to register to receive our customer magazine. For this purpose, it may be necessary to pass on your personal data to companies that we use to provide services. These are, for example, brokers or other service providers.

If we take one of the actions or provide services described below or otherwise, we would like to collect and store your personal data and will ask you for your express consent at the appropriate place on our website:

    - Sending of the newsletter and press releases

    - Participation in the lottery

    - Personalization of our website

    - other services and offers for which your express consent is required for data collection.

    - If you have registered for our newsletter with your e-mail address, we will use your e-mail address for our own advertising purposes even after the contract has been executed, until you unsubscribe from the newsletter.

This website uses Google Analytics

    - a web analysis service of Google Inc. ("Google").

    - Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyze how users use the site.

    - The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there.

    - However, if IP anonymization is activated on this website, your IP address will be shortened by Google within member states of the European Union or in other signatory states of the Agreement on the European Economic Area before. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there.

    - On behalf of the operator of this website, Google will use this information to evaluate your use of the website,

    - to compile reports about website activities and

    - to provide further services to the website operator in connection with the use of the website and the Internet.

    - The IP address transmitted by your browser within the framework of Google Analytics is not merged with other data from Google.

Settings of cookies

    - You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website.

    - You can prevent the collection by Google Analytics by clicking on the following link: Disable Google Analytics. An opt-out cookie will be set to prevent the future collection of your data when you visit this website. The cookie must be set again when the browser data is deleted.

    - You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link. The current link is http://tools.google.com/dlpage/gaoptout?hl=de.

    - Google uses the DoubleClick DART cookie. Users can disable the use of the DART cookie by visiting the privacy policy of the advertising network and content advertising network of Google. No direct personal data of the user is stored, only the Internet Protocol address.

    - This information is used to automatically recognize you the next time you visit our websites and to make navigation easier for you.

    - Cookies allow us, for example, to adapt a website to your interests or to save your password so that you do not have to enter it again each time.

    - Of course you can also view our websites without cookies. If you do not want us to recognize your computer, you can prevent cookies from being stored on your hard drive by selecting "do not accept cookies" in your browser settings. Please refer to the instructions of your browser manufacturer for details of how this works.

    - If you do not accept cookies, however, this can lead to functional restrictions of our offers.

    - You can prevent the installation of cookies by selecting the appropriate settings in your Internet user program (browser). To do this, you must deactivate the storage of cookies in your Internet browser.

    - Every access to our homepage and every retrieval of a file stored on the homepage is logged. The storage serves system-related and statistical purposes. Logged: Date and time of your visit, duration of your visit, name of the file accessed, amount of data transferred, notification of successful access, web browser and requesting domain.

This data is stored without personally identifying the user of the site. If necessary, user profiles are created using a pseudonym. Again, no connection is made between the natural persons behind the pseudonym and the usage data collected. These are small text files that are stored on your computer to identify you as a user when you call up the site again. Further information on how cookies work can be obtained from the German Federal Office for Information Security: https://www.bsi-fuer-buerger.de/cln_030/ContentBSIFB/SicherheitImNetz/WegInsInternet/DerBrowser/Cookies/cookies.htm-fuer-buerger.de/cln_030/ContentBSIFB/SicherheitImNetz/WegInsInternet/DerBrowser/Cookies/cookies.htm We collect this data exclusively to further optimize our Internet presence and to make our Internet offers even more attractive.

    - The collection and storage is only carried out in anonymized or pseudonymized form and does not allow any conclusion about you as a natural person.