Welcome to the PATRIZIA AG website
The protection of your private information when using our website is very important to us, PATRIZIA AG. In the following, we would like to provide you with information on the type, scope and purpose of the collection and use of personal data when using our website.
The data protection declaration (including legally required informational content) is divided into three parts:
- Part 1: Information on data protection concerning our data processing under Articles 13, 14 and 21 of the General Data Protection Regulation (GDPR);
- Part 2: Data protection declaration for our website;
- Part 3: Information on data protection for applicants.
Part 1: Information on data protection
Information on data protection concerning our data processing under Articles (Art.) 13, 14 and 21 of the General Data Protection Regulation (GDPR). We take data protection seriously; in this section, we would like to provide you with information on how we process your data and what claims and rights you are entitled to under the relevant legal provisions on data protection. In effect from 25 May 2018 onwards.
1. Controller responsible for the data processing and contact details of the controller within the meaning of data protection law
Tel: +49 821 50910-000
Fax: +49 821 50910-999
and its subsidiaries.
Contact details of our data protection officer:
HEC Harald Eul Consulting GmbH
Data Protection + Data Security
Harald Eul (PATRIZIA data protection officer)
Auf der Höhe 34
2. Purposes and legal bases for our processing of your data
We process personal data in compliance with the provisions of the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG) and other applicable data protection regulations (details in the following). The details of what specific data are processed and the manner in which they are used depend primarily on the respective services requested or agreed. Further details and supplemental information on the purposes of data processing can be found in the respective contractual documents, forms, declarations of consent and/or other information provided to you (e.g. in the context of the use of our website or our terms and conditions). In addition, this data protection information may be updated from time to time.
2.1 Purposes for the fulfilment of a contract or of pre-contractual measures (Art. 6 [1b] GDPR)
The processing of personal data takes place for the performance of our contracts with you and the implementation of your orders, as well as for the execution of measures and activities in the context of pre-contractual relationships, e.g. with potential customers. In particular, the processing thus serves to facilitate the performance of services in accordance with your orders and wishes, and encompasses the services, measures and activities this requires. These primarily include contract-related communication with you, the traceability of transactions, orders and other agreements, for quality control through corresponding documentation, goodwill procedures, measures for the control and optimisation of business processes, and for the fulfilment of general due diligence obligations, management and control by associated companies (e.g. a parent company); statistical evaluations for corporate management, cost recording and controlling, reporting, internal and external communication, emergency management, settlement and tax evaluation of operational services, risk management, assertion of legal claims and defence in the event of legal disputes; ensuring IT security (including system and plausibility tests) and general security, including building and plant security, safeguarding and exercising domiciliary rights (e.g. through entry controls); ensuring the integrity, authenticity and availability of data, prevention and clarification of criminal offences; controls by supervisory committees or other supervisory bodies (e.g. Internal Audit).
2.2 Purposes in the context of our legitimate interests or those of third parties (Art. 6 [1f] GDPR)
Beyond the actual fulfilment of the contract / preliminary contract, we may potentially process your data if necessary in order to protect our legitimate interests or those of third parties, particularly for the following purposes:
- advertising or market and opinion research, provided you have not objected to the use of your data;
- collection of information and exchange of data with credit agencies if this exceeds our economic risk;
- review and optimisation of needs analysis procedures;
- further development of products and services as well as existing systems and processes;
- disclosure of personal information as part of due diligence in the context of company sale negotiations;
- for comparison with European and international antiterrorism lists, if beyond the statutory obligations;
- enrichment of our data, including by using or researching publicly accessible data;
- statistical assessments or market analysis;
- assertion of legal claims and defence in the event of legal disputes that cannot be directly attributed to the contractual relationship;
- limited storage of data in the event that deletion is impossible or only possible with disproportionate effort due to the specific type of storage;
- development of scoring systems or automated decision-making processes;
- prevention and clarification of criminal offences, if not exclusively for the fulfilment of statutory requirements;
- building and plant security (e.g. through entry controls and video surveillance), if beyond the general due diligence obligations;
- internal and external investigations, security inspections;
- potential listening-in or recording of telephone conversations for quality control and training purposes;
- receiving and maintaining certifications of a private law or official nature;
- safeguarding and exercising domiciliary rights through corresponding measures as well as through video surveillance for the protection of our customers and employees and in order to secure evidence in the event of criminal offences and the prevention thereof.
2.3 Purposes in the context of your consent (Art. 6 [1a] GDPR)
Processing of your personal data for specific purposes (e.g. use of your email address for marketing purposes) can also take place on the basis of your consent. You can generally revoke this consent at any time. This also applies for the revocation of declarations of consent that were issued to us before the GDPR entered into effect, i.e. before 25 May 2018. You will be informed of the purposes and of the consequences of revoking or withholding consent separately in the corresponding text of the consent.
As a general principle, revocations of consent apply only to the future. Instances of processing which took place before the revocation are not affected by it and remain legitimate.
2.4 Purposes for the fulfilment of statutory requirements (Art. 6 [1c] GDPR) or in the public interest (Art. 6 [1e] GDPR)
In the same manner as anyone involved in business affairs, we are also subject to numerous legal obligations. These primarily encompass statutory requirements (e.g. commercial law and tax law), but may also include supervisory or other official provisions. The purposes of processing may potentially include identity and age verification, fraud and money laundering prevention, the prevention, combating and detection of terrorism financing and asset-endangering criminal offences, comparisons with European and international antiterrorism lists, the fulfilment of control and reporting requirements under tax law and the archiving of data for purposes of data protection and data security as well as review by tax authorities and other public agencies. In addition, the disclosure of personal data may be necessary in the context of official/judicial measures for purposes of evidence collection, criminal prosecution or the enforcement of civil claims.
3. The categories of data we process in the event that we do not receive data directly from you and where these are obtained from
If necessary for the performance of our services, we process personal data permissibly obtained from other companies or other third parties (e.g. credit agencies, address publishers). In addition, we process personal data that we have permissibly collected, obtained or acquired from publicly accessible sources (such as telephone directories, commercial registries and registers of associations, civil registers, records of debtors, land registers, press, internet and other media) and are permitted to process.
Relevant personal data categories may include the following in particular:
- personal details (name, date of birth, place of birth, nationality, civil status, profession/industry and comparable data);
- contact data (address, email address, telephone number and comparable data);
- address data (residential registration data and comparable data);
- payment/cover confirmation for bank cards and credit cards;
- information on your financial situation (credit data including scoring, i.e. data for assessing economic risk);
- customer history;
- data on your use of the telemedia we provide (e.g. time of access of our websites, apps or newsletters; clicked pages/links of ours or entries and comparable data);
- video data.
4. Recipients or categories of recipients of your data
Within our company, your data are received by the internal departments or organisational units that need them for the fulfilment of our contractual and statutory obligations or in the context of the handling and implementation of our legitimate interests. Your data are shared with external parties exclusively:
- in connection with contract execution;
- for purposes of the fulfilment of statutory requirements under which we are obligated to disclose, report or share data or when sharing data is in the public interest (cf. Section 2.4);
- if external service providers process data on our account as contracted processors or function-holders (e.g. external computer centres, support/maintenance of EDP/IT applications, archiving, document processing, call centre services, compliance services, controlling, data screening for anti-money laundering purposes, data validation / plausibility checks, data destruction, purchasing/procurement, customer management, letter shops, marketing, media technology, research, risk controlling, billing, telephone services, website management, audit services, credit institutions, printing services or companies for data disposal, courier services, logistics);
- on the basis of our legitimate interests or the legitimate interests of third parties for purposes within the scope specified under Section 2.2 (e.g. with authorities, credit agencies, debt collection agencies, attorneys, courts, external experts, associated group companies, committees and supervisory bodies);
- when you have given us your consent to the transmission of your data to third parties.
We will not share your data with third parties under any other circumstances. If we hire service providers in the context of contracted processing, your data will be subject to the same security standards there as with us. In other cases, the recipients are only permitted to use the data for the purposes for which it was shared with them.
5. Duration of the storage of your data
We process and store your data for the duration of our business relationship. This also includes the initiation of a contract (pre-contractual legal relationship) and the execution of a contract.
In addition, we are subject to various obligations of retention and documentation such as those under the German Commercial Code (HGB) and the German Fiscal Code (AO). The periods of retention or documentation specified therein amount to up to ten years beyond the end of the business relationship / pre-contractual legal relationship.
Furthermore, special statutory provisions may require a longer period of retention, such as the retention of evidence within the scope of statutory limitation requirements. While the regular statutory limitation period under sections 195 et seq. of the German Civil Code (BGB) amounts to three years, limitation periods of up to 30 years may be applicable.
If the data are no longer needed for the fulfilment of contractual or statutory obligations and rights, they are normally deleted unless temporary continued processing of them is required for the fulfilment of purposes listed under Section 2.2 on the basis of an overriding legitimate interest. An overriding legitimate interest of this type also exists, for example, if deletion is impossible or only possible with disproportionate effort due to the type of storage and processing for other purposes has been made impossible by means of appropriate technical and organisational measures.
6. Processing of your data in a third country or by an international organisation
Data are only shared with parties in countries outside the European Union (EU) / the European Economic Area (EEA) (‘third countries’) when this is necessary for the execution of an order/contract from/with you, when required by law (e.g. reporting obligations under tax law), when this falls within the scope of a legitimate interest of us or a third party or when you have given us your consent.
In this context, processing of your data in a third country may also take place in connection with the engagement of service providers in the context of contracted processing. If there is no European Commission resolution on the existence of an appropriate level of data protection for the country in question, then we will ensure that your rights and freedoms are appropriately protected and guaranteed by means of corresponding contracts in accordance with EU data protection provisions. We can provide you with corresponding detailed information on request.
Information on the suitable or appropriate guarantees and the possibility of obtaining a copy for you can be requested from the company data protection officer.
7. Your data protection rights
Subject to specific requirements, you can assert your data protection rights against us:
- You thus have the right to obtain information on your data stored with us in accordance with the provisions of Art. 15 GDPR (potentially with restrictions pursuant to Section 34 GDPR).
- At your request, we will correct the data stored on you in accordance with Art. 16 GDPR if it is incorrect or incomplete.
- If you would like, we will delete your data in accordance with the principles of Art. 17 GDPR if doing so is not in conflict with other statutory provisions (e.g. statutory retention periods or the restrictions pursuant to Section 35 GDPR) or an overriding interest on our part (e.g. for the defence of our rights and claims).
- In consideration of the prerequisites of Art. 18 GDPR, you can request that we restrict the processing of your data.
- Furthermore, you can lodge an objection to the processing of your data pursuant to Art. 21 GDPR, on the basis of which we are required to end the processing of your data. However, this right of objection applies only in the case of highly specific circumstances of your personal situation, in which case our company’s rights may potentially stand in opposition to your right of objection.
- Subject to the prerequisites of Art. 20 GDPR, you also have the right to receive your data in a structured, common and machine-readable format or have it sent to a third party.
- In addition, you have the right to revoke any consent given to us for the processing of personal data with future effect at any time (cf. Section 2.3).
- You also have a right to complain to a data protection supervisory authority (Art. 77 GDPR). However, we recommend that you always direct any complaints to our data protection officer first.
Whenever possible, your applications for the exercise of your rights should be made in writing and addressed to the address provided above or directly to our data protection officer.
8. Scope of your obligations to provide us with your data
You only need to provide the data which is required for the establishment and implementation of a business relationship or for a pre-contractual relationship with us or which we are obligated by law to collect. Without these data, we are generally unable to conclude or implement the contract. This can also pertain to data required later within the scope of the business relationship. If we request any data beyond this from you, you will be separately informed of the voluntary nature of providing the information.
9. Existence of any automated decision-making processes in individual cases (including profiling)
We do not employ any purely automatic decision-making procedures as defined in Article 22 GDPR. If we employ any such procedure in individual cases in the future, however, we will inform you of this separately if legally required to do so.
We may potentially process your data in some cases with the goal of evaluating specific personal characteristics (profiling).
We may potentially employ evaluation tools in order to be able to provide you with information on products and advise you in a targeted manner. These facilitate needs-oriented product design, communication and advertising including market and opinion research.
Such procedures may also be employed in order to be able to evaluate your creditworthiness and for combating money-laundering and fraud. ‘Scores’ may be used to evaluate your creditworthiness. In the event of scoring, mathematical procedures are employed to calculate the probability that a customer will meet their payment obligations in compliance with the contract. Scores like this provide us with assistance for purposes such as the evaluation of creditworthiness and decision-making in the context of product conclusions, and are also taken into consideration by our risk management. The calculation is based on recognised and proven statistical mathematical procedures and is carried out based on your data, particularly income situation, expenses, existing liabilities, profession, employer, duration of employment, experiences from previous business relationships, contractually compliant repayment of past loans and information from credit agencies.
Information on nationality and special categories of personal data as defined in Art. 9 GDPR are not processed in this context.
Information on your right of objection under Art. 21 GDPR
1. You have the right to lodge an objection to the processing of your data on the basis of Art. 6 (1f) GDPR (data processing on the basis of a balancing of interests) or Art. 6 (1e) GDPR (data processing in the public interest) if there are reasons for doing so which originate from your specific situation. This also applies for any profiling based on this determination within the meaning of Art. 4 No. 4 GDPR. If you lodge an objection, we will no longer process your personal data unless we can produce evidence of compelling reasons worth protecting for the processing which outweigh your interests, rights and freedoms, or if the processing serves the purpose of the assertion, exercise or defence of legal claims.
2. We also may potentially process your personal data in order to conduct direct advertising. If you would not like to receive any advertising, however, you have the right to lodge an objection to it at any time. This also applies to profiling, insofar as it is connected with direct advertising of this type. We will comply with this objection in the future.
We will no longer process your data for direct advertising purposes if you object to processing for these purposes. The objection does not need to be made in accordance with any specific formal requirements, and should be directed to the following address if possible:
86150 Augsburg, Germany
Tel: +49 821 50910-000
Fax: +49 821 50910-999
and its subsidiaries.
Our data protection declaration and the information on data protection concerning our data processing under Articles (Art.) 13, 14 and 21 of the GDPR may change from time to time. We will publish all changes on this page. Older versions will be made available to you in an archive for reference.
Part 2: Data Protection Declaration
1. Responsible party
The responsible party for data collection, data processing and data use in connection with the use of our internet offering is PATRIZIA AG and its subsidiaries.
2. General information
The use of our website does not require prior registration except in the institutional login area. When you visit our website, we collect and process the information that you automatically share with us digitally (see Section 3) and/or personal data (see Section 4).
3. Usage data
When you visit our website or use our services, the device you are using and the internet browser you use to access our website automatically transmit log data to our server. This log data particularly includes the names of the files accessed (web pages), the volume of data transferred, the type and version of the web browser used, the operating system used (type and version), the date and time the website is accessed, the referrer URL (the website from which you were sent to our website via a link) and the IP address of the requesting computer. After it is no longer technically required for accessing the website, the IP address is stored for statistical evaluation exclusively in abbreviated (anonymised) form.
The automatically transmitted data described above is collected and evaluated exclusively for the purpose of the proper and optimal presentation of the information offered and for the purpose of statistical evaluations. It is not possible for us to assign the data automatically transmitted to the server to specific natural persons, i.e. it is fundamentally impossible to directly identify you based on the automatically transmitted data. We would like to inform you, however, of the fact that with the cooperation of your internet access provider, it could theoretically be possible to determine the holder of the internet connection through which you access our site over a specific period of time on the basis of the transmitted IP address. Information on the duration of the storage of used and assigned IP addresses by the internet access provider is provided by your internet access provider.
4. Type, scope and purpose of the collection and use of personal data
We collect, process and use personal data such as names, addresses, telephone numbers and email addresses on this website only for the purpose of contract execution and for the protection of our own legitimate business interests in regard to advice and support for our clients. Apart from this, we use your voluntarily provided data exclusively for the purpose for which you shared it with us. Your data will only be used for the additional purposes of further offers or marketing purposes if you provide us with your consent to use them for these purposes as well. Your personal data will be deleted as soon as knowledge of them is no longer necessary for fulfilling the purpose of storage, but no later than the complete execution of the contract and the expiration of the periods stipulated under tax and commercial law.
a) Contact form
You have the option of contacting us through the provided email address. As a matter of course, providing personal information in this manner is voluntary. The personal data you share in this context are used exclusively for handling your inquiry, insofar as you have not separately consented to the use of your data beyond this purpose. If you use our contact form in the Shareholders area to contact us, the data entered from your PC are transferred encoded in line with the latest technical standard (SSL) to protect it against misuse by third parties.
b) Sharing with third parties
Personal data transmitted when using our website are only shared in consideration of the strict requirements of the German Federal Data Protection Act, namely if you have given consent to the data being shared in advance, if we have the right to do so on the basis of statutory provisions and/or if we are obligated to share the data on the basis of laws, regulations or official or judicial orders. As a general principle, data are not shared with third parties for advertising purposes.
c) Information, correction, locking, deletion
You have the right to request information on the personal data stored about you, the recipients or categories of recipients with whom these data are shared and the purpose of storage from us free of charge. In addition, you may potentially have a right to the correction, locking or deletion of personal data subject to the applicable legal requirements. Contact information can be found in our legal notice.
5. Cookies, tracking tools and social plugins
We also use a cookie as part of our disclaimer for accessing protected pages of our website (e.g. web pages for real estate funds) which is activated when you confirm the disclaimer by selecting the check box and clicking ‘Confirm’ and makes it possible for you to navigate within protected pages. This cookie is automatically deleted again when the browser window is closed.
b) Google Analytics
This website uses Google Analytics, a web analysis service of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (‘Google’), to analyse the use of this website and improve it on a regular basis. The statistics collected enable us to improve our offering and design our website to be more interesting for you as a user. For the exceptional cases in which personal data are transferred to the US, Google has subjected itself to the EU-US Privacy Shield.
The legal basis for the use of Google Analytics on the grounds of our legitimate interests (in the analysis, optimisation and economical operation of our website) is Art. 6 (1)(1f) GDPR.
Google Analytics uses so-called ‘cookies’, text files that are saved on your computer and which enable an analysis of your use of the website. The information on your use of this website produced by the cookie is typically transferred to a Google server in the USA and stored there.
By activating IP anonymisation on this website, however, your IP address will be abbreviated in advance by Google inside Member States of the European Union or in other states which are party to the Agreement on the European Economic Area. Your full IP address will only be transferred to a Google server in the US and abbreviated there in exceptional cases. Google uses this information on behalf of the operator of this website to evaluate your use of the website, to compile reports on website activities and to offer further services related to website and internet usage to the website operator.
The IP address shared by your browser in the context of Google Analytics will not be consolidated with other Google data.
You can prevent the storage of cookies by configuring your browser settings accordingly; however, we would like to point out that in this case, you may not be able to make full use of all this website's functions. In addition, you can prevent the collection of the information generated by the cookie pertaining to your use of the website (including your IP address) by Google and the processing of these data by Google by downloading and installing this browser plugin.
The personal and pseudonymised data are deleted or anonymised after 14 months.
Further details and information can be found in Google’s data protection information and here as well as in the settings for the display of advertising banners by Google.
Information on Google DoubleClick:
We make use of the services of Google DoubleClick / Google Ads for the display and distribution of online advertising. These services are provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (‘Google’). Google DoubleClick serves to detect your visit to our website and may serve to provide you with online advertising for our offers on other websites as well. The option to opt out can be found at https://adssettings.google.de.
Information on Google Tag Manager:
Google Tag Manager is a solution that allows us to manage so-called ‘website tags’ through an interface (and to thus integrate Google Analytics and other Google marketing services into our online offering). The Tag Manager itself (which implements the tags) does not process any personal data of users. For information on the processing of users’ personal data, please refer to the following information on Google services. Use Policy: https://www.google.com/intl/de/tagmanager/use-policy.html.
This website uses heatmap.me, a web analysis tool from HeatMap, Inc., 6724 Monroe Ave, Eldersburg, MD 21784, USA. This tool records the interactions of anonymised, randomly selected individual visitors with the website. This produces a log of, for example, mouse clicks and the use of individual page elements (no keyboard activity) with the goal of pointing out possibilities for the optimisation of the website. In addition, information on the operating system and browser, as well as the resolution and type of device, links to domains, geographic location, pages visited and the date and time at which the website was accessed is recorded for statistical purposes.
This information is not personal and is not shared with third parties by heatmap.me. The sole purpose of collecting your page navigation information is to improve your experience with the use of our website and web services. If you would not like your activity to be recorded, you can deactivate this by activating the ‘do not track’ header in your browser. Information on this can be found on the following page: https://heatmap.me/privacy
d) Social plugins
Our website makes use of plugins from social networks (Twitter, Facebook etc.). Every time you access a page of our website that contains a plugin of this type, the plugin causes the browser you are using to load and display the visual presentation of the plugin from the server of the social network. When this happens, the social network server is informed of which specific page of our website you are visiting and further data such as your IP address.
In order to guarantee an appropriate standard of data protection for our website, we have thus initially deactivated these plugins with the associated buttons and added a brief data protection notice.
We have no influence over the scope of the data that social networks collect using these plugins. For more information, please consult the data protection notices of the respective social networks:
If you are not satisfied with the data protection measures presented here or still have questions regarding the collection, processing and/or use of your personal data, we would be happy to hear from you. We will do our best to answer your questions as quickly as possible and to implement your suggestions. Please contact us at datenschutz-patrizia(at)he-c.de.
Our website makes use of functions of the social network LinkedIn. The provider is the LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. Every time one of our pages that contains functions from LinkedIn is accessed, a connection is established with LinkedIn servers. LinkedIn is informed that you have visited our web pages with your IP address. If you click the LinkedIn ‘Recommend’ button and are logged into your LinkedIn account, it is possible for LinkedIn to assign your visit to our website to you and your user account. We would like to inform you that as the provider of the pages, we have no knowledge of the content of the data transferred or the use thereof by LinkedIn. Further information on this can be found in LinkedIn’s data protection statement at: https://www.linkedin.com/legal/privacy-policy.
6. Scope of application of the Data Protection Declaration
This Data Protection Declaration applies for all websites and services or offers for which PATRIZIA AG and its subsidiaries are responsible. This Data Protection Declaration does not apply to services which are subject to separate data protection declarations which do not encompass the present Data Protection Declaration, such as pages which fall under the responsibility of efonds Solution AG.
If you access an external website from our site (external link), the external provider will potentially receive information from your browser on which of our web pages you are coming from. The external provider is responsible for these data. We are unable to influence this process, as are all other website providers.
PATRIZIA employs both technical and organisational security measures to protect the data you have provided from random or intentional manipulation, loss, destruction or access of unauthorised persons. Where personal data are collected and processed, the information is transferred in encoded form to prevent misuse of the data by third parties. Our security measures are continually updated in line with technological developments. Our employees are obligated to maintain confidentiality.
Part 3: Information on data protection for applicants
Information on data protection concerning our processing of applicant data under Articles (Art.) 13, 14 and 21 of the General Data Protection Regulation (GDPR), available here for download in PDF format.
Your trust is important to us. If you have any questions that this Data Protection Declaration could not answer for you or if you would like more detailed information on a specific point, please contact our data protection officer at any time. As a matter of course, we will fulfil your standardised right to information in this regard.
Contact details of our data protection officer:
HEC Harald Eul Consulting GmbH
Data Protection + Data Security
Harald Eul (PATRIZIA data protection officer)
Auf der Höhe 34
Occasional adjustments must be made to our data protection declaration in response to the continual development of the Internet. We reserve the right to make appropriate amendments at any time.
Last updated: 23 March 2019