DIC Asset Aktiengesellschaft · Real estate company

Data protection declaration

We are pleased you are visiting our website. Below we would like to provide you information on dealing with your data in accordance with Article 13 General Data Protection Regulation (GDPR).

Controller

The authority named in the legal information is responsible for the data collection and processing described below.

Storing the IP address

We store the IP address transferred from your web browser strictly for the purposes intended and for a period of seven days, with the interest of recognising, delimiting and eliminating attacks on our website. After this time, we erase or anonymise the IP address. Article 6 (1) of the GDPR is the legal basis.

Usage data

When you visit our websites, on our web server temporary usage data are saved as a log for statistical purposes with the objective of improving the quality of our websites. This data record consists of

• the page from which you requested the file,
• the name of the file,
• the date and time of the visit,
• the data volume transferred,
• the access status (file transferred, file not found),
• the description of the type of web browser used,
• the IP address of the visiting computer, truncated so that it is not possible to establish a personal reference.

The named log data are saved only in anonymised form.

Data security

We take technical and organisation measures to protect your data for unwanted access as effectively as possible. On our websites we use encryption processes. Your data are transferred from your computer to our server and back via the Internet using TLS encryption. You can identify this by seeing the lock symbol in the status bar of your browser and that the address line starts with https://.

Data transfer to third parties

In the context of processing in line with Article 28 GDPR we transfer your data to service providers which support us in operating our websites (e.g. hosting) and the related processes. Our service providers are subject to strict instructions and have a corresponding contractual obligation.

Cookies

We use cookies on our website. Cookies are small text files that are stored on your device and can be read out. There is a differentiation between session cookies, which can be deleted as soon as you close your browser, and permanent cookies, which are stored beyond the individual session. Cookies can contain data which makes it possible to identify the device used. But some cookies also contain information only on specific settings which do not contain personal data.

On our websites we use session cookies with the interest of optimising and allowing user prompting and of aligning the presentation of our website.

In addition we use permanent cookies in order to provide specific areas of our website (e.g. information on share dividends) only to a defined group of persons.

The offer of obtaining the share dividends is a public offer of securities exclusively in the Federal Republic of Germany. In order to obtain the relevant information on share dividends, you must confirm that your main residence is Germany and that you are located in Germany. We store this confirmation in a permanent cookie.

Processing is done on the basis of Article 6 (1 f) GDPR.

You can set your browser in such a way that it provides you information on the placement of cookies. This makes the use of cookies transparent for you. What is more, at any time you can delete cookies via the relevant browser setting and prevent setting new cookies. Please note that it is then possible that our website cannot be displayed in an optimum fashion and that certain features are not longer technically available.

Newsletter

On our website, we give our users the opportunity to order our newsletter. If you have granted us separate consent to inform you by e-mail about company products and services, the relevant processing takes place on the basis of Article 6 (1a) GDPR. You can withdraw your consent at any time, without this impacting the lawfulness of previous processing. If you withdraw your consent, we discontinue the relevant data processing.

If you no longer want to receive the newsletter, you can unsubscribe at any time, e.g. by e.mail ir@dic-asset.de or using the unsubscribe link in any newsletter e-mail.

 

Spam protection using reCAPTCHA

To protect against spam, we use the reCAPTCHA service provided by Google Inc. This can sort out improper mass mails sent out on the basis of machine-based and automated tools. The service includes sending Google the IP address and possible further data required by Google for the reCAPTCHA service. Here the deviating data protection regulations of Google Inc. apply. For further information on the data protection regulations of Google Inc., go to https://www.google.com/intl/de/policies/privacy/

Your rights as user

When processing your personal data, GDPR gives you specific rights as user of the website:

Right of access (Article 15 GDPR):
You have the right to obtain confirmation as to whether or not personal data concerning yourself are being processed, and, where that is the case, access this personal data and the information detailed in Article 15 GDPR.

Right to rectification and erasure (Article 16 and Article 17 GDPR):
You have the right to demand rectification of inaccurate personal data concerning yourself without undue delay and, if necessary, the right to have incomplete personal data completed.
You also have the right to demand that the erasure of personal data concerning yourself without undue delay, if there are grounds stated in Article 17 GDPR, e.g. if the data are no longer needed for the purposes sought.

Right to restriction of processing (Article 18 GDPR):
You have the right to demand the restriction of processing for the period of a check, if one of the conditions stated in Article 18 GDPR applies, e.g. if you have objected to processing.

Right to data portability (Article 20 GDPR):
In specific cases detailed in Article 20 GDPR, you have the right to receive your personal data in a structured, commonly used and machine-readable format or to demand their transfer to a third party.

Right to object (Article 21 GDPR):
If data are collected on the basis of Article 6 (1 f) (data process to protect legitimate interests), at any time you have the right to object, on grounds relating to your particular situation, to processing of your personal data. We will no longer process the personal data unless there are compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.

Right to lodge a complaint with a supervisory authority
In line with Article 77 GDPR, you have the right to lodge a complaint with a supervisory authority if you are of the opinion that the processing of your relevant personal data infringes data protection regulations. This right to lodge a compliant can be asserted in particular to supervisory authorities in the Member State of your habitual residence or the place of work or the place of the alleged infringement .

Data Protection Officer contact data

Our company Data Protection Officer is available for information or suggestions on the subject of data protection:

Dr. Christian Borchers
datenschutz süd GmbH
Web: www.datenschutz-nord-guppe.de
E-mail: office@datenschutz-sued.de
Phone: +49 931 304 976 0

 

Information for applicants in line with Article 13 of the General Data Protection Regulation
(valid from 25 May 2018)

Complying with data protection regulations enjoys high priority for our company. In what follows, we would like to provide you with information on our collection of your personal data:

Controller:

The company you applied to is responsible for data collection and processing.

Data we require:

For the application we process data from you we need in the context of the application. This can be contact data, all data in connection with the application (CV, certificates, qualifications, answers to questions, etc.) and possibly data on bank details (to reimburse travel costs). The legal basis for this results from Section 26 German Federal Data Protection Act.

Data deletion:

If there is no statutory record retention period, data are erased as soon as storage is no longer necessary or the legitimate interest in storage is extinguished. If employment does not take place, this is generally no later than six months after conclusion of the application procedure.
In individual cases, there may be more extended storage of individual data (e.g. travel expenses claim). The length of storage is then in line with the legal retention obligations e.g. from the German Tax Code (six years) or the German Commercial Code (ten years).
If employment does not take place, but your application remains of interest for us, we ask you whether we may retain your application for filling future positions.

Confidential treatment of your data:

Of course, we treat your data confidentially and do not transfer them to third parties.
We may deploy service providers who are subject to strict instructions and which support us in the area of IT, archiving and destroying documents and with whom we have concluded separate agreements on job processing.

Your data protection rights:

As data subject you have access to the personal data relating to you and the rectification of inaccurate data or erasure, if there are grounds stated in Article 17 GDPR, e.g. if the data are no longer needed for the purposes sought. There is also the right to restriction of processing if the conditions referred to in Article 18 GDPR are met and in cases of Article 20 GDPR the right of data portability.

Each data subject has the right to lodge a complaint with a supervisory authority if he is of the opinion that the processing of the relevant personal data infringes data protection regulations. This right to lodge a compliant can be asserted in particular to supervisory authorities in the Member State of the habitual residence or the place of work of the data subject or the place of the alleged infringement .

Our Data Protection Officer

You have the right to address our Data Protection Officer at any time. In respect to your enquiry, he is obligated to confidentiality. The contact data of our Data Protection Officer are:

CONTACT DATA
Dr. Christian Borchers datenschutz süd GmbH Wörthstraße 15 97082 Würzburg	Tel.: + 49 931 30 49 76-0 Fax.: + 49 931 30 49 76-10 E-mail: office@datenschutz-sued.de Web: www.datenschutz-nord-gruppe.de

We are happy to provide you more detailed information on request.

 

Information obligations pursuant to Article 13 GDPR in the case of direct collection

With the information below, we would like to inform you as customer, business partner, supplier, interested party or as contact of a business partner, supplier or interested party on our handling of the collection, use and transfer of personal data. The controller of the data processing described below is DIC Asset AG.

General processing of business partner data

Purpose of data processing / legal basis

In the context of the business relationship to you as our customer, business partner, supplier and interested party, we process personal data such as name, address, e-mail address, telephone/fax numbers, tax number, customer number, bank details as well as possibly place and date of birth, nationality, if you have provided us this data voluntarily and rating data. Processing takes place for the purpose of unique identification as well as the establishment, implementation, administration and processing of contracts, the assessment of rating and collateral, and in particular to create settlements and credit notes and refunds, the administration and enforcement of claims, compliance with statutory regulations and in the interest of comprehensive customer support.

Article 6 (1) (b) (c) and (f) of the GDPR is the legal basis for data processing.

Recipients / categories of recipients:

Forwarding your data to third parties outside DIC Asset AG takes place only if you have previously expressly granted your consent to the transfer or we are required to do so on the basis of statutory regulations. In the case of consent, Article 6 (1a) is the legal basis for this data processing, in the case of a legal obligation Article 6 (1c). Examples of data transfer within the DIC Group are for implementing or initiating a business relationship. Where necessary, data are processed by controllers on our behalf. These are been carefully selected, are also audited by us and are contractually obligated in line with Article 28 GDPR.

Storage period / criteria for determining the storage period:

We store the relevant necessary data for the period of the business relationship with you and until the expiry of the relevant applicable statutes of limitation and any resulting claims and statutory retention obligations.

Processing data of contacts

Purpose of data processing / legal basis

Our company processes the contact data of contacts at customers, interested parties, suppliers and other business partners for communication by e-mail, telephone, telefax and post. Article 6 (1) (b) and (f) of the GDPR is the legal basis for data processing. Legitimate interest results from the interest in implementing or initiating the business relationship with customers, interested parties, suppliers and other business partners, in the process maintaining personal contact with the business contacts.

Recipients / categories of recipients:

Forwarding your data to third parties outside DIC Asset AG takes place only if you have previously expressly granted your consent in the transfer or we are required to do so on the basis of statutory regulations. In the case of consent, Article 6 (1a) is the legal basis for this data processing, in the case of a legal obligation Article 6 (1c). Examples of data transfer within the DIC Group are for implementing or initiating a business relationship. Where necessary, data are processed by controllers on our behalf. These are been carefully selected, are audited by us and are contractually obligated in line with Article 28 GDPR.

Storage period / criteria for determining the storage period:

Personal data are stored for implementing business relationships as long as there is a legitimate interest in doing so.

Data processing for marketing purposes

Purpose of data processing / legal basis

The companies of the DIC Group use personal data for marketing purposes, especially for advertising by e-mail, telephone and post. The purpose of data processing in the context of marketing measures is informing the data subjects about products and services of the DIC Group. Article 6 (1f) of the GDPR is the legal basis for sending advertisement by post. The legitimate interest results from the interest of customers and interested parties to send information on products and services. Generally the declaration of consent you have provided is the legal basis for marketing measures by e-mail or telephone. Special regulations may also apply for marketing measures to existing customers.

You can object to receiving advertising at any time, with effect for the future by writing a message to ir@dic-asset.de.

Recipients / categories of recipients:

In principle we exclude the transfer of data to third parties outside DIC Asset AG. If external controllers are deployed for implementing the sending of advertising, these have a contractual obligation in accordance with Article 28 GDPR and are controlled for maintaining appropriate organisational and technical security measures. For marketing purposes, your data may be transferred to other companies within the DIC Group⁽¹⁾.

Storage period / criteria for determining the storage period:

If you object to receiving advertising, your data are immediately blocked and subsequently erased, unless they are stored for other purposes.

No obligation for provision of personal data

Unless the above chapters have not stated anything to the contrary, the provision of personal data is not a statutory or contractual requirement or not necessary for entering into a contract. You are not bound to provide personal data if nothing has previously been stated to the contrary. Consequences of the non-provision of your personal data include that we cannot reply to your enquiry, or that participation in the application process or an event is not possible.

Your rights as data subject

According to Article 15 (1) GDPR, on request you have the right to receive information at no charge on the personal data stored about your person.
In addition, should the legal conditions exist, you have a right to rectification (Article 16 GDPR), erasure (Article 17 GDPR) and restriction of processing (Article 18 GDPR) of your personal data.

If data processing is based on Article 6 (1) (e) or (f) GDPR, according to Article 21 GDPR you have a right to object. If you object to data processing, it is stopped in the future, unless the controller can demonstrate compelling legitimate reasons for further processing which override the interest of the data subject in the objection.

If you have provided the data for processing yourself, you have the right to data portability according to Article 20 GDPR.

If data processing is based on consent according to Article 6 (1a) or Article 9 (2a) GDPR, you can withdraw the consent at any time with effect for the future, without impacting the lawfulness of processing based on consent before its withdrawal.

In the above cases, please address the Data Protection Officer in writing or by e-mail with any open questions on in the case of complaints.
You also have the right to complain to a Data Protection supervisory authority. Responsibility lies with the data protection supervisory authority in the federal state in which you live or in which the controller is located.

Contact data of the Data Protection Officer

Our company Data Protection Officer is available for information or suggestions on the subject of data protection:

Dr. iur. Christian Borchers
Datenschutz Süd GmbH
Wörthstrasse 15
97082 Würzburg
office@datenschutz-sued.de

Person responsible pursuant to Article 4 (7) GDPR

 

⁽¹⁾ DIC group includes DIC Asset AG, DIC Onsite GmbH, Deutsche Immobilien Chancen AG & Co. KGaA and Deutsche Immobilien Chancen Beteiligungs AG