Privacy Policy

A) GENERAL INFORMATION
 
1. Name and contact details of the responsible person
 
The person responsible pursuant to Art. 4 (7) GDPR is: 
Aufbau Haus GmbH
Prinzenstr. 84.1 10969 Berlin
Tel.: 030 34046511 
info@aufbauhaus.de 
 
2. Questions on data protection
 
Please direct any questions regarding data protection to datenschutz@aufbauhaus.de   
 
3. Your rights
 
You have the following rights with regard to the personal data concerning you: 
 
- Right to information pursuant to Art. 15 GDPR,
- Right to rectification or erasure pursuant to Art. 16 and 17 GDPR, 
- Right to restriction of processing pursuant to Art. 18 GDPR,
- Right to data portability pursuant to Art. 20 GDPR, 
- Right to object to processing pursuant to Art. 21 GDPR.
 
You also have the right to complain to a data protection supervisory authority about our processing of your personal data. 
 
The supervisory authority responsible for Aufbau Haus GmbH is:
 
Berlin Commissioner for Data Protection and Freedom of Information 
Alt-Moabit 59-61
10555 Berlin 
Phone: 030 13889-0
Fax: 030 2155050
E-mail: mailbox@datenschutz-berlin.de  
 
4. Hosting for the CMS
 
This website uses the content management system (CMS) Drupal to publish the content. We have contracted the provider uberspace, Kaiserstr. 15, 55116 Mainz, for hosting. We have carefully selected the provider - also under data protection aspects - and have concluded a contract processing agreement with them. Information on data protection and data security can be found at https://uberspace.de/privacy.
 
5. Scope of application
 
This privacy policy applies to all pages of https://www.aufbauhaus.de. It does not extend to other linked websites or Internet presences of other providers, unless otherwise noted below.
 
 
B) WHAT DATA DO WE PROCESS FROM YOU 
 
In the following, we will explain to you which of your personal data we process and for what purpose we do so.
 
1. When visiting our website 
 
a) Access data
 
(1) Description of data processing 
When you visit our website, our system automatically collects data and information that your browser transmits to our server (so-called access data): 
- IP-address anonymised in the form x.x.x.0,
- date and time of the request,
- time zone difference to Greenwich Mean Time (GMT), 
- content of the request (specific page), 
- access status / HTTP status code, 
- amount of data transferred in each case, 
- website from which the request came, 
- browser, 
- operating system and its interface, 
- version of the browser software.
The data is stored in the log files of our system. This data is not stored together with other personal data of the user.
 
(2) Legal basis for data processing 
The legal basis for the temporary storage of the data and the log files is our legitimate interest pursuant to Art. 6(1) Sentence 1(f) GDPR.
 
(3) Purpose of data processing 
The log files are stored to ensure the functionality of the website. In addition, we use the data to ensure the security of our information technology systems. These purposes are also our legitimate interest in data processing according to Art. 6(1) Sentence 1(f) GDPR. An evaluation of the data for marketing purposes does not take place.
 
(4) Duration of storage
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended. In the case of storage of the data in log files, this is the case after 30 days at the latest.
 
(5) Option to object
The collection of data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility for you to object if you wish to visit our website.
 
b) Use of cookies
 
(1) Description of the data processing
Our website uses cookies. Cookies are pieces of information that are stored on your terminal device when you visit websites and are assigned to the browser you are using.
We only use technically necessary cookies on our website, which are required for the proper functioning and improvement of the website. For this purpose, we use Matomo, a self-hosted open-source analytics service using privacy-friendly default settings. You can find the details in the following section c).
 
If you have allowed the integration of videos via YouTube or Vimeo, cookies are also set by these services. You can find the details in the following sections d) and e).
 
(2) Legal basis for data processing
The legal basis for the processing of personal data using cookies is our legitimate interest pursuant to Art. 6(1) Sentence 1(f) GDPR for all cookies required for the operation of the website and your consent pursuant to Art. 6(1) Sentence 1(a) GDPR for all optional cookies.
 
(3) Purpose of data processing
The purpose of using cookies is to simplify the use of websites for visitors. Our legitimate interest lies in the proper and technically error-free provision of our website.
 
(4) Duration of storage
When you first visit this website, you have made a decision about individual services (refuse or accept). This choice is stored in a cookie for one year.
 
(5) Options for objection 
Cookies are stored on the user's computer and transmitted from this computer to our website. Therefore, you as a user have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing your browser settings. Cookies that have already been saved can be deleted by you at any time in the browser settings. This can also be done automatically, e.g., when closing the browser window. In principle, our website can be used without the use of cookies. However, some services cannot be offered without the use of cookies. 
 
c) Matomo
 
(1) Description of the data processing
This website uses Matomo, a self-hosted open-source analytics service using privacy-friendly preferences. With the help of Matomo, we collect and analyze data about the use of our website. This enables us to find out, among other things, which page views were made when, from which region they came and what actions visitors to our website perform (e.g., clicks, etc.). We also collect various log data (e.g., referrer, browser and operating system used, IP address). We use IP anonymization for the analysis with Matomo. This means that your IP address is shortened before analysis and storage so that it can no longer be clearly assigned to you. The information collected by Matomo about the use of our website is stored exclusively on our server. The data is not evaluated for marketing purposes.
 
(2) Legal basis for data processing 
The legal basis for the temporary storage of the information is our legitimate interest pursuant to Art. 6(1) Sentence 1(f) GDPR.
 
(3) Purpose of data processing
The data is processed to improve our website and thereby simplify the use of the website. These purposes are our legitimate interest in the data processing according to Art. 6(1) Sentence 1(f) GDPR.
 
(4) Duration of storage
The log files with anonymised IP address are usually stored for one year.
 
(5) Possibility of objection
You can object to this storage by sending a message to the contact details above or by email to datenschutz@aufbauhaus.de, provided that your interests outweigh our legitimate interest.
 
d) YouTube
 
(1) Description of the data processing
This website integrates videos from YouTube. The provider of the video portal is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
 
We use YouTube in extended data protection mode. According to YouTube, this mode means that YouTube does not store any information about visitors to this website before they watch the video. However, the disclosure of data to YouTube partners is not necessarily excluded by the extended data protection mode. Thus, YouTube establishes a connection to the Google DoubleClick network - regardless of whether you watch a video. We have therefore blocked the content of the video platform by default until you give your consent. We would like to point out that following your consent, part of your data may be transferred to the USA.
 
As soon as you start a YouTube video on this website, a connection to the YouTube servers is established. This tells the YouTube server which of our pages you have visited. If you are logged into your YouTube account, you enable YouTube to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account in advance. Furthermore, after starting a video, YouTube may save various cookies on your end device or use comparable recognition technologies (e.g., device fingerprinting). In this way, YouTube can obtain information about visitors to this website. This information is used, among other things, to collect video statistics, improve the user experience and prevent fraud attempts. If necessary, further data processing processes are triggered after the start of a YouTube video, but we have no influence over these.
 
You can find further information in Google's privacy policy: https://policies.google.com/privacy 
 
(2) Legal basis for data processing
The use of YouTube is based on your consent in accordance with Art. 6(1) Sentence 1(a) and Art. 49(1) Sentence 1(a) GDPR.
 
(3) Duration of storage
The details of the storage period of the cookies used by YouTube can be found in this overview from
Google: https://policies.google.com/technologies/cookies      
 
(4) Possibility of revocation
You can revoke your consent at any time by revisiting the cookie settings at the bottom of our website and changing your decision regarding YouTube content.
 
e) Vimeo
 
(1) Description of the data processing
This website integrates videos from Vimeo. The provider of the video portal is Vimeo.com, Inc., 330 West 34th Street, 5th floor, New York, New York 10001, USA.
 
Vimeo's embeddable video player uses cookies that Vimeo deems necessary to play videos. Vimeo says it does not use third-party analytics or advertising cookies unless the website visitor is logged into them
Vimeo account. However, we have set Vimeo not to track your usage activity and have additionally blocked the video platform's content by default until you give your consent.
 
For more information, please refer to Vimeo's Cookie Policy at https://vimeo.com/cookie_policy and
Vimeo's Privacy Policy at https://vimeo.com/privacy.
 
(2) Legal basis for data processing
The use of Vimeo is based on your consent in accordance with Art. 6(1) Sentence 1(a) and Art. 49(1) Sentence 1(a) GDPR.
 
(3) Duration of storage
The details of the storage period of the cookies used by Vimeo can be found in Vimeo's cookie policy:
https://vimeo.com/cookie_policy 
 
(4) Possibility of revocation
You can revoke your consent at any time by revisiting the cookie settings at the bottom of our website and changing your decision regarding Vimeo content.
 
2. When subscribing to our newsletter
 
a) Description and purpose of data processing
On our website, you have the option of subscribing to our newsletter, which informs you about news from Aufbau Haus, e.g., about events or changes in the tenants.
 
The only mandatory information for sending the newsletter is your e-mail address. In addition, we store your IP address used and the time of registration or confirmation. The purpose of this storage is to be able to prove your registration and, if necessary, to clarify a possible misuse of your personal data.
 
We use the so-called double opt-in procedure to register for our newsletter. This means that after your registration, we will send you an e-mail to the e-mail address you provided, in which we ask you to confirm that you wish to receive the newsletter.
 
Sendinblue (formerly: Newsletter2Go) is used as the newsletter software. Your data is transmitted to Sendinblue GmbH for this purpose. Sendinblue is contractually prohibited from selling your data and using it for purposes other than sending newsletters. This is a tested German provider that has been selected in accordance with the requirements of the applicable data protection laws.
 
Further information on data protection at Sendinblue can be found here:
https://de.sendinblue.com/informationen-newsletter-empfaenger/?rtype=n2go 
 
b) Legal basis for data processing
We store your email address during the ongoing newsletter subscription with your consent in accordance with Art. 6(1) Sentence 1(a) GDPR. Insofar as we store additional data to be able to prove and ensure your subscription and unsubscription, the legal basis is our legitimate interest pursuant to Art. 6(1) Sentence 1(f) GDPR.
 
c) Duration of storage
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. The data transmitted by the user during registration is therefore stored for as long as the respective newsletter subscription is active. After unsubscribing from the newsletter, the email address is entered on a blacklist at the providers to prevent accidental resending of the email.
 
d) Revocation or objection option 
You can revoke your consent to receive the newsletter at any time and unsubscribe from the newsletter. You can declare the revocation by clicking on the link provided in every newsletter e-mail, by sending a message to the contact details given above or by sending an e-mail to datenschutz@aufbauhaus.de. 
 
The revocation of your consent will result in the deletion of the data collected during the registration process unless there is a legitimate interest on our part to continue storing it (see point b) above). Should this be the case, you can object to this storage by sending a message to the contact details above or by email to datenschutz@aufbauhaus.de, provided that your interests outweigh our legitimate interest. 
 
3. When contacting us by e-mail or telephone
 
a) Description of data processing
On our website, you have the option of contacting us via the e-mail addresses and telephone numbers provided. If you contact us, your enquiry and all resulting personal data will be stored and processed by us for the purpose of processing your request. The data will not be passed on to third parties; the data will be used exclusively for processing the enquiry.
 
b) Legal basis and purpose of data processing 
The legal basis for the processing of data is Art. 6(1) Sentence 1(f) GDPR. In the case of contact by e-mail or telephone, we have a legitimate interest in effectively processing the enquiries directed to us. If the e-mail contact aims at the conclusion of a contract, the additional legal basis for the processing is Art. 6(1) Sentence 1(b) GDPR.
 
c) Duration of storage
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of contact by e-mail or telephone, this is the case when it is clear from the circumstances that the underlying concern has been conclusively clarified and no further communication with you is necessary or desired by you.
 
Enquirers can request the deletion of their personal data, which they have transmitted to us by email or telephone, at any time by sending an e-mail to datenschutz@aufbauhaus.de. Mandatory legal provisions regarding retention periods remain unaffected.
 
d) Possibility to object 
Insofar as we base the processing of your personal data on the balance of interests pursuant to Art. 6(1) Sentence 1(f) GDPR, you may object to the processing if your interests outweigh our legitimate interest. You can inform us of your objection using the contact details above or by email to datenschutz@aufbauhaus.de.
 
 
C) SOCIAL MEDIA PRESENCE ON FACEBOOK 
 
1. Responsibility
 
We maintain a publicly accessible profile (fan page) on the social network Facebook:
http://www.facebook.com/pages/Aufbau-Haus/291492874300574 
The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal
Harbour, Dublin 2, Ireland (hereinafter: Facebook).
 
When you visit our social media presence on Facebook, we are jointly responsible with Facebook for the data collection processes triggered by that visit. This joint responsibility is limited to the collection and transmission of data by or to Facebook. Facebook is solely responsible for the further processing of the data. This also applies to the transmission of data to the company Meta Platforms, Inc. in the USA (see point 4.).
 
2. Data collection and data processing by Facebook
The data collected and processed by Facebook includes information about pages and content that users view or actions they take, as well as information about the devices users use. Facebook also collects and uses this information to provide analytics services called "Page Insights" to Page operators to help them gain insights into how people interact with their Pages and the content associated with them. You can
find more information about this here:
https://www.facebook.com/legal/terms/information_about_page_insights_data 
 
If you are logged into your Facebook account and visit our social media presence, Facebook can assign this visit to your Facebook account. However, your personal data may also be collected under certain circumstances if you are not logged in or do not have a Facebook account. In this case, this data collection takes place, for example, via cookies that are stored on your end device or by recording your IP address. Further information on the use of cookies by Facebook can be found in Facebook's cookie
policy: https://www.facebook.com/policies/cookies/.
 
With the help of the data collected in this way, Facebook can create usage profiles in which your preferences and interests are stored. In this way, interest-based advertising can be displayed to you both within and outside the social media presence. If you have an account with Facebook, the interest-
based advertising can be displayed on all devices on which you are logged in or have been logged in. You can adjust your advertising settings yourself in your Facebook account. To do so, click on the following
link and log in: https://www.facebook.com/settings?tab=ads 
 
Please note that we cannot track all of Facebook's processing operations. Therefore, other processing
operations may still be carried out by Facebook. For more information, please refer to the Facebook
Data Policy: https://www.facebook.com/privacy/policy
 
3. Legal basis and purposes of the data processing
 
Our social media presence on Facebook serves to present our company and is intended to ensure the most comprehensive possible presence of our company on the Internet. This is a legitimate interest within the meaning of Art. 6(1) Sentence 1(f) GDPR.
The processing operations carried out by Facebook are also based on other legal grounds, e.g., your consent pursuant to Art. 6(1) Sentence 1(a) GDPR. Further information on this can be found in the
section "Information on the legal basis" of the Facebook data policy:
https://www.facebook.com/privacy/policy  
 
4. Disclosure of data
 
We do not pass on data directly to third parties as part of the operation of our social media presence on Facebook.
However, according to Facebook, the data collected by Facebook is transferred to the USA and other third countries. We would like to point out that the transfer and further processing of personal data
outside the European Union may result in risks, for example it may be more difficult to enforce the rights of users.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can
be found here: https://www.facebook.com/legal/EU_data_transfer_addendum  
 
5. Duration of storage
 
The data collected directly by us via Facebook is deleted from our systems as soon as the purpose for storing it no longer applies, you request us to delete it, revoke your consent to store it or the purpose for storing the data no longer applies. Stored cookies remain on your terminal device until you delete them. Mandatory legal provisions and retention periods remain unaffected.
 
We have no influence on the storage period of your data, which is stored by Facebook for its own
purposes. You can find more information on this in the Facebook data policy:
https://www.facebook.com/privacy/policy  
 
6. Assertion of rights
 
We have concluded an agreement with Facebook that regulates, among other things, which security
measures Facebook must observe and how the rights of the data subjects are safeguarded:
https://www.facebook.com/legal/terms/page_controller_addendum 
 
In this context, Facebook has agreed to fulfil all data subject rights. You can therefore, for example, address information or deletion requests directly to Facebook. You can find the contact options in the
"How to contact Meta with questions" section of the Facebook Data Policy:
https://www.facebook.com/privacy/policy 
 
However, your data subject rights are not restricted by the agreements with Facebook. You can therefore in principle assert your rights both against us and against Facebook. However, we would like to point out that these rights can be asserted most effectively with Facebook, as only Facebook has comprehensive access to the users' data and can take appropriate measures and provide information
directly. Should you require assistance in this regard, please do not hesitate to contact us. You can reach us at the above address and by email at datenschutz@aufbauhaus.de.
 
 
D) CHANGES TO OUR PRIVACY POLICY
 
This privacy notice was last revised in October 2022.
We continuously adapt the data protection information so that it always corresponds to the current state of our website and the applicable legal requirements.