DATA PROTECTION NOTICE

Data Protection Notice

The following information is to inform you about data processing in connection with our website and especially about the processing of personal data, i.e. data relating to you as an identifiable natural person, in connection with this website and your rights relating thereto.

1. Controller within the meaning of data protection law and data protection officer

The controller responsible for the operation of the website at www.thor.de and the data processing involved pursuant to Art. 4 No. 7 of the General Data Protection Regulation (‘GDPR’) is

Erich Thor Wohnungsunternehmen GmbH

Amalie-Dietrich-Stieg 13
22305 Hamburg

Telephone: +49 40 - 69 70 69 - 7
Fax: +49 40 - 69 70 69 10
E-mail: info@thor.de

(see our Legal Notice).

Our data protection officer can be contacted at datenschutz@thor.de or at the above-mentioned postal address by adding ‘Attn: data protection officer’.

2. Data processing during a visit to our website for information purposes

If our website is accessed for information purposes, the following data, which your browser transmits to the server used for our website, are processed:

• IP address of the requesting terminal (e.g. PC, tablet, smartphone)
• Date and time of access
• Name and URL of the retrieved file
• Retrieved and transferred amount of data
• Notice of successful retrieval
• Identification data of the browser and operating system used
• Website from which access is gained

These data will not be evaluated in a manner relating to an individual. These data are only collected in anonymised form and stored exclusively for statistical purposes.

The purpose of this data processing is to enable visits to our website and to ensure system security, technical administration of the network infrastructure as well as to optimise the website and is therefore in our legitimate interest. In so far as personal data are affected by the data processing, the legal basis thereof is Art. 6(1)(f) of GDPR. The data will be deleted if and as soon as they are not required any more for the above-mentioned purposes and neither statutory obligations to store the data nor our legitimate interests prevent such a deletion. In the latter cases, the data will be deleted after expiry of the period of retention or after the legitimate interests have ceased to exist.

3. Data processing in connection with use of our contact form

You can contact us by using the contact form provided on our website or by e-mail. In order to deal with your request, we will need a valid e-mail address; further information is provided on a voluntary basis, but may facilitate dealing with your request. We will only process the personal data provided in order to be able to deal with your request. Without your express consent, there will be no further use, especially no transfer of personal data to third parties. The legal basis for processing for the aforementioned purpose is Art. 6(1)(a) and/or (b) of GDPR. The personal data collected in this connection will be deleted after your request has been finally dealt with or the processing of such data will be limited to the minimum required if there are statutory obligations to store the data or we have a legitimate interest. In the latter cases, the data will be deleted after expiry of the period of retention or after the legitimate interests have ceased to exist.

If the data required for dealing with your request are not provided to us, this will result in our not being able to deal with your request.

4. Data processing in connection with use of our mailing list

We also offer you to enter your name on our Mailing List (https://www.thor.de/en/privat/mailing) in order to receive information about flats that become available. For this purpose, we will need a valid e-mail address; further information is provided on a voluntary basis. We will process the data you enter when registering for our mailing list to send you an automated message about flats that become available and meet the search criteria you specify. Without your express consent, there will be no further use, especially no transfer of personal data to third parties. The legal basis for processing for the above-mentioned purpose is the consent you have given in this regard and thus Art. 6(1)(a) of GDPR.

You may deregister from the mailing list at any time via our website – cancel mailing list (https://www.thor.de/en/privat/mailing-out) – and thus revoke your consent to the processing of the data – also of the data you may have entered in the contact form – with effect for the future (see also No. 10 of this Data Protection Notice). Please re-enter your e-mail address to deregister from the mailing list.

5. Transfer of data

Your personal data will exclusively be transferred to third parties in the following cases for the following purposes:

• You have given your consent to a transfer (Art. 6(1)(a) of GDPR).
• The transfer is permitted by law and required for the preparation or performance of contractual relationships with you (Art. 6(1)(b) of GDPR).
• There is a statutory obligation to transfer the data (Art. 6(1)(c) of GDPR).
• The transfer is required to assert, exercise or defend legal claims and there is no reason to assume that you have an overriding interest meriting protection in the non-transfer of your data (Art. 6(1)(f) of GDPR).

Because of the use of Google Analytics (see No. 7 of this Data Protection Notice) and Google Maps (see No. 8 of this Data Protection Notice), data are also transferred to the USA. As regards exceptional cases where personal data are transferred to the USA, Google Inc. has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

6. Use of cookies

This website uses so-called cookies. Cookies are small text files that are placed on your terminal. Some of these cookies are loaded from our server to your computer system. Mainly, these are so-called session cookies, i.e. cookies that are automatically deleted from your hard disk after the end of the browser session. Other cookies remain permanently on your computer system and enable us to recognise your computer system during your next visit to our website (so-called permanent cookies).

The cookies we use serve to enable the use of certain functions on this website and thus its operation and to make our website attractive. Moreover, they serve to enable an evaluation of the use of this website. Use of the cookies we apply is therefore in our legitimate interest (legal basis: Art. 6(1)(f) of GDPR) and may also happen on the basis of the consent you have given in this regard (legal basis: Art. 6(1)(a) of GDPR). If you do not give your consent to the use of cookies, this will only result in your not being able to use our website or not in full.

You may set your browser in such a way that you as user are informed of cookies being placed and may decide individually whether to accept them or to exclude the acceptance of cookies for certain cases or in general. We would like to point out that the functionality of our website may be limited if cookies are not accepted.

You may revoke your consent at any time with effect for the future (see No. 10 of this Data Protection Notice).

7. Use of Google Analytics

For the purposes of needs-based design and continuous optimisation of our website, we use the web analysis service Google Analytics. The legal basis for this is Art. 6(1)(f) of GDPR because our interests in needs-based design and in continuous optimisation of our website are to be considered as legitimate within the meaning of said provision as well as Art. 6(1)(a) of GDPR (consent, see also No. 10 of this Data Protection Notice).

Google Analytics is a web analysis service of Google Inc. (https://www.google.de/intl/de/about, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereinafter: ‘Google’).

In connection with our use of Google Analytics, de-identified user profiles are created and cookies are used (see above in No. 6). The information about your use of this website generated by the cookie such as

• type of browser/browser version
• operating system used
• referrer URL (the site visited previously)
• host name of the accessing computer (IP address)
• time of the server request

is transferred to a Google server in the USA and stored there. The information is used to evaluate use of the website, to prepare reports on website activities and to provide further services relating to website use and internet use for the purposes of market research and needs-based design of these webpages. Moreover, such information may be transferred to third parties if this is required by law or in so far as third parties are entrusted with the processing of these data. Your IP address will not in any event be merged with other Google data. The IP addresses are anonymised, so that no assignment is possible (IP masking).

You may prevent the installation of cookies by setting the browser software accordingly (see above in No. 6 of this Data Protection Notice); however, we would like to point out that in that case it may not be possible to use all functions of this website fully.

Moreover, you may prevent the collection of the data generated by the cookie that relate to your use of the website (incl. your IP address) and the processing of these data by Google by downloading and installing a browser add-on (https://tools.google.com/dlpage/gaoptout?hl=de). As an alternative to the browser add-on, especially with regard to browsers on mobile terminals, you may also prevent the collection by Google Analytics by clicking on this link: Google Analytics Opt-Out

Then an opt-out cookie is placed that prevents the future collection of your data when visiting this website. The opt-out cookie is only valid for this browser and only for our website and will be placed on your device. If you delete the cookies from this browser, you must place the opt-out cookie again.

You will find further information about data protection in connection with Google Analytics in the Google Analytics help function (https://support.google.com/analytics/answer/6004245?hl=de). As regards exceptional cases where personal data are transferred to the USA, Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

8. Use of Google Maps

In order to be able to show visitors to our website interactive maps directly on the website and to enable convenient use of the map function and thus to make our website attractive, we use Google Maps, a map service of Google Inc., on this website. The legal basis for this is Art. 6(1)(f) of GDPR as well as Art. 6(1)(a) of GDPR (consent – see also No. 10 of this Data Protection Notice).

When you visit the website, Google receives the information that you have called up the relevant subpage of our website. Moreover, the data specified in No. 2 of this data protection statement are transferred. This is done irrespective of whether Google provides a user account through which you are logged in or whether there is no user account. When you are logged into Google, your data are assigned directly to your account. If you do not want any assignment to your profile with Google, you must log out before activating the button. Google stores your data as user profiles and uses them for purposes of advertising, market research and/or needs-based design of its website. Such an evaluation takes place especially (even for users that are not logged in) in order to provide made-to-measure advertising and in order to inform other users of the social network about your activities on our website. You are entitled to a right of objection against the creation of such user profiles; to exercise this right, you must contact Google.

You will find further information about the purpose and scope of data collection and their processing by the plug-in provider in Google’s data protection statements. In these statements, you will also find further information about your rights in this regard and setting options regarding the protection of your privacy: http://www.google.de/intl/de/policies/privacy.

9. General rights of the data subject

You have the following general rights of the data subject with regard to the processing of your personal data by us:

• Right of access pursuant to Art. 15 of GDPR: You may request information about the purposes of processing, the category of the personal data that are processed, the recipients or categories of recipients to whom your personal data have been or will be disclosed, the envisaged storage period, the existence of a right to rectification, deletion, restriction of processing or objection, the existence of a right to lodge a complaint, the source of your data where they were not collected by us as well as the existence of automated decision-making, including profiling, and meaningful information about details thereof, if any.
• Right to rectification pursuant to Art. 16 of GDPR: You may demand the rectification of inaccurate personal data without undue delay or the completion of your personal data stored by us.
• Right to erasure (‘right to be forgotten’) pursuant to Art. 17 of GDPR: You have the right to demand that we delete your personal data stored by us unless the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims.
• Right to restriction of processing pursuant to Art. 18 of GDPR: You may demand restriction of the processing of your personal data where the accuracy of the data is contested by you, the processing is unlawful but you oppose the erasure of the data and we no longer need the data, but you require them for the establishment, exercise or defence of legal claims or you have objected to processing pursuant to Art. 21 of GDPR.
• Right to data portability pursuant to Art. 21 of GDPR: You have the right to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to demand transmission to another controller.
• Right to lodge a complaint with a supervisory authority (Art. 77 of GDPR): You have the right to lodge a complaint with a supervisory authority. As a rule, you may contact the supervisory authority of your habitual residence or place of work or of the registered office of our company (Hamburg) for this purpose.

10. Right of withdrawal

If you have given your consent to the processing of your personal data, you have the right to withdraw this consent at any time with regard to us with effect for the future pursuant to Art. 7(3) of GDPR. An e-mail sent to datenschutz@thor.de will suffice for this purpose.

11. Right to object

In addition, we would like to point out to you that, pursuant to Art. 21 of GDPR, you have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data if your personal data are processed on the basis of legitimate interests pursuant to Art. 6(1)(f) of GDPR; this also applies to profiling based on these provisions. If you wish to avail yourself of your right to object, an e-mail sent to datenschutz@thor.de will suffice.

The further course of action is laid down in Art. 21 of GDPR. In the case of direct marketing, the personal data are not used any more for this purpose if an objection is lodged. In other cases where an objection is lodged, further data processing will only take place if we demonstrate compelling grounds for processing that merit protection and override your interests, rights and freedoms or the processing is useful for the establishment, exercise or defence of legal claims.

12. Links to other websites

The offer on our website contains links to third-party websites. We do not transfer any data to third-party operators. Generally, we do not have any influence on their content and the collection, use and processing of data by them. We kindly ask you to obtain information about data protection on external websites separately. As soon as we should learn about illegal contents on a linked website, the link will be deleted immediately.

13. Data security

We apply up-to-date technical measures to ensure data security, especially to protect your personal data from risks during data transfer and from third-party access. These measures are always adjusted according to the current level of technology.

Please take note that the transfer of data through our website is not made in encrypted form and that you should therefore not send any confidential information via our website.

14. Up-to-dateness of and changes to this data protection statement

This data protection statement is currently valid and is dated May 2018.

It may become necessary to change this data protection statement due to the further development of our website and offers relating thereto or due to altered legal and/or regulatory requirements. You may retrieve the current data protection statement from the website at https://thor.de/en/privat/disclaimer/privat/disclaimer and print it at any time.