Data Protection Information
We are pleased that you visit our website and are interested in our products ans services. The protection of your personal data is important to us and we would like you to feel safe when you visit our website. We comply with applicable data protection law, in particular the EU General Data Protection Directive (“GDPR”) and the German Telemedia Act (“TMG”).
In this data protection information, we explain which information (including personal data) are processed by us in connection with your visit and use of our website (“Website”).
I. Who is responsible for the processing of personal data?
The controller responsible for the processing of personal data is Kairos Real Estate Development GmbH, Op‘n Hainholt 111 d, 22589 Hamburg, Telefon +49 (0)40 209 104 90, E-Mail email@example.com. Any reference to “we” or “us” in this data protection information is a reference to the aforementioned entity.
Our website may refer to affiliated companies (for example by mentioning “KairosBlue”, “KairosGreen” or “Kairos Lab”); this does not affect our responsibility under data protection law.
II. Which principles do we observe?<br />
In compliance with applicable data protection law, we only process your personal data on the basis of a statutory authorization or if you have declared your consent. This also applies for the processing of personal data for marketing purposes.
On this Website we may collect information that does not allow us to draw any direct conclusions about your person. In certain cases - especially when combined with other data - this information can nevertheless be considered as "personal data" under applicable data protection law. Furthermore, we may also collect information on this Website that does not enable us to identify you, directly or indirectly; this is the case, for example, with aggregated information about all users of this Website.
III. Which data do we process?
You can access our Website without entering personal data (such as your name, your postal address or your e-mail address). Also in this case we must process certain information to enable you to access our Website. In addition, provide general information about our company, our products and services and contact persons. In this context, you will also find information on contact channels (especially telephone numbers and e-mail addresses) through which you can contact us.
- Log files: When you visit this Website, our web server automatically stores the domain name or IP address of the requesting computer (usually a computer of your internet access provider) including the date, time and duration of your visit, the subpages/URLs you visit and information about the application(s) and terminal(s) you use to view our pages.
- Contact: If you contact us via one of the channels indicated on our website, we will process any personal data contained in your message and provided by you in order to process and respond to your request, unless you have declared your further consent.
IV. For which purposes and on which legal basis do we process your personal data?
- We process personal data possibly contained in log files to enable you to use our Website; this processing is based on Section 15 (1) TMG and Article 6 para 1 f) GDPR for the purposes of our justified interest in operating our Website.
- The processing of personal data for handling one of your requests (including requests via a contact form on our website) is carried out in any case for the purposes of our legitimate interest in establishing and maintaining business contacts on the basis of Article 6 (1) f) GDPR. If your request relates to the conclusion of a contract or pre-contractual measures, your personal data will be processed on the basis of Article 6 (1) b) GDPR.
- We may process the data processed in connection with your use of our Website also for compliance with legal obligations to which we are subject; this processing is based on Article 6 para 1 c) GDPR
- To extent necessary, we process personal data (in addition to the processing for the purposes of the employment relationship or to comply with legal obligations) for the purposes of our justified interests or the justified interests of a third party on the basis of Article 6 para 1 f) GDPR. Justified interest may include
- the establishment of or defence against legal claims;
- the prevention and investigation of criminal or administrative offences; or
- the management and further development of our business operations including risk management.
V. Are you obliged to provide data?
For the handling of one of your requests to us it is necessary that you provide us at least with one means of contact; otherwise we will not be able to process your request.
If we collect additional data from you, we will inform you if the provision of such information is based on a legal or contractual obligation or necessary for the performance of an agreement. We usually indicate which information may be provided voluntarily and is neither based on a legal or contractual obligation nor necessary for the purposes of an agreement.
VI. Who obtains or has access to your data?
Your personal data are generally processed within our company. Depending on the categories of personal data, only dedicated departments / organizational units are granted access to your personal data. Based on a role / rights management concept, access to personal data is limited to the functions and the extent necessary for the respective purpose of the processing.
If and to the extent permitted by law, we may transfer your personal data to recipients outside of our company. Such external recipients may include
- [affiliated companies to which we may transfer data in compliance with statutory regulations, e.g. if this is required for internal administrative purposes];
- service providers that – on the basis of separate agreements with us – provide certain services possibly including the processing of personal data, as well as approved subcontractors of our service providers; and
- private or public bodies, to the extent we are obliged to transfer your personal data on the basis of a legal obligation to which we are subject;
VII. Do we use automated decision-making?
In connection with the operation of our Websites we generally do not use automated decision-making (including profiling) within the meaning of Article 22 GDPR. If we apply such processes in the future, we will inform you separately in accordance with the applicable statutory provisions.]
VIII. Are data transferred to countries outside the EU / the EEA?
No; personal data is processed within the European Union or the European Economic Area; we do not intend to transfer personal data to other countries.
IX. How long are your data stored?
We generally store personal data as long as we have a justified interest in the retention of such data and there the interest of the data subject in refraining from the further processing do not prevail. Even without a justified interest, we may continue to store the data if there is a legal obligation (e.g. to comply with statutory retention obligations). We delete personal data even without an action by the data subject as soon as further retention is no longer necessary for the purposes for which the data were collected or otherwise processed or if further retention is not permitted by law otherwise.
As far as the aforementioned processing is concerned, we regularly
- delete the log data within seven days, if if further storage is not required for purposes provided for by law, such as the detection of misuse and the detection and rectification of technical faults; and
- delete the data processed in the context of a request to us after the processing of such request and the expiration of statutory retention periods.
If personal data need to be stored to comply with a legal obligation, such data is retained until the end of the respective retention period. If personal data are only processed to comply with a statutory retention obligation, the access to such data is usually restricted so that the data are only accessible if needed for the purpose of the retention obligation.
X. What are your rights as a data subject?
a) Right to object according to Art. 21 GDPR
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you under Article 6 (1) e) or f) GDPR, including profiling based on these provisions. In the event of your objection, we will no longer process the personal data concerning you, unless we can demonstrate compelling legitimate grounds for processing which override your interests, rights and freedoms, or the processing serves to establish, exercise or defend legal claims.
b) Other rights
As a data subject, you may
- request access to your personal data, Article 15 GDPR;
- request the rectification of incorrect personal data, Article 16 GDPR;
- request the erasure of your personal data, Article 17 GDPR;
- request the restriction of the processing of your personal data, Article 18 GDPR;
- exercise your right to data portability, Article 20 GDPR;
The aforementioned rights may be asserted against us, e.g. by providing notice to us via the contact details specified on the first page of this data protection information.
In addition, you are entitled to lodge a complaint regarding the handling of your personal data with the competent supervisory authority, Article 77 GDPR