Data protection


The following information is only a non-binding translation of the German data protection declarations and guidelines. Legally relevant and binding are the original declarations in German language only, which can be obtained at the same place on the original German website.

 

Information on data protection for shareholders of POLIS Immobilien AG

The following information gives you an overview of data gathering and data handling of your personal and individual data by POLIS Immobilien AG (“POLIS”) and the rights that you enjoy under the German Data Protection Act.

Your personal and individual data is processed by POLIS in accordance with the regulations of the European General Data Protection Regulation (German: DSGVO), the Stock Corporation Act (German: AktG) and other applicable legal provisions.

1. Person / company responsible for data processing

The contact details of POLIS are:

POLIS Immobilien AG – Lietzenburger Str. 46 – 10789 Berlin

Phone: +49 30 225 00 250 – E-mail: info@polis.de

We have appointed a data protection officer at our company – available at: datenschutz@polis.de

2. Purpose of the processing, data categories and legal basis of the processing

The purpose of data processing is to enable the shareholders and shareholder representatives to attend at the Annual General Meeting and to assert their rights before and during the Annual General Meeting. This data relates to both shares and the Annual General Meeting, particularly the name, place of residence or address, any e-mail address, the respective share portfolio (number of shares, class of shares, type of ownership of shares), the ticket number for the Annual General Meeting and the granting of any proxies or instructions.

Depending on the circumstances of the case, other personal data may also be considered. The legal basis for the processing of data is Article 6 Para. 1 (1, c) GDPR, if required for the fulfilment of legal obligations. Additionally POLIS also processes personal data on the basis of Article 6 Para. 1 (f) GDPR.

3. Transmission and transfer of personal data

In the description below we will inform you about the different categories of recipients we share your personal data with:

External service providers:

POLIS authorizes in order to hold the Annual General Meeting various service providers and consultants. They will only receive personal data from POLIS to the extent required for the execution of any specific order. The service providers and consultants will use your personal data exclusively on the instructions of POLIS.

Shareholders/third parties: for up to two years shareholders are allowed to inspect the list of the participants of the Annual General Meeting, given to them by statutory right. Therefore, shareholders need to request access to the data in the participant directory after the Annual General Meeting.

Also, the list of participants will be available to all participants at the Annual General Meeting. Your personal data will also be published in accordance with the statutory provisions in the context of requests for amendments to the agenda, countermotions or election proposals.

Other recipients:

Within the framework of statutory provisions, we may be obliged to forward your personal data to other recipients, such as public authorities and courts (for instance in the publication of voting notifications according to the provisions of the German Securities Trading Act and the notification to public authorities of the fulfilment of statutory notification obligations).

4. Duration of storage

Your personal data will be stored for long as required by law or in case of a legitimate interest of POLIS, such as event of legal or extra-judicial disputes arising from the Annual General Meeting.

The personal data will subsequently be deleted. Generally, POLIS stores your personal data for a period of five years, beginning with the end of the year in which the Annual General Meeting took place.

5. Rights of affected persons

At any time you have the right

  • to demand information on whether and which of your personal data has been processed by POLIS, Art 15 GDPR,
  • to demand the correction, deletion and limitation of the processing of your personal data, Art. 16 – 18 GDPR,
  • to transfer your personal data, Art. 20 GDPR, as well as
  • to enter the objection about the processing of your personal data.

For the above mentioned requests, please contact us at the address specified under number 1.

In addition, you also have the right of appeal to the responsible data protection supervisory authority under Art. 77 GDPR.

6. Right of objection

At any time you have the right, arising from your particular situation, to object to the processing of your personal data as given by Art. 6 Para. 1 (f) GDPR (safeguarding of legitimate interests).

Thereafter we will terminate this processing, unless POLIS has overwhelming interests that need to be protected.

Status: May 2019

 


 

Privacy policy for this website

As you visit our website, various data will be collected. The reason is to give you convenient and secure access to our information and offers. We also pursue economic interests that will strengthen both our image and our sales within our website. For reasons of fairness and transparency, we will inform you about this as defined by EU GDPR (EU General Data Protection Regulation) in the following:

1. Responsible for data processing

Who is responsible for the collection of data?

We as a website operator are responsible for the personal data that has been used as you visit our website because we are also responsible for the techniques and for what purpose it is used on our website.

How do we collect your data?

First of all your personal data will be stored when you inform us of your personal data. For example the data you give us as you fill in our form.

Secondly other data will be automatically stored through our IT system as soon as you visit our website. This means in particular technical data (e.g. internet browser, operating system or the time of the page impression). The collection of this data takes place automatically as soon as you enter our website.

What do we use your data for?

Some of the data is collected to ensure an error-free provision of the website. Other data may be used to analyze your user behaviour and to improve our service to you.

What rights do you have regarding to your data?

At any time, you have the right to receive at no charge information about the origin, recipient and purpose of your personal data that has been stored. You also have the right to demand the correction, suspension or deletion of your data. Furthermore you have the right to complain to the responsible authority. For more information and privacy, you can always contact us at the address provided in the imprint.

SSL or TLS encryption

This website uses SSL or TLS encryption for security purposes and to protect the transmission of confidential content, such as orders or requests you send to us as the website operator. An encrypted

connection is indicated by the browser’s address bar switching from “http: //” to “https: //” and the lock icon in your browser bar. Data that you transmit to us cannot be read by third parties.

2. General and mandatory information

The operators of these pages take the protection of your personal data very seriously. When you use our website, various personal data that could identify you as a person will be collected. We treat your personal data (as defined in Art. 4 Para.1 GDPR) confidentially and in accordance to the legal data protection regulations. This privacy policy explains what will be collected through us, for what use and purpose.

We point out that the transfer of data on the internet, even with the best possible security (e.g. through communication by e-mail) may have security vulnerabilities. Complete protection against access to your personal data by third parties is impossible.

Note to the responsible contact

The responsible contact (Art. 4 Para.7 GDPR) for data processing on this website can be found in the imprint.

3. Your contact to our Data Protection Officer

We have set up www.mb-datenschutz.de as Data Protection Officer. Please contact the Data Protection Department via e-mail: datenschutz@polis.de

4. Data collection on our website

Cookies

Our website uses so-called cookies. These are necessary to make our offer more user-friendly, effective and secure. Cookies are small text files that are stored in the browser on your device. Cookies do not harm your computer nor contain viruses. Most of the cookies we use are so-called “session cookies”. They are automatically deleted after your visit. Other cookies remain on your device until they are deleted by you. These cookies enable us to recognize your browser the next time you visit our website and to apply the settings you yourself have made.

You can set up your browser in such a way that you are informed about the setting of cookies and that you only allow the acceptance of cookies for certain cases or in general, as well as activate the automatic deletion of cookies when closing the browser.

If you deactivate those cookies, the function of this website may be restricted. Cookies that are required for the electronic communication process are based on Art. 6 Para. 1 lit. f GDPR. The website operator’s legitimate interest in storing those cookies is based on technical error-free and optimized provision of its services. Insofar as other cookies (e.g. to analyze your surfing behaviour) are stored, they are treated separately in this privacy policy.

Server log files

The provider of our website collects and stores information automatically in so-called server log files, which your browser automatically transmits to us. This log file data includes:

  • Referrer URL (the web page you are coming from)
  • Browser type, browser version and language
  • Operating system and its interface
  • IP address (anonymized)
  • Server request time
  • Http status code – access status
  • The amount of data transferred
  • The storage period is 7 days

This data will not be combined with other data sources.

The legal basis for data processing is Art. 6 Para. 1 lit. f GDPR, which permits the processing of data for the optimal presentation and security of the website based on our legitimate interests, without predominating your interests in an exclusion of the data collection.

5. Visitors interaction with the website

Contact form

If you send us inquiries via the contact form, those details, including the contact details that have been provided by you, will be stored for the purpose of processing the request and in case of follow-up questions.

We do not share this information with third parties without your consent.

The regulation of the processing of the data via the contact form has its legal basis in Art. 6 Para. 1 lit. b GDPR (contract initiation or implementation). Your data will remain with us until you ask us to delete it or the data storage purpose is removed (for example, after the processing of your request has been completed – but only if we do not have to observe any retention periods).

6. Plugins

Google Maps

Our website uses the map material of Google Maps via an API. Provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. To use the features of Google Maps, it is necessary to submit your IP address to a Google server.

The reason for using google maps is to present our online content and offers in a more appealing way and for greater ease of finding the places that have been referenced by us on our website.

This constitutes a legitimate interest within the meaning of Art. 6 Para. 1 lit. f GDPR. For more information on how to deal with user data, please refer to Google’s privacy policy: https://www.google.de/intl/de/policies/privacy/.

Bootstrap (CDN)

On our websites, we use bootstrap technology for a modern design and optimized representation of the content offered on different devices.

The provider is StackPath, LLC, 2021 McKinney Avenue, Suite 1100 Dallas, Texas 75201.

Our website uses the Bootstrap CDN (Content Delivery Network) from MaxCDN to deliver so-called libraries (collections of technical instructions) to your browser.

If your browser does not yet have a copy of the libraries cached or downloads the file from the bootstrap CDN for a different reason, then during the connection to the bootstrap CDN server your IP address will be transmitted to the provider MaxCDN (USA).

Regulation of the use of this service is based on Art. 6 Para.1 f) GDPR. The website operator has a legitimate interest in optimizing the website. StackPath, LLC has submitted to the EU-US Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000CbahAAC&status=Active

Learn more about privacy at StackPath, LLC. and bootstrap at: https://www.stackpath.com/legal/master-service-agreement/#pp and: https://www.bootstrapcdn.com/privacy-policy/

7.  What rights do you have under EU GDPR?

The aim of EU GDPR is to assure you, as the data subject, the greatest possible control over your personal data. Personal means all data that is directly or indirectly available to you as a person. In order for you to exercise effective control over your data, you have the following rights:

  • The right to information under Article 15 of EUGDPR,
  • The right to make corrections under Article 16 of EU GDPR,
  • The right to cancellation under Article 17 EU GDPR,
  • The right to restriction of processing under Article 18 of EU GDPR
  • The right to object under Article 21 EU GDPR.

In addition, you have the right to appeal against us at a data protection supervisory authority under Article 77 of EU GDPR if you believe that we are processing your data unlawfully. A list of all supervisory authorities can be found here: www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links- node.html

The right to data portability according to Art. 20 EU GDPR is only relevant when you visit our website, if you have the option to create a profile (e.g. applicant profile, member profile, etc.) or to enter the corresponding information about yourself.

Status: May 2019

 


Information about the gathering of personal data in the context of the lease contract

POLIS is responsible for the processing of your personal and individual data and has the obligation to inform you as a result of the new EU General Data Protection Regulation (EU GDPR).Therefore and according to Art. 13 EU GDPR we inform you about the following points:

1.  Responsible for data processing

For further information about the responsible body for data processing on this website, please refer to the imprint.

2.  Contact details for our data protection officer

datenschutz@polis.de

www.mb-datenschutz.de

3. Purpose of the processing of your personal data

Tenant management, maintenance of rental properties, removal of defects, satisfaction surveys, property inspections, property monitoring if necessary and video surveillance if available.

4. Legal basis for the processing of tenant data

EU GDPR Art. 6 Para.1 a) allows us on the basis of your consent to process your personal data for specific purposes, e.g. our tenant surveys in the context of our quality management

  • EU GDPR Art. 6 Para. 1 b) includes data processing that is necessary for the implementation of a contract and for pre-contractual measures.
  • EU GDPR Art. 6 Para. 1 c) allows us to process your personal data based on a legal obligation, e.g. retention requirements under financial and tax law.
  • EU GDPR Art. 6 Para.1 f) allows us to process your personal data as long as POLIS or a third party has a legitimate interest in this processing and as long as your interests, fundamental rights or fundamental freedoms will not be affected, e.g.:
  • Video surveillance of our rental properties to secure our property rights and for the maintenance of rental properties

5. Duration of data storage

Generally: After the purpose of data processing has been eliminated and if the statutory retention periods have been expired, your personal data will be deleted. Companies are obligated to storage those data for 6 up to 10 years.

6. Special storage periods

  • Rental documents for 6 years after the end of the lease
  • Accounting documents 10 years
  • Video recordings 10 years

If storage is based on your consent, e.g. in newsletters etc., we will delete your personal data as soon as you withdraw your consent.

7. Recipient of your personal data

Only our company’s employees have access to your personal data to the extent they need to perform their duties.

Our appointed service providers may also receive your personal data to perform their duties, only and as long as they fulfil the confidentiality requirements for the same purpose as described above.

These may be companies or persons of the following categories: owner, property manager, craftsmen, marketing service providers, security service providers, meter reading service …

Your data will not be passed on any further than the borders of the European Union (EU / EEA).

8. Your privacy rights

Under Article 15 EU GDPR you have the right to receive information about which personal data has been stored, under Article 16 EU GDPR you have the right to have your personal data corrected, under Article 17 EU GDPR you have the right of cancellation of your personal data, under Article 18 EU GDPR you have the right to restrict processing and Article 21 EU GDPR gives you the right to enter an objection. Additionally, you have the right to complain to a data protection supervisory authority under Article 77 EU GDPR.

 

Status: May 2019

 


Data protection information on the collection of personal data in the context of applicant management

POLIS is responsible for the processing of your personal and individual data and has the obligation to inform you as a result of the new EU Data Protection Regulation (EU GDPR).

According to Art. 13 & 14 EU GDPR we inform you about the following points:

1. Responsible for data processing

For further information about the responsible body for data processing on this website, please refer to the imprint.

2. Data protection officer / contact person

datenschutz@polis.de

www.mb-datenschutz.de

3. Purposes of processing your personal data

Applicant management.

4. Legal basis for the processing of personal data

Section 26 BDSG (1) covers data processing that is necessary for the establishment, implementation and termination of an employment relationship and for the detection of offences in the employment relationship.

Section 26 BDSG (2) allows us to process your data on the basis of voluntary written consent that is given by you and is revocable at any time in the future. Furthermore you will not be disadvantaged in our employment, e.g. the inclusion of your application documents in our applicant pool.

Section 26 BDSG (3) allows us to process your sensitive data (e.g. health data, trade union membership) to the extent necessary to exercise rights or to fulfil legal obligations under labour law, social security law and social protection and provided your defending interests will not be affected.

Art. 6 Para. 1 f) EU GDPR allows us to process your personal data if we or third parties have legitimate interests in this processing and do not affect your interests, fundamental rights or fundamental freedoms, e.g.:

  • Video surveillance of our company premises to exercise our property rights,
  • Assertion, exercise or defence of legal claims

5. Duration of data storage

Generally: as soon as the purpose of data processing has been eliminated and the statutory retention periods have expired, your personal data will be deleted. There are retention obligations of 6 or 10 years (if granted) for companies.

Application documents are deleted no later than 6 months after rejection.

If storage is based on your consent, we will delete your personal data if you revoke your consent.

6. Recipients of your personal data

In our company only employees who require your personal data gain access to it to the extent that is necessary to fulfil their duties.

Employed service providers may receive your information for the same purposes as described above if they comply with privacy-related confidentiality requirements. In this case we mean the applicant portal operator.

Public social insurance agencies and the tax offices receive your personal data during the submission of social security contributions and taxes.

The transfer of your data outside the EU/EEA does not take place. Data that we receive from third parties about you:

In the event that you have been referred by a to us by a staffing service as a potential employee, we will receive your application documents from your provider.

7. Your privacy rights

 Under Article 15 EU GDPR you have the right to receive information about which personal data has been stored, under Article 16 EU GDPR you have the right to have your personal data corrected, under Article 17 EU GDPR you have the right of cancellation of your personal data, under Article 18 EU GDPR you have the right to restrict processing and Article 21 EU GDPR gives you the right to enter an objection. Additionally, you have the right to complain to a data protection supervisory authority under Article 77 EU GDPR.

Status: May 2019

 

 


Data protection information for the collection of personal data in the context of the supplier relationship

Dear suppliers,

Under the EU General Data Protection Regulation (EU GDPR) we, the party responsible for the processing of personal data, are under obligation to provide certain information. In accordance with Articles 13 and 14 EU GDPR, we therefore provide you with information on the following:

Controller:
POLIS Immobilien AG
Lietzenburger Straße 46
10789 Berlin
Represented by the Board of Management members:
Mathias Gross und Dr. Michael Piontek
Contact:
Telefon: +49 30 225 00 250
Telefax: +49 30 225 00 299
E-Mail: info@polis.de

Data Protection Officer:
datenschutz@polis.de
www.mb-datenschutz.de

Purposes of processing your personal data:
Contract initiation and implementation, supplier management

Legal basis for processing your data:

  • EU GDPR Article 6 Para. 1 b) covers data processing that is necessary to fulfil a contract as well as for pre-contractual measures.
  • EU GDPR Article 6 Para. 1 c) permits us to process your data on the basis of a legal obligation, e.g. retention obligations under financial and tax law.
  • Article 6 Para. 1 f) EU GDPR permits us to process your personal data if we or a third party have legitimate interests in this processing and provided your interests, fundamental rights or fundamental freedoms will not be affected, e.g.:
    • Video surveillance to exercise our property rights
    • Appropriate measures to avoid damage to and/or liability of the company
    • Assertion, exercise or defence of legal claims

Duration of data storage:

Generally: as soon as the purpose of data processing has been eliminated and the statutory retention periods have expired, your personal data will be deleted. There are generally retention obligations of 6 or 10 years for companies.

Special retention period for:

  • Video recordings 48 hours

If storage is based on your consent, we will delete your personal data if you revoke your consent.

Recipients of your personal data:

In our company only employees who require your personal data gain access to it to the extent that is necessary to fulfil their duties. All employees have an obligation to uphold confidentiality and data privacy.

Employed service providers may receive your data to fulfil the purpose described if they comply with privacy-related confidentiality requirements. They may include, for example, enterprises in the following categories: IT services, print and shipping services, market research firms, call centres, logistics providers, data destruction. These service providers are known as processors, who are under a special contractual obligation in accordance with statutory requirements.

Banks/banking service providers

Credit rating service providers

Public bodies, e.g. tax offices, receive your personal data only in accordance with statutory obligations.

The transfer of your data outside the EU/EEA does not take place.

Data that we receive from third parties about you:
None

Your privacy rights
Under Article 15 EU GDPR you have the right to information, under Article 16 EU GDPR the right to have personal data corrected, under Article 17 EU GDPR the right of cancellation, under Article 18 EU GDPR the right to restrict processing and Article 21 EU GDPR gives you the right to enter an objection. Additionally, you have the right to complain to a data protection supervisory authority under Article 77 EU GDPR.

Status: May 11, 2019