Thank you for visiting frankfurt-westside.de. The protection of your personal data is very important to us and we would like to make you feel safe when you visit our website, which is why we encrypt our website using the latest technology. We take data protection seriously and hereby inform you how we process your data and what claims and rights you are entitled to under the data protection regulations. Valid as of 25 May 2018.
Data protection information on our data processing in accordance with Articles 13, 14 and 21 of the Data Protection Regulation (GDPR)
1. Responsible for data processing and contact details
Legally responsible under the German Data Protection Act:
Contact form – in German (on beos.net)
How to contact our data protection officer:
HEC Harald Eul Consulting GmbH
Auf der Höhe 34
Contact form – in German (on beos.net)
If you have any questions regarding data protection, please do not hesitate to contact our data protection officer.
2. Purposes and legal basis on which we process your data
Personal data in the sense of the Federal Data Protection Act (BDSG) are individual details about personal and factual circumstances of a specific or identifiable natural person. This includes, for example, name, address, date of birth, profession, bank details or information about personal financial circumstances. All of this data is subject to special protection in accordance with the BDSG, which we ensure through technical and organisational measures. We process personal data in accordance with the provisions of the General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG) and other applicable data protection regulations (details below). Which data is processed in detail and how it is used depends largely on the services requested or agreed in each case. Further details or additions to the purposes of data processing can be found in the respective contractual documents, forms, a declaration of consent and/or other information provided to you (e.g. in the context of using our website or our terms and conditions). In addition, this data protection information may be updated from time to time, as you can see from our website. Every time you access the BEOS AG website, information transmitted by your browser is automatically stored temporarily. The type/version of browser, the operating system used, the name and URL of the file accessed, the referrer URL (the page previously visited), the volume of data transferred, the host name of the accessing computer (IP address) and the date and time of the server request are recorded in the log file created. It is therefore not possible to draw conclusions about specific persons. This data is not merged with other data sources and is deleted after statistical evaluation. The storage and processing of this data is solely for the purpose of system security and the optimisation of the website. Therefore, we do not require any personal data from you to visit our website. You can move around absolutely anonymously in the sense of the BDSG.
2.1 Purposes for the fulfilment of a contract or pre-contractual measures (Art. 6 para. 1 b GDPR)
The processing of personal data is carried out for the performance of our contracts with you and the execution of your orders as well as for the performance of measures and activities in the context of pre-contractual relationships, e.g. with interested parties. In particular, the processing thus serves the provision of real estate services, such as
- the mediation
- the renting
- the sale
- the purchase
of real estate according to your orders and wishes and include the services, measures and activities necessary for this. These essentially include contract-related communication with you, the verifiability of transactions, orders and other agreements as well as for quality control through corresponding documentation, goodwill procedures, measures for the control and optimisation of business processes as well as for the fulfilment of general due diligence obligations, management and control by affiliated companies (e.g. parent company); statistical evaluations for corporate management, cost recording and controlling, reporting, internal and external communication, emergency management, accounting and tax assessment of operational services, risk management, assertion of legal claims and defence in legal disputes; guaranteeing IT security (including system and plausibility checks), and the provision of information and data to the public. system and plausibility tests) and general security, including building and facility security, ensuring and exercising domiciliary rights (e.g. through access controls); ensuring the integrity, authenticity and availability of data, prevention and investigation of criminal offences; control by supervisory bodies or control authorities (e.g. auditing).
2.2. Purposes within the scope of a legitimate interest of us or third parties (Art. 6 para. 1 f GDPR)
Beyond the actual performance of the contract or preliminary contract, we may process your data if it is necessary to protect legitimate interests of us or third parties, in particular for purposes:
- advertising or market and opinion research, insofar as you have not objected to the use of your data;
- obtaining information and exchanging data with credit agencies, insofar as this exceeds our economic risk;
- the testing and optimisation of needs assessment procedures;
- the further development of services and products as well as existing systems and processes;
- the disclosure of personal data as part of due diligence in company sale negotiations;
- for comparison with European and international anti-terrorist lists, insofar as this goes beyond the legal obligations;
- the enrichment of our data, including through the use or research of publicly available data;
- statistical evaluations or market analysis;
- of benchmarking;
- the assertion of legal claims and defence in legal disputes which are not directly attributable to the contractual relationship;
- the limited storage of the data if deletion is not possible or only possible with disproportionate effort due to the special type of storage;
- the development of scoring systems or automated decision-making processes;
- the prevention and investigation of criminal offences, insofar as not exclusively for the fulfilment of legal requirements;
- building and facility security (e.g. through access controls and video surveillance), insofar as this goes beyond the general duties of care;
- internal and external investigations, security clearances;
- the possible listening in or recording of telephone conversations for quality control and training purposes;
- obtaining and maintaining certifications of a private or official nature;
- securing and exercising house rights through appropriate measures as well as through video surveillance to protect our customers and employees and to secure evidence in the event of criminal offences and to prevent them.
2.3 Purposes within the scope of your consent (Art. 6 para. 1 a GDPR)
Processing of your personal data for certain purposes (e.g. use of your e-mail address for marketing purposes) may also be based on your consent. As a rule, you can revoke this consent at any time. This also applies to the revocation of declarations of consent given to us prior to the application of the GDPR, i.e. prior to 25 May 2018. You will be informed separately about the purposes and consequences of revoking or not granting consent in the relevant text of the consent. As a general rule, the revocation of consent only takes effect for the future. Processing that took place before the revocation is not affected by this and remains lawful.
2.4 Purposes for the fulfilment of legal requirements (Art. 6 para. 1 c GDPR) or in the public interest (Art. 6 para. 1 e GDPR)
Like anyone who participates in business, we are subject to a variety of legal obligations. Primarily these are legal requirements (e.g. commercial and tax laws), but also regulatory or other official requirements where applicable. The purposes of processing may include identity and age verification, fraud and money laundering prevention, the prevention, combating and investigation of terrorist financing and crimes endangering assets, comparisons with European and international anti-terrorist lists, the fulfilment of control and reporting obligations under tax law as well as the archiving of data for data protection and data security purposes as well as audits by tax and other authorities. In addition, the disclosure of personal data may become necessary in the context of official/court measures for the purposes of gathering evidence, criminal prosecution or the enforcement of civil law claims.
3. The categories of data we process, where we do not receive data directly from you, and their origin
Insofar as this is necessary for the provision of our services, we process personal data permissibly received from other companies or other third parties (e.g. credit agencies, address publishers). In addition, we process personal data that we have permissibly taken, received or acquired from publicly accessible sources (such as telephone directories, commercial and association registers, civil registers, debtor registers, land registers, the press, the Internet and other media) and may process. Relevant personal data categories can be in particular:
- Personal data (name, date of birth, place of birth, nationality, marital status, profession/industry and comparable data)
- Contact details (address, e-mail address, telephone number and comparable data)
- Address data (registration data and comparable data)
- Confirmation of payment/coverage for bank and credit cards
- Information about your financial situation (creditworthiness data including scoring, i.e. data for assessing the economic risk)
- Customer history
- Data about your use of the telemedia offered by us (e.g. time of calling up our websites, apps or newsletters, pages/links clicked on by us or entries and comparable data).
- Video data
4. Recipients or categories of recipients of your data
Within our company, your data is passed on to those internal departments or organisational units that need it to fulfil our contractual and legal obligations or in the context of processing and implementing our legitimate interests. Your data will only be passed on to external bodies if
- in connection with the execution of the contract;
- for the purposes of fulfilling legal requirements according to which we are obliged to provide information, report or pass on data or the passing on of data is in the public interest (cf. section 2.4);
- insofar as external service companies process data on our behalf as order processors or function transferees (e.g. external data centres, support/maintenance of EDP/IT applications, archiving, document processing, call centre services, compliance services, controlling, data screening for anti-money laundering purposes, data validation or plausibility checks, data destruction, purchasing/procurement, customer administration, lettershops, marketing, media technology, research, risk controlling, invoicing, telephony, website management, auditing services, etc.). -(e.g. data validation or plausibility check, data destruction, purchasing/procurement, customer administration, lettershops, marketing, media technology, research, risk controlling, billing, telephony, website management, auditing services, credit institutions, printers or companies for data disposal, courier services, logistics);
- on the basis of our legitimate interest or the legitimate interest of the third party for the purposes stated in section 2.2 (e.g. to authorities, credit agencies, debt collection, lawyers, courts, experts, companies belonging to the group and committees and supervisory bodies);
- if you have given us consent to transfer the data to third parties.
We will not pass on your data to third parties. If we commission service providers to process your data, they are subject to the same security standards as we are. In other cases, the recipients may only use the data for the purposes for which it was transmitted to them.
5. Duration of the storage of your data
We process and store your data for the duration of our business relationship. This also includes the initiation of a contract (pre-contractual legal relationship) and the processing of a contract. In addition, we are subject to various storage and documentation obligations, which result, among other things, from the German Commercial Code (HGB), the Real Estate Agent and Property Developer Ordinance (MaBV) and the German Fiscal Code (AO). The periods specified there for storage and documentation are up to ten years beyond the end of the business relationship or the pre-contractual legal relationship. Furthermore, special legal regulations may require a longer retention period, such as the preservation of evidence within the framework of the legal statute of limitations. According to §§ 195 et seq. of the German Civil Code (BGB), the regular limitation period is three years; however, limitation periods of up to 30 years may also be applicable. If the data are no longer required for the fulfilment of contractual or legal obligations and rights, they are regularly deleted, unless their – temporary – further processing is necessary for the fulfilment of the purposes listed under section 2.2 due to an overriding legitimate interest. Such an overriding legitimate interest also exists, for example, if deletion is not possible or only possible with disproportionate effort due to the special nature of the storage and processing for other purposes is excluded by suitable technical and organisational measures.
6. Processing of your data in a third country or by an international organisation
Data is transferred to bodies in countries outside the European Union (EU) or the European Economic Area (EEA) (so-called third countries) if it is necessary for the execution of an order/contract from or with you, if it is required by law (e.g. tax reporting obligations), if it is in the legitimate interest of us or a third party or if you have given us your consent. In this context, the processing of your data in a third country may also be carried out in connection with the involvement of service providers as part of commissioned processing. If there is no EU Commission decision on an adequate level of data protection for the country in question, we ensure that your rights and freedoms are adequately protected and guaranteed in accordance with EU data protection requirements by means of appropriate contracts. We will provide you with the relevant detailed information upon request. Information on the appropriate or adequate guarantees and on the possibility of obtaining a copy from you can be obtained from the company data protection officer upon request.
7. Your data protection rights
Under certain conditions you can assert your data protection rights against us
- Thus, you have the right to receive information from us about your data stored by us according to the rules of Art. 15 GDPR (if necessary with restrictions according to § 34 BDSG).
- At your request, we will correct the data stored about you in accordance with Art. 16 GDPR if it is inaccurate or incorrect.
- If you so wish, we will delete your data in accordance with the principles of Art. 17 GDPR, provided that other statutory regulations (e.g. statutory retention obligations or the restrictions under Section 35 BDSG) or an overriding interest on our part (e.g. for the defence of our rights and claims) do not prevent this.
- Taking into account the requirements of Art. 18 GDPR, you may request us to restrict the processing of your data.
- Furthermore, you may object to the processing of your data in accordance with Art. 21 GDPR, on the basis of which we must terminate the processing of your data. However, this right of objection only applies in the case of very special circumstances of your personal situation, whereby rights of our company may possibly conflict with your right of objection.
- You also have the right to receive your data in a structured, common and machine-readable format under the conditions of Art. 20 GDPR or to transfer it to a third party.
- In addition, you have the right to revoke your consent to the processing of personal data at any time with effect for the future (see section 2.3).
- Furthermore, you have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR). However, we recommend that you always first address a complaint to our data protection officer.
Where possible, your requests to exercise your rights should be addressed in writing to the address above or directly to our Data Protection Officer.
8. Scope of your obligations to provide us with your data
You only need to provide the data that is required for the establishment and implementation of a business relationship or for a pre-contractual relationship with us or which we are legally obliged to collect. Without this data, we will generally not be able to conclude or execute the contract. This may also refer to data required later in the course of the business relationship. If we request additional data from you, you will be informed separately of the voluntary nature of the information.
9. Existence of automated decision-making in individual cases (including profiling)
We do not use any purely automated decision-making processes pursuant to Article 22 of the GDPR. If we do use such a procedure in individual cases in the future, we will inform you separately if this is required by law. Under certain circumstances, we process your data partly with the aim of evaluating certain personal aspects (profiling). In order to be able to provide you with targeted information and advice on products, we may use evaluation tools. These enable needs-based product design, communication and advertising, including market and opinion research. Such procedures may also be used to assess your creditworthiness and credit standing as well as to combat money laundering and fraud. So-called “score values” may be used to assess your creditworthiness and credit standing. A score is a mathematical calculation of the probability that a customer will fulfil his or her payment obligations in accordance with the contract. Such score values thus support us, for example, in assessing creditworthiness, in decision-making in the context of product transactions and flow into our risk management. The calculation is based on mathematically statistically recognised and proven methods and is carried out on the basis of your data, in particular your income situation, expenses, existing liabilities, profession, employer, length of employment, experience from the previous business relationship, contractual repayment of previous loans as well as information from credit agencies. Special categories of personal data according to Art. 9 GDPR are not processed.
Information about your right to object Art. 21 GDPR 1. You have the right to object at any time to the processing of your data based on Art. 6 (1) f GDPR (data processing based on a balance of interests) or Art. 6 (1) e GDPR (data processing in the public interest) if there are grounds for doing so that arise from your particular situation. This also applies to profiling based on this provision within the meaning of Art. 4 No. 4 GDPR. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the assertion, exercise or defence of legal claims. 2. We may also process your personal data for the purposes of direct marketing. If you do not wish to receive advertising, you have the right to object to this at any time; this also applies to profiling, insofar as it is associated with such direct advertising. We will observe this objection for the future. We will no longer process your data for direct marketing purposes if you object to processing for these purposes. The objection can be made form-free and should preferably be addressed to
10707 Berlin – Germany
Additional information about visiting the website
1. Internet browser log data
The use of our website is generally possible without the collection of personal data. Personal data (such as name, address, e-mail) is only collected and processed if you contact us via our contact form, for example. Personal data will not be passed on to third parties without express consent.
The provider (or its web space provider) collects data about each access to the offer (so-called server log files). The access data includes: Name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address and the requesting provider.
The IP address is deleted from all systems used in connection with the operation of this website after 5 days at the latest. We can then no longer establish a personal reference from the remaining data.
The provider uses the log data only for statistical evaluations and for the purpose of the operation, security and optimisation of the offer. No conclusion can be drawn about your person from this data. However, the provider reserves the right to subsequently check the log data if there is a justified suspicion of unlawful use due to concrete indications.
The data is also used to correct errors on the website.
The legal basis for this data processing is Art. 6 para. 1 lit. f) GDPR Our legitimate interest is the operation of this website and the associated implementation of the protection goals of confidentiality, integrity and availability of the data.
The data subject can prevent the setting of cookies by our website at any time by means of an appropriate setting of the Internet browser used and thus permanently object to the setting of cookies. Furthermore, cookies that have already been set can be deleted at any time via an internet browser or other software programmes. This is possible in all common internet browsers. If the data subject deactivates the setting of cookies in the Internet browser used, it may not be possible to use all the functions of our website. The legal basis for data processing when using essential cookies is Art. 6 para. 1 p. 1 lit. f) GDPR, when using all other cookies the legal basis is your consent according to Art. 6 para. 1 p. 1 lit. a) GDPR.
3. Google Analytics and Google Maps
3.1 Google Analytics
3.2 Google Maps
This website uses Google Maps (“Google Maps”), a map service provided by Google, Inc. (“Google”) to display interactive maps.
4. Contact option via the website
In order to contact us as quickly as possible, you have the option of using the contact form provided on our website. To use the contact form, it is necessary to provide certain personal data, such as your name and e-mail address. The transmitted data will be stored automatically. This data, which is transmitted voluntarily by you, is stored for the purpose of contacting you and processing your enquiry. It will not be passed on to third parties. The legal basis for this data processing is your voluntary consent in accordance with Art. 6 Para. 1 lit. a) GDPR.
5. Online presences in social media
BEOS AG maintains online presences within social networks and platforms in order to inform its customers, partners, (potential) employees and users about current developments relating to BEOS and to be able to communicate with them.
We would like to point out that user data may be processed outside the European Union. This may result in risks for users because, for example, it could make it more difficult to enforce users’ rights. With regard to US providers certified under the Privacy Shield, we point out that they thereby undertake to comply with EU data protection standards.
In social networks and on other platforms, the data protection provisions (see links below) of the respective companies apply, even if we disseminate our information and maintain a presence there.
In the case of requests for information and the assertion of user rights, we also point out that these can be asserted most effectively with the providers. Only the providers have access to the users’ data and can take appropriate measures and provide information directly. If you still need help, you can contact us at any time.
Facebook (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland), Facebook pages based on an agreement on joint processing of personal data
especially for pages: www.facebook.com/legal/terms/information_about_page_insights_data
a. Use of Facebook Plugins
Our website uses Social Plugins from the social network Facebook, 1601 South California Avenue, Palo Alto, CA 94304, USA. These Facebook plugins are identifiable by a Facebook logo (white “f” on blue background or a “thumbs up” sign) on our site. The list and look of Facebook plugins can be found at: developers.facebook.com/docs/plugins/. When you visit one of our web pages with the plugin installed, your browser creates a direct connection to the Facebook server. This informs Facebook that you have accessed the corresponding page of our website with your IP address. If you interact with the “Like” button while you are logged into your Facebook account, you can link the content on our site with your Facebook profile. This allows Facebook to associate your access of our website with your user account. As operator of the website, we receive no information regarding the nature of the data sent to Facebook or how it is used. More information can be found at de-de.facebook.com/policy.php.
If you do not want Facebook to collect data about you via our website, you must log out of Facebook prior to visiting our website.
b. Use of Twitter Plugins
You can change your Twitter privacy settings in your Twitter account settings at twitter.com/account/settings.
c. Use of Xing Plugins
Our website uses functions of the XING network, operated by XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany. Every time you access one of our pages that contains XING functions, a connection to XING servers is established. To the best of our knowledge, XING does not store personal data. In particular, no IP addresses are stored and usage behaviour is not evaluated.
Further information on data protection and the XING Share button can be found in XING’s data protection statement at www.xing.com/app/share?op=data_protection.
d. Use of YouTube Plugins
Our website uses plugins from Google’s YouTube site, operated by YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. If you visit one of our pages with a YouTube plugin, a connection to the YouTube servers is established. The YouTube server receives information about the pages on our website you have visited.
If you are logged into your YouTube account, you allow YouTube to associate your surfing behaviour directly with your personal profile. You can prevent this by logging out of your YouTube account.
Further information on how user data is handled can be found in YouTube’s data protection statement at www.google.de/intl/en/policies/privacy.
6. Security and encryption
BEOS AG protects the collected customer data by storing the data on password-protected servers secured by firewalls and by using encryption technology to protect it from unauthorised access. Data transmitted to us during the use of the website is transferred using SSL encryption technology. Even though we try to provide you with a secure environment for your data with these precautionary measures, no absolute security of your data can be guaranteed on the Internet. We therefore recommend that you take every possible precaution to protect your personal data while connected to the Internet. Please pay particular attention to the use of secure passwords, sufficient and up-to-date virus scanners and a secure browser.
7. External links
Hyperlinks on our websites or advertising banners take you to websites of third-party companies that are subject to different data protection practices. BEOS AG does not adopt the contents of the websites as its own and is not liable for them or for the data protection practices of other providers that can be reached via the hyperlinks on our websites.
Changes to our data protection statement
We reserve the right to periodically amend this data protection statement to ensure that it always complies with current legal requirements or to reflect changes to our services in our data protection statement, e.g. when introducing new services. The new data protection statement will then apply for your next visit.