Privacy policy

Thank you for visiting The protection of your personal data is very important to us and we would like to make you feel safe when you visit our website, which is why we encrypt our website using the latest technology. We take data protection seriously and hereby inform you how we process your data and what claims and rights you are entitled to under the data protection regulations. Valid as of 25 May 2018.

Part 1:
Data protection information on our data processing in accordance with Articles 13, 14 and 21 of the Data Protection Regulation (GDPR)

1. Responsible for data processing and contact details

Legally responsible under the German Data Protection Act:
Kurfürstendamm 188
10707 Berlin
Contact form – in German (on

How to contact our data protection officer:
Harald Eul
HEC Harald Eul Consulting GmbH
Auf der Höhe 34
50321 Brühl
Contact form – in German (on

If you have any questions regarding data protection, please do not hesitate to contact our data protection officer.

2. Purposes and legal basis on which we process your data

Personal data in the sense of the Federal Data Protection Act (BDSG) are individual details about personal and factual circumstances of a specific or identifiable natural person. This includes, for example, name, address, date of birth, profession, bank details or information about personal financial circumstances. All of this data is subject to special protection in accordance with the BDSG, which we ensure through technical and organisational measures. We process personal data in accordance with the provisions of the General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG) and other applicable data protection regulations (details below). Which data is processed in detail and how it is used depends largely on the services requested or agreed in each case. Further details or additions to the purposes of data processing can be found in the respective contractual documents, forms, a declaration of consent and/or other information provided to you (e.g. in the context of using our website or our terms and conditions). In addition, this data protection information may be updated from time to time, as you can see from our website. Every time you access the BEOS AG website, information transmitted by your browser is automatically stored temporarily. The type/version of browser, the operating system used, the name and URL of the file accessed, the referrer URL (the page previously visited), the volume of data transferred, the host name of the accessing computer (IP address) and the date and time of the server request are recorded in the log file created. It is therefore not possible to draw conclusions about specific persons. This data is not merged with other data sources and is deleted after statistical evaluation. The storage and processing of this data is solely for the purpose of system security and the optimisation of the website. Therefore, we do not require any personal data from you to visit our website. You can move around absolutely anonymously in the sense of the BDSG.

2.1 Purposes for the fulfilment of a contract or pre-contractual measures (Art. 6 para. 1 b GDPR)

The processing of personal data is carried out for the performance of our contracts with you and the execution of your orders as well as for the performance of measures and activities in the context of pre-contractual relationships, e.g. with interested parties. In particular, the processing thus serves the provision of real estate services, such as

  • the mediation
  • the renting
  • the sale
  • the purchase

of real estate according to your orders and wishes and include the services, measures and activities necessary for this. These essentially include contract-related communication with you, the verifiability of transactions, orders and other agreements as well as for quality control through corresponding documentation, goodwill procedures, measures for the control and optimisation of business processes as well as for the fulfilment of general due diligence obligations, management and control by affiliated companies (e.g. parent company); statistical evaluations for corporate management, cost recording and controlling, reporting, internal and external communication, emergency management, accounting and tax assessment of operational services, risk management, assertion of legal claims and defence in legal disputes; guaranteeing IT security (including system and plausibility checks), and the provision of information and data to the public. system and plausibility tests) and general security, including building and facility security, ensuring and exercising domiciliary rights (e.g. through access controls); ensuring the integrity, authenticity and availability of data, prevention and investigation of criminal offences; control by supervisory bodies or control authorities (e.g. auditing).

2.2. Purposes within the scope of a legitimate interest of us or third parties (Art. 6 para. 1 f GDPR)

Beyond the actual performance of the contract or preliminary contract, we may process your data if it is necessary to protect legitimate interests of us or third parties, in particular for purposes:

  • advertising or market and opinion research, insofar as you have not objected to the use of your data;
  • obtaining information and exchanging data with credit agencies, insofar as this exceeds our economic risk;
  • the testing and optimisation of needs assessment procedures;
  • the further development of services and products as well as existing systems and processes;
  • the disclosure of personal data as part of due diligence in company sale negotiations;
  • for comparison with European and international anti-terrorist lists, insofar as this goes beyond the legal obligations;
  • the enrichment of our data, including through the use or research of publicly available data;
  • statistical evaluations or market analysis;
  • of benchmarking;
  • the assertion of legal claims and defence in legal disputes which are not directly attributable to the contractual relationship;
  • the limited storage of the data if deletion is not possible or only possible with disproportionate effort due to the special type of storage;
  • the development of scoring systems or automated decision-making processes;
  • the prevention and investigation of criminal offences, insofar as not exclusively for the fulfilment of legal requirements;
  • building and facility security (e.g. through access controls and video surveillance), insofar as this goes beyond the general duties of care;
  • internal and external investigations, security clearances;
  • the possible listening in or recording of telephone conversations for quality control and training purposes;
  • obtaining and maintaining certifications of a private or official nature;
  • securing and exercising house rights through appropriate measures as well as through video surveillance to protect our customers and employees and to secure evidence in the event of criminal offences and to prevent them.

2.3 Purposes within the scope of your consent (Art. 6 para. 1 a GDPR)

Processing of your personal data for certain purposes (e.g. use of your e-mail address for marketing purposes) may also be based on your consent. As a rule, you can revoke this consent at any time. This also applies to the revocation of declarations of consent given to us prior to the application of the GDPR, i.e. prior to 25 May 2018. You will be informed separately about the purposes and consequences of revoking or not granting consent in the relevant text of the consent. As a general rule, the revocation of consent only takes effect for the future. Processing that took place before the revocation is not affected by this and remains lawful.

2.4 Purposes for the fulfilment of legal requirements (Art. 6 para. 1 c GDPR) or in the public interest (Art. 6 para. 1 e GDPR)

Like anyone who participates in business, we are subject to a variety of legal obligations. Primarily these are legal requirements (e.g. commercial and tax laws), but also regulatory or other official requirements where applicable. The purposes of processing may include identity and age verification, fraud and money laundering prevention, the prevention, combating and investigation of terrorist financing and crimes endangering assets, comparisons with European and international anti-terrorist lists, the fulfilment of control and reporting obligations under tax law as well as the archiving of data for data protection and data security purposes as well as audits by tax and other authorities. In addition, the disclosure of personal data may become necessary in the context of official/court measures for the purposes of gathering evidence, criminal prosecution or the enforcement of civil law claims.

3. The categories of data we process, where we do not receive data directly from you, and their origin

Insofar as this is necessary for the provision of our services, we process personal data permissibly received from other companies or other third parties (e.g. credit agencies, address publishers). In addition, we process personal data that we have permissibly taken, received or acquired from publicly accessible sources (such as telephone directories, commercial and association registers, civil registers, debtor registers, land registers, the press, the Internet and other media) and may process. Relevant personal data categories can be in particular:

  • Personal data (name, date of birth, place of birth, nationality, marital status, profession/industry and comparable data)
  • Contact details (address, e-mail address, telephone number and comparable data)
  • Address data (registration data and comparable data)
  • Confirmation of payment/coverage for bank and credit cards
  • Information about your financial situation (creditworthiness data including scoring, i.e. data for assessing the economic risk)
  • Customer history
  • Data about your use of the telemedia offered by us (e.g. time of calling up our websites, apps or newsletters, pages/links clicked on by us or entries and comparable data).
  • Video data

4. Recipients or categories of recipients of your data

Within our company, your data is passed on to those internal departments or organisational units that need it to fulfil our contractual and legal obligations or in the context of processing and implementing our legitimate interests. Your data will only be passed on to external bodies if

  • in connection with the execution of the contract;
  • for the purposes of fulfilling legal requirements according to which we are obliged to provide information, report or pass on data or the passing on of data is in the public interest (cf. section 2.4);
  • insofar as external service companies process data on our behalf as order processors or function transferees (e.g. external data centres, support/maintenance of EDP/IT applications, archiving, document processing, call centre services, compliance services, controlling, data screening for anti-money laundering purposes, data validation or plausibility checks, data destruction, purchasing/procurement, customer administration, lettershops, marketing, media technology, research, risk controlling, invoicing, telephony, website management, auditing services, etc.). -(e.g. data validation or plausibility check, data destruction, purchasing/procurement, customer administration, lettershops, marketing, media technology, research, risk controlling, billing, telephony, website management, auditing services, credit institutions, printers or companies for data disposal, courier services, logistics);
  • on the basis of our legitimate interest or the legitimate interest of the third party for the purposes stated in section 2.2 (e.g. to authorities, credit agencies, debt collection, lawyers, courts, experts, companies belonging to the group and committees and supervisory bodies);
  • if you have given us consent to transfer the data to third parties.

We will not pass on your data to third parties. If we commission service providers to process your data, they are subject to the same security standards as we are. In other cases, the recipients may only use the data for the purposes for which it was transmitted to them.

5. Duration of the storage of your data

We process and store your data for the duration of our business relationship. This also includes the initiation of a contract (pre-contractual legal relationship) and the processing of a contract. In addition, we are subject to various storage and documentation obligations, which result, among other things, from the German Commercial Code (HGB), the Real Estate Agent and Property Developer Ordinance (MaBV) and the German Fiscal Code (AO). The periods specified there for storage and documentation are up to ten years beyond the end of the business relationship or the pre-contractual legal relationship. Furthermore, special legal regulations may require a longer retention period, such as the preservation of evidence within the framework of the legal statute of limitations. According to §§ 195 et seq. of the German Civil Code (BGB), the regular limitation period is three years; however, limitation periods of up to 30 years may also be applicable. If the data are no longer required for the fulfilment of contractual or legal obligations and rights, they are regularly deleted, unless their – temporary – further processing is necessary for the fulfilment of the purposes listed under section 2.2 due to an overriding legitimate interest. Such an overriding legitimate interest also exists, for example, if deletion is not possible or only possible with disproportionate effort due to the special nature of the storage and processing for other purposes is excluded by suitable technical and organisational measures.

6. Processing of your data in a third country or by an international organisation

Data is transferred to bodies in countries outside the European Union (EU) or the European Economic Area (EEA) (so-called third countries) if it is necessary for the execution of an order/contract from or with you, if it is required by law (e.g. tax reporting obligations), if it is in the legitimate interest of us or a third party or if you have given us your consent. In this context, the processing of your data in a third country may also be carried out in connection with the involvement of service providers as part of commissioned processing. If there is no EU Commission decision on an adequate level of data protection for the country in question, we ensure that your rights and freedoms are adequately protected and guaranteed in accordance with EU data protection requirements by means of appropriate contracts. We will provide you with the relevant detailed information upon request. Information on the appropriate or adequate guarantees and on the possibility of obtaining a copy from you can be obtained from the company data protection officer upon request.

7. Your data protection rights

Under certain conditions you can assert your data protection rights against us

  • Thus, you have the right to receive information from us about your data stored by us according to the rules of Art. 15 GDPR (if necessary with restrictions according to § 34 BDSG).
  • At your request, we will correct the data stored about you in accordance with Art. 16 GDPR if it is inaccurate or incorrect.
  • If you so wish, we will delete your data in accordance with the principles of Art. 17 GDPR, provided that other statutory regulations (e.g. statutory retention obligations or the restrictions under Section 35 BDSG) or an overriding interest on our part (e.g. for the defence of our rights and claims) do not prevent this.
  • Taking into account the requirements of Art. 18 GDPR, you may request us to restrict the processing of your data.
  • Furthermore, you may object to the processing of your data in accordance with Art. 21 GDPR, on the basis of which we must terminate the processing of your data. However, this right of objection only applies in the case of very special circumstances of your personal situation, whereby rights of our company may possibly conflict with your right of objection.
  • You also have the right to receive your data in a structured, common and machine-readable format under the conditions of Art. 20 GDPR or to transfer it to a third party.
  • In addition, you have the right to revoke your consent to the processing of personal data at any time with effect for the future (see section 2.3).
  • Furthermore, you have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR). However, we recommend that you always first address a complaint to our data protection officer.

Where possible, your requests to exercise your rights should be addressed in writing to the address above or directly to our Data Protection Officer.

8. Scope of your obligations to provide us with your data

You only need to provide the data that is required for the establishment and implementation of a business relationship or for a pre-contractual relationship with us or which we are legally obliged to collect. Without this data, we will generally not be able to conclude or execute the contract. This may also refer to data required later in the course of the business relationship. If we request additional data from you, you will be informed separately of the voluntary nature of the information.

9. Existence of automated decision-making in individual cases (including profiling)

We do not use any purely automated decision-making processes pursuant to Article 22 of the GDPR. If we do use such a procedure in individual cases in the future, we will inform you separately if this is required by law. Under certain circumstances, we process your data partly with the aim of evaluating certain personal aspects (profiling). In order to be able to provide you with targeted information and advice on products, we may use evaluation tools. These enable needs-based product design, communication and advertising, including market and opinion research. Such procedures may also be used to assess your creditworthiness and credit standing as well as to combat money laundering and fraud. So-called “score values” may be used to assess your creditworthiness and credit standing. A score is a mathematical calculation of the probability that a customer will fulfil his or her payment obligations in accordance with the contract. Such score values thus support us, for example, in assessing creditworthiness, in decision-making in the context of product transactions and flow into our risk management. The calculation is based on mathematically statistically recognised and proven methods and is carried out on the basis of your data, in particular your income situation, expenses, existing liabilities, profession, employer, length of employment, experience from the previous business relationship, contractual repayment of previous loans as well as information from credit agencies. Special categories of personal data according to Art. 9 GDPR are not processed.

Information about your right to object Art. 21 GDPR 1. You have the right to object at any time to the processing of your data based on Art. 6 (1) f GDPR (data processing based on a balance of interests) or Art. 6 (1) e GDPR (data processing in the public interest) if there are grounds for doing so that arise from your particular situation. This also applies to profiling based on this provision within the meaning of Art. 4 No. 4 GDPR. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the assertion, exercise or defence of legal claims. 2. We may also process your personal data for the purposes of direct marketing. If you do not wish to receive advertising, you have the right to object to this at any time; this also applies to profiling, insofar as it is associated with such direct advertising. We will observe this objection for the future. We will no longer process your data for direct marketing purposes if you object to processing for these purposes. The objection can be made form-free and should preferably be addressed to

Kurfürstendamm 188
10707 Berlin – Germany

Part 2:
Additional information about visiting the website

1. Internet browser log data

The use of our website is generally possible without the collection of personal data. Personal data (such as name, address, e-mail) is only collected and processed if you contact us via our contact form, for example. Personal data will not be passed on to third parties without express consent.

The provider (or its web space provider) collects data about each access to the offer (so-called server log files). The access data includes: Name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address and the requesting provider.

The IP address is deleted from all systems used in connection with the operation of this website after 5 days at the latest. We can then no longer establish a personal reference from the remaining data.

The provider uses the log data only for statistical evaluations and for the purpose of the operation, security and optimisation of the offer. No conclusion can be drawn about your person from this data. However, the provider reserves the right to subsequently check the log data if there is a justified suspicion of unlawful use due to concrete indications.

The data is also used to correct errors on the website.
The legal basis for this data processing is Art. 6 para. 1 lit. f) GDPR Our legitimate interest is the operation of this website and the associated implementation of the protection goals of confidentiality, integrity and availability of the data.

2. Cookies

The BEOS AG website uses cookies. Cookies are small files that enable specific information related to the device to be stored on the user’s access device (PC, smartphone or similar). On the one hand, they serve the user-friendliness of websites and thus the users (e.g. storage of login data). On the other hand, they serve to collect statistical data on website use and to be able to analyse it for the purpose of improving the offer. Users can influence the use of cookies. Most browsers have an option to restrict or completely prevent the storage of cookies. However, it is pointed out that the use and in particular the user comfort will be limited without cookies. You can manage many online advertising cookies from companies via the US site or the EU site

Many websites and servers use cookies. Most cookies contain a so-called cookie ID. A cookie ID makes the cookie recognisable. The ID consists of a string of characters by which websites and servers can be assigned to a specific internet browser in which the cookie was stored. This tells visited websites and servers which browser the person concerned is using and helps to distinguish the browser from others. In short, a specific internet browser can be recognised and identified via the unique cookie ID.

Through the use of cookies, the BEOS AG can provide the users of this website with more user-friendly services. This would not be possible without the setting of cookies. The data is processed by BEOS AG and its partner agency Columbus Interactive.

Cookies can help us to optimise the information and offers on our website in the interests of the user. As already mentioned, cookies enable us to recognise the users of our website. If we recognise the user, we can make it easier for the user to use our website. For example, the user of a website that uses cookies does not have to re-enter his or her access data each time he or she visits the website, because this is done by the website and the cookie stored on the user’s computer system. Another example is the cookie of a shopping basket in an online shop. The online shop remembers the items that a customer has placed in the virtual shopping basket via a cookie.

The data subject can prevent the setting of cookies by our website at any time by means of an appropriate setting of the Internet browser used and thus permanently object to the setting of cookies. Furthermore, cookies that have already been set can be deleted at any time via an internet browser or other software programmes. This is possible in all common internet browsers. If the data subject deactivates the setting of cookies in the Internet browser used, it may not be possible to use all the functions of our website. The legal basis for data processing when using essential cookies is Art. 6 para. 1 p. 1 lit. f) GDPR, when using all other cookies the legal basis is your consent according to Art. 6 para. 1 p. 1 lit. a) GDPR.

3. Google Analytics and Google Maps

3.1 Google Analytics

This website uses Google Analytics, a web analytics service provided by Google, Inc (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyse how users use the site. The information generated by the cookie about the use of this website by the users is usually transmitted to a Google server in the USA and stored there. In the event that IP anonymisation is activated on this website, however, Google will truncate the user’s IP address beforehand within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. IP anonymisation is active on this website. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. Users may refuse the use of cookies by selecting the appropriate settings on their browser, however please note that if you do this you may not be able to use the full functionality of this website. Users may also prevent the collection of data generated by the cookie and relating to their use of the website (including their IP address) by Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link: As an alternative to the browser add-on or within browsers on mobile devices, please click on the link below to prevent the collection by Google Analytics within this website in the future. This will place an opt-out cookie on your device. If you delete your cookies, you must click this link again.

Google Analytics Opt-out

3.2 Google Maps

This website uses Google Maps (“Google Maps”), a map service provided by Google, Inc. (“Google”) to display interactive maps.

For this purpose, Google collects your IP address, which may be transmitted by Google to servers in the USA and stored there. In addition, Google may collect data about your use of Google Maps. Please note that we do not control the collection, storage and use of such data by Google and do not have access to the data collected. Please read Google’s privacy policy before using any Google Maps features. Google’s privacy policy can be found at

By using Google Maps on our website, you agree to Google’s Terms of Use, which can be found at

If you do not agree to the collection of your data through the use of Google Maps by Google, you can prevent such data collection by completely deactivating the Google Maps service. To do this, JavaScript must be deactivated in the browser settings. However, Google Maps cannot then be used.

4. Contact option via the website

In order to contact us as quickly as possible, you have the option of using the contact form provided on our website. To use the contact form, it is necessary to provide certain personal data, such as your name and e-mail address. The transmitted data will be stored automatically. This data, which is transmitted voluntarily by you, is stored for the purpose of contacting you and processing your enquiry. It will not be passed on to third parties. The legal basis for this data processing is your voluntary consent in accordance with Art. 6 Para. 1 lit. a) GDPR.

5. Online presences in social media

BEOS AG maintains online presences within social networks and platforms in order to inform its customers, partners, (potential) employees and users about current developments relating to BEOS and to be able to communicate with them.

We would like to point out that user data may be processed outside the European Union. This may result in risks for users because, for example, it could make it more difficult to enforce users’ rights. With regard to US providers certified under the Privacy Shield, we point out that they thereby undertake to comply with EU data protection standards.

In social networks and on other platforms, the data protection provisions (see links below) of the respective companies apply, even if we disseminate our information and maintain a presence there.

In the case of requests for information and the assertion of user rights, we also point out that these can be asserted most effectively with the providers. Only the providers have access to the users’ data and can take appropriate measures and provide information directly. If you still need help, you can contact us at any time.

Facebook (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland), Facebook pages based on an agreement on joint processing of personal data

Privacy policy:
especially for pages:


Privacy Shield:

a. Use of Facebook Plugins

Our website uses Social Plugins from the social network Facebook, 1601 South California Avenue, Palo Alto, CA 94304, USA. These Facebook plugins are identifiable by a Facebook logo (white “f” on blue background or a “thumbs up” sign) on our site. The list and look of Facebook plugins can be found at: When you visit one of our web pages with the plugin installed, your browser creates a direct connection to the Facebook server. This informs Facebook that you have accessed the corresponding page of our website with your IP address. If you interact with the “Like” button while you are logged into your Facebook account, you can link the content on our site with your Facebook profile. This allows Facebook to associate your access of our website with your user account. As operator of the website, we receive no information regarding the nature of the data sent to Facebook or how it is used. More information can be found at

If you do not want Facebook to collect data about you via our website, you must log out of Facebook prior to visiting our website.

b. Use of Twitter Plugins

Our website contains integrated plugins from the short message service network Twitter Inc, 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. By clicking on the Twitter “(Re)Tweet” function, the websites you visit are linked to your Twitter account and made known to other users. Data is also transmitted to Twitter. We would like to point out that we, as the provider of the pages, do not have any knowledge of the content of the data transferred or of their use by Twitter. For more information, please see Twitter’s privacy policy at

You can change your Twitter privacy settings in your Twitter account settings at

c. Use of Xing Plugins

Our website uses functions of the XING network, operated by XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany. Every time you access one of our pages that contains XING functions, a connection to XING servers is established. To the best of our knowledge, XING does not store personal data. In particular, no IP addresses are stored and usage behaviour is not evaluated.

Further information on data protection and the XING Share button can be found in XING’s data protection statement at

d. Use of YouTube Plugins

Our website uses plugins from Google’s YouTube site, operated by YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. If you visit one of our pages with a YouTube plugin, a connection to the YouTube servers is established. The YouTube server receives information about the pages on our website you have visited.

If you are logged into your YouTube account, you allow YouTube to associate your surfing behaviour directly with your personal profile. You can prevent this by logging out of your YouTube account.

Further information on how user data is handled can be found in YouTube’s data protection statement at

6. Security and encryption

BEOS AG protects the collected customer data by storing the data on password-protected servers secured by firewalls and by using encryption technology to protect it from unauthorised access. Data transmitted to us during the use of the website is transferred using SSL encryption technology. Even though we try to provide you with a secure environment for your data with these precautionary measures, no absolute security of your data can be guaranteed on the Internet. We therefore recommend that you take every possible precaution to protect your personal data while connected to the Internet. Please pay particular attention to the use of secure passwords, sufficient and up-to-date virus scanners and a secure browser.

7. External links

Hyperlinks on our websites or advertising banners take you to websites of third-party companies that are subject to different data protection practices. BEOS AG does not adopt the contents of the websites as its own and is not liable for them or for the data protection practices of other providers that can be reached via the hyperlinks on our websites.

Changes to our data protection statement

We reserve the right to periodically amend this data protection statement to ensure that it always complies with current legal requirements or to reflect changes to our services in our data protection statement, e.g. when introducing new services. The new data protection statement will then apply for your next visit.

A Project of BEOS and Swiss Life Asset Managers