Privacy Policy

1. Data Protection at a Glance

General Information

The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data is any data by which you can be personally identified. Detailed information on the subject of data protection can be found in our privacy policy listed below.

Data Collection on This Website

Who is responsible for data collection on this website?

The data processing on this website is carried out by the website operator. You can find their contact details in the section “Information on the Responsible Party” in this privacy policy.

How do we collect your data?

Some data is collected when you provide it to us. This may, for example, be data you enter into a contact form.

Other data is collected automatically or with your consent when you visit the website by our IT systems. This data is primarily technical (e.g., internet browser, operating system, or time of the page view). This data is collected automatically as soon as you enter this website.

What do we use your data for?

Some of the data is collected to ensure the proper functioning of the website. Other data may be used to analyze your user behavior. If contracts are concluded or initiated via the website, the transmitted data will also be processed for contract offers, orders, or other business inquiries.

What rights do you have regarding your data?

You have the right to receive information free of charge at any time about the origin, recipients, and purpose of your stored personal data. You also have the right to request the correction or deletion of this data. If you have given your consent to data processing, you may revoke this consent at any time for the future. Furthermore, you have the right to request the restriction of the processing of your personal data under certain circumstances. You also have the right to lodge a complaint with the competent supervisory authority.

You can contact us at any time about this or any other questions regarding data protection.

Analysis Tools and Third-Party Tools

When visiting this website, your surfing behavior may be statistically analyzed. This is done mainly with so-called analysis programs.

Detailed information about these analysis programs can be found in the following privacy policy.

2. Hosting

We host the content of our website with the following provider:

Hetzner

The provider is Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen (hereinafter Hetzner).

Details can be found in Hetzner’s privacy policy: https://www.hetzner.com/de/legal/privacy-policy/.

The use of Hetzner is based on Art. 6(1)(f) GDPR. We have a legitimate interest in the most reliable presentation of our website. If a corresponding consent has been requested, processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25(1) TDDDG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g., device fingerprinting) as defined by the TDDDG. The consent can be revoked at any time.

3. General Information and Mandatory Disclosures

Data Protection

The operators of this site take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy.

When you use this website, various pieces of personal data are collected. Personal data is data with which you can be personally identified. This privacy policy explains what data we collect and what we use it for. It also explains how and for what purpose this happens.

We point out that data transmission over the Internet (e.g., communication by email) can have security gaps. A complete protection of data against access by third parties is not possible.

Note on the Responsible Party

The responsible party for data processing on this website is:

Qadi+Furati Hamburger Immobilien & Verwaltung GmbH
Am Stadtrand 25
22047 Hamburg

Phone: +49 (0) 40 78062386
Email: info@qf-immobilien.de

The responsible party is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data (e.g., names, email addresses, etc.).

Storage Period

Unless a more specific storage period has been mentioned within this privacy policy, your personal data will remain with us until the purpose for the data processing no longer applies. If you make a legitimate request for deletion or revoke your consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g., tax or commercial law retention periods); in the latter case, the data will be deleted after these reasons cease to apply.

General Information on the Legal Basis for Data Processing on This Website

If you have consented to data processing, we process your personal data on the basis of Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR if special categories of data are processed according to Art. 9(1) GDPR. In the case of explicit consent to the transfer of personal data to third countries, data processing is also based on Art. 49(1)(a) GDPR. If you have consented to the storage of cookies or access to information on your device (e.g., via device fingerprinting), data processing is also based on § 25(1) TDDDG. Consent may be revoked at any time. If your data is required to fulfill a contract or carry out pre-contractual measures, we process your data on the basis of Art. 6(1)(b) GDPR. Furthermore, we process your data if it is necessary to fulfill a legal obligation on the basis of Art. 6(1)(c) GDPR. Data processing can also be based on our legitimate interest according to Art. 6(1)(f) GDPR. The relevant legal basis in each individual case is explained in the following sections of this privacy policy.

Note on Data Transfer to Third Countries Not Safe under Data Protection Law and on Transfers to US Companies Not Certified under the DPF

We use tools from companies based in countries that are not safe under data protection law and US tools whose providers are not certified under the EU-US Data Privacy Framework (DPF). When these tools are active, your personal data may be transferred to these countries and processed there. We point out that no data protection level comparable to that of the EU can be guaranteed in such countries.

We point out that the USA is generally considered a safe third country with a level of data protection comparable to the EU. Data transmission to the USA is permissible if the recipient is certified under the “EU-US Data Privacy Framework” (DPF) or has appropriate additional guarantees. For information on transfers to third countries including data recipients, see this privacy policy.

Recipients of Personal Data

In the course of our business activities, we work with various external entities. In some cases, this also involves the transfer of personal data to these external entities. We only pass on personal data to external parties if this is necessary in the context of contract performance, if we are legally obliged to do so (e.g., transfer of data to tax authorities), if we have a legitimate interest according to Art. 6(1)(f) GDPR in the transfer, or if another legal basis permits the data transfer. When using processors, we only pass on personal data of our customers on the basis of a valid data processing agreement. In the case of joint processing, a joint processing agreement is concluded.

Revocation of Your Consent to Data Processing

Many data processing operations are only possible with your express consent. You can revoke your previously given consent at any time. The legality of the data processing carried out before the revocation remains unaffected by the revocation.

Right to Object to Data Collection in Special Cases and to Direct Advertising (Art. 21 GDPR)

IF DATA PROCESSING IS BASED ON ART. 6(1)(E) OR (F) GDPR, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME, FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION, TO THE PROCESSING OF YOUR PERSONAL DATA; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. THE RESPECTIVE LEGAL BASIS ON WHICH PROCESSING IS BASED CAN BE FOUND IN THIS PRIVACY POLICY. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR AFFECTED PERSONAL DATA UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS OR THE PROCESSING SERVES TO ASSERT, EXERCISE OR DEFEND LEGAL CLAIMS (OBJECTION PURSUANT TO ART. 21(1) GDPR).

IF YOUR PERSONAL DATA IS PROCESSED FOR DIRECT ADVERTISING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR SUCH ADVERTISING PURPOSES; THIS ALSO APPLIES TO PROFILING TO THE EXTENT THAT IT IS ASSOCIATED WITH SUCH DIRECT ADVERTISING. IF YOU OBJECT, YOUR PERSONAL DATA WILL THEN NO LONGER BE USED FOR DIRECT ADVERTISING PURPOSES (OBJECTION PURSUANT TO ART. 21(2) GDPR).

Right to Lodge a Complaint with the Supervisory Authority

In case of violations of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, particularly in the Member State of their habitual residence, their place of work, or the place of the alleged infringement. The right to lodge a complaint exists without prejudice to any other administrative or judicial remedies.

Right to Data Portability

You have the right to receive data that we process automatically based on your consent or in fulfillment of a contract, in a common, machine-readable format, and to have it transferred to yourself or to a third party. If you request the direct transfer of the data to another controller, this will only be done to the extent it is technically feasible.

Right to Access, Rectification, and Erasure

You have the right, within the scope of applicable legal provisions, to free information at any time about your stored personal data, its origin, recipients, and the purpose of the data processing. You also have the right to request the rectification or erasure of this data. For this and any further questions regarding personal data, you can contact us at any time.

Right to Restrict Processing

You have the right to request the restriction of the processing of your personal data. You can contact us at any time regarding this. The right to restrict processing exists in the following cases:

If you dispute the accuracy of your personal data stored by us, we usually need time to verify this. For the duration of the verification, you have the right to request the restriction of processing of your personal data.
If the processing of your personal data was/is unlawful, you may request the restriction of data processing instead of erasure.
If we no longer need your personal data, but you require it to exercise, defend, or assert legal claims, you have the right to request the restriction of processing instead of erasure.
If you have objected to processing under Art. 21(1) GDPR, a balance must be struck between your and our interests. As long as it is not yet clear whose interests prevail, you have the right to request the restriction of processing of your personal data.

If you have restricted the processing of your personal data, such data – apart from storage – may only be processed with your consent or for the establishment, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or a Member State.

SSL or TLS Encryption

This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or inquiries you send to us as site operator. You can recognize an encrypted connection by the change in the browser’s address line from “http://” to “https://” and by the lock icon in your browser bar.

When SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

Objection to Promotional Emails

The use of contact data published in the context of the legal notice obligation for sending unsolicited advertising and informational materials is hereby prohibited. The site operators expressly reserve the right to take legal action in the event of unsolicited promotional information, such as spam emails.

4. Data Collection on This Website

Cookies

Our websites use so-called “cookies.” Cookies are small data packets and do not cause any harm to your device. They are either stored temporarily for the duration of a session (session cookies) or permanently (persistent cookies) on your device. Session cookies are automatically deleted after your visit. Persistent cookies remain stored on your device until you delete them or your web browser deletes them automatically.

Cookies can originate from us (first-party cookies) or from third-party companies (third-party cookies). Third-party cookies enable the integration of certain services from third-party companies within websites (e.g., cookies for payment processing).

Cookies serve various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g., the shopping cart or video display). Other cookies are used to evaluate user behavior or for advertising purposes.

Cookies necessary for the electronic communication process, the provision of certain functions you desire (e.g., for the shopping cart), or the optimization of the website (e.g., cookies for measuring web audiences) are stored based on Art. 6(1)(f) GDPR, unless another legal basis is specified. The website operator has a legitimate interest in storing necessary cookies for the technically error-free and optimized provision of its services. If consent has been requested for the storage of cookies and similar recognition technologies, processing is based exclusively on this consent (Art. 6(1)(a) GDPR and § 25(1) TDDDG); the consent can be withdrawn at any time.

You can configure your browser to notify you about the setting of cookies and allow cookies only in individual cases, to exclude the acceptance of cookies for certain cases or in general, and to enable the automatic deletion of cookies when closing the browser. Disabling cookies may limit the functionality of this website.

You can find which cookies and services are used on this website in this privacy policy.

Contact Form

If you send us inquiries via the contact form, your details from the form, including the contact information you provide, will be stored by us for the purpose of processing your inquiry and for follow-up questions. We do not share this data without your consent.

The processing of this data is based on Art. 6(1)(b) GDPR, if your request is related to the fulfillment of a contract or is necessary to carry out pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of requests directed to us (Art. 6(1)(f) GDPR) or on your consent (Art. 6(1)(a) GDPR), if this has been requested; consent can be withdrawn at any time.

The data you enter in the contact form remains with us until you request its deletion, revoke your consent to storage, or the purpose for storing the data no longer applies (e.g., after your inquiry has been processed). Mandatory statutory provisions – especially retention periods – remain unaffected.

Inquiry by Email, Phone, or Fax

If you contact us by email, telephone, or fax, your inquiry, including all resulting personal data (name, inquiry), will be stored and processed by us for the purpose of handling your request. We do not share this data without your consent.

The processing of this data is based on Art. 6(1)(b) GDPR, if your inquiry is related to the fulfillment of a contract or is necessary for pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the inquiries sent to us (Art. 6(1)(f) GDPR) or on your consent (Art. 6(1)(a) GDPR), if this has been requested; consent can be withdrawn at any time.

The data you send us via contact inquiries remains with us until you request deletion, revoke your consent to storage, or the purpose for storing the data no longer applies (e.g., after your request has been processed). Mandatory statutory provisions – especially statutory retention periods – remain unaffected.

5. Social Media

Instagram

Functions of the Instagram service are integrated into this website. These functions are offered by Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland.

When the social media element is active, a direct connection is established between your device and the Instagram server. This informs Instagram that you have visited this website.

If you are logged into your Instagram account, you can link the content of this website to your Instagram profile by clicking the Instagram button. This allows Instagram to associate your visit to this website with your user account. We point out that, as the provider of this site, we have no knowledge of the content of the transmitted data or its use by Instagram.

The use of this service is based on your consent under Art. 6(1)(a) GDPR and § 25(1) TDDDG. Consent can be withdrawn at any time.

If personal data is collected on our website using the described tool and forwarded to Facebook or Instagram, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, are jointly responsible for this data processing (Art. 26 GDPR). The joint responsibility is limited solely to the collection of the data and its transmission to Facebook or Instagram. The processing that takes place after transmission is not part of the joint responsibility. The joint obligations have been set out in an agreement on joint processing. You can read the agreement at: https://www.facebook.com/legal/controller_addendum.

According to this agreement, we are responsible for providing privacy information when using the Facebook or Instagram tool and for the data protection-compliant implementation of the tool on our website. Facebook is responsible for the data security of the Facebook or Instagram products. Data subject rights (e.g., requests for information) regarding the data processed by Facebook or Instagram can be asserted directly with Facebook. If you assert your rights with us, we are obliged to forward them to Facebook.

Data transfer to the USA is based on the EU Commission’s standard contractual clauses. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum, https://privacycenter.instagram.com/policy/ and https://de-de.facebook.com/help/566994660333381.

For more information, see Instagram’s privacy policy: https://privacycenter.instagram.com/policy/.

The company holds a certification under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA, which aims to ensure compliance with European data protection standards when processing data in the USA. Every company certified under the DPF commits to adhere to these data protection standards. Further information is available from the provider at the following link: https://www.dataprivacyframework.gov/participant/4452.

6. Analysis Tools and Advertising

WP Statistics

This website uses the analysis tool WP Statistics to statistically evaluate visitor access. Provider is Veronalabs, Tatari 64, 10134, Tallinn, Estonia (https://veronalabs.com).

With WP Statistics, we can analyze the use of our website. WP Statistics records, among other things, log files (IP address, referrer, browsers used, user origin, search engine used) and actions performed by website visitors on the site (e.g., clicks and views).

The data collected with WP Statistics is stored exclusively on our own server.

The use of this analysis tool is based on Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in the anonymized analysis of user behavior in order to optimize both our web offer and our advertising. If appropriate consent has been obtained, processing takes place solely on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information on the user’s end device (e.g., device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.

IP Anonymization

We use WP Statistics with anonymized IP. Your IP address is shortened so that it can no longer be directly assigned to you.

7. Plugins and Tools

Google Maps

This site uses the mapping service Google Maps. Provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. With this service, we can embed maps on our website.

To use the features of Google Maps, it is necessary to store your IP address. This information is usually transmitted to a Google server in the USA and stored there. The provider of this site has no influence on this data transmission. When Google Maps is activated, Google may use Google Fonts for uniform font display. When calling Google Maps, your browser loads the necessary web fonts into its cache to display texts and fonts correctly.

The use of Google Maps is in the interest of an appealing presentation of our online offers and easy findability of the locations indicated by us on the website. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. If corresponding consent has been obtained, processing takes place exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information on the user’s end device (e.g., device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://privacy.google.com/businesses/gdprcontrollerterms/ and https://privacy.google.com/businesses/gdprcontrollerterms/sccs/.

More information on the handling of user data can be found in Google’s privacy policy: https://policies.google.com/privacy?hl=de.

Google reCAPTCHA

We use “Google reCAPTCHA” (hereinafter “reCAPTCHA”) on this website. Provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

reCAPTCHA is intended to verify whether data entry on this website (e.g., in a contact form) is performed by a human or an automated program. To do this, reCAPTCHA analyzes the behavior of the website visitor based on various characteristics. This analysis starts automatically as soon as the website visitor enters the website. For the analysis, reCAPTCHA evaluates various information (e.g., IP address, duration of stay on the website, or mouse movements performed by the user). The data collected during the analysis is forwarded to Google.

reCAPTCHA analyses run entirely in the background. Website visitors are not informed that an analysis is taking place.

The storage and analysis of data is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in protecting its web offers from abusive automated spying and spam. If corresponding consent has been obtained, processing takes place exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information on the user’s end device (e.g., device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.

Further information on Google reCAPTCHA can be found in Google’s privacy policy and terms of service at the following links: https://policies.google.com/privacy?hl=de and https://policies.google.com/terms?hl=de.

WP 2FA

This website uses WP 2FA for two-factor authentication. The provider is WP Online Security, 26b Alma Road, Windsor SL4 3HZ, United Kingdom (https://wponlinesecurity.com).

WP 2FA enhances the security of the login process by requiring an additional verification code generated via an authenticator app. No IP addresses are stored and no personal data is transmitted to external servers. All data remains on our server.

The usage is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in securing the login system. If consent is obtained, processing is carried out based on Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. Consent can be withdrawn at any time.

Limit Login Attempts Reloaded

This website uses Limit Login Attempts Reloaded to protect against brute-force attacks. The provider is Limit Login Attempts Reloaded, 50 Oakhurst Rd, Suite 104, Thousand Oaks, CA 91361, USA (https://limitloginattempts.com).

Failed login attempts are counted and IP addresses are temporarily stored locally to prevent further attempts from the same source. No data is transferred to third parties or external servers.

The processing is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in protecting against misuse and unauthorized access.

Complianz

This website uses Complianz to obtain cookie consents. Provider is Complianz B.V., Kalmarweg 14-5, 9723 JG Groningen, Netherlands (https://complianz.io).

Complianz is used to obtain legally required consent for the use of certain cookies and to document data protection compliance. For this purpose, Complianz stores cookies in your browser to assign given consents or their revocation.

The processing is based on Art. 6 para. 1 lit. c GDPR (legal obligation) as well as Art. 6 para. 1 lit. f GDPR (legitimate interest in legally secure collection and documentation of consents). If consent has been obtained, processing is additionally based on Art. 6 para. 1 lit. a GDPR in conjunction with § 25 para. 1 TDDDG. Consent can be revoked at any time.

Communication via WhatsApp

For communication with users, we use among others the messenger service WhatsApp. Provider is WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

Communication is based on Art. 6 para. 1 lit. b GDPR, if it is in connection with fulfilling a contract or performing pre-contractual measures. In all other cases, communication is based on our legitimate interest in the fastest and most effective communication with you according to Art. 6 para. 1 lit. f GDPR or your consent (Art. 6 para. 1 lit. a GDPR), if this has been obtained.

Communication is end-to-end encrypted. Nevertheless, we point out that WhatsApp, as part of the Meta corporate group, transfers data (especially metadata) to the USA. The data transfer is based on the standard contractual clauses of the EU Commission. Details can be found in WhatsApp’s privacy policy: https://www.whatsapp.com/legal/privacy-policy-eea.

Google Analytics

This website uses functions of the web analytics service Google Analytics. Provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics uses cookies that enable an analysis of your use of the website. The information generated by cookies about your use of this website is usually transferred to a Google server in the USA and stored there.

We have activated IP anonymization on this website. This means that your IP address is shortened by Google within member states of the EU or in other contracting states to the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there.

The use of Google Analytics is based on your consent according to Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. You can revoke your consent at any time.

The data collected by Google Analytics can be combined with other Google services. Further information can be found in Google’s privacy policy: https://policies.google.com/privacy?hl=de.

Data transfer to the USA is based on the EU standard contractual clauses. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.

Handling of Applicant Data

We offer you the possibility to apply to us (e.g., by email, post, or via an online form). Below we inform you about the scope, purpose, and use of your personal data collected during the application process.

Purpose and legal basis: The processing of your applicant data is for the handling of the application process and the decision on the establishment of an employment relationship according to § 26 BDSG, Art. 6 para. 1 lit. b GDPR.

Storage duration: If no employment relationship is established, we keep your application documents for up to 6 months after the completion of the process. Afterwards, they are deleted unless there are statutory retention obligations or you have expressly consented to a longer storage (e.g., for an applicant pool).

Disclosure to third parties: Your data is processed exclusively within our company. Disclosure to third parties does not occur without your explicit consent.

Quelle: https://www.e-recht24.de