Data Information
-
English Version
Data Protection Notice
The protection of your personal data is very important to us. In this Data Protection Notice we inform you about the processing of your personal data within the scope of our business relationship and the claims and rights to which you are entitled under the data protection regulations. When we refer to data in the following, we mean your personal data. Personal data means any information that can be used to identify you directly or indirectly as a person.
Who we are?
Responsible for the data processing described here are Hines Immobilien GmbH, Joachimsthaler Str.1, 10623 Berlin, as well as Hines Luxembourg Investment Mangement S.Ă r.l. German Branch, Sendlinger Str. 10, 80331 MĂĽnchen.Data Protection Officer
You can contact our data protection officer at:
mip Consult GmbH, lawyer Dietrich Felgner, Alte Jakobstr. 77, 10179 Berlin,
phone: (+49) 30 20 88 999 00.
E-Mail: Deutschland.Datenschutz@hines.comWhere do we obtain your data from?
We process personal data that we receive from you on the basis of our business relationship. In addition we process personal data permissible received from other companies of the Hines Group or from other third parties (e.g. brokerage firms, SCHUFA Holding AG, Kormoranweg 5, 65201 Wies-baden or the Creditreform e.V., HellersbergstraĂźe 12, 41460 Neuss;) e.g. for the execution of orders, the fulfillment of contracts or on the basis of a consent given by you.
Also we process personal data that we have obtained and are permitted to process from publicly accessible sources (e.g. trade and association registers, press, media).
Relevant personal data include, for example, name, address, e-mail address, telephone number (hereinafter referred to as "contact data"), date and place of birth, nationality, identification data (e.g. ID data) and authentication data. It may also include data about your financial situation (e.g. credit-worthiness data, scoring/rating data, origin of assets), register data and other data comparable to the above categories.For what purposes do we process your data?
We process personal data in accordance with the provisions of the European General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG) for subsequent purposes and on the basis of the following legal bases:For the performance of the contract (Article 6 para. 1b GDPR) and on the basis of legal obligations (Article 6 para. 1c GDPR):
• To initiate, justify and conduct our contractual relationship with you;
• For checking your creditworthiness, for purposes of receivables and risk management, for the fulfillment of legal and regulatory requirements as well as for accounting and internal reporting purposes;
• To comply with applicable laws, in particular the fulfillment of our anti-money laundering and terrorist financing obligations;
• To detect and avoid fraud and crime.In the context of legitimate interests (Article 6 para. 1f GDPR):
We process your data for the purposes of the legitimate interests of us or third parties, if necessary. In particular, we pursue the following legitimate interests:
• For Hines group-internal data exchange: Group-internal companies process your data to meet legal and regulatory group requirements in the following areas: (i) internal audits and internal reporting, (ii) for accounting purposes, (iii) for managing operational market risks and (iv) for detecting and preventing fraud and other crimes;
• Advertising or market and opinion research, unless you have objected to the use of your data for this purpose;
• Review and optimization of procedures for needs analysis and direct customer contact as well as measures for customer loyalty;
• To determine credit risks or default risks in the context of an investment decision (for example, SCHUFA, Creditreform e.V.);
• asserting legal claims and defense in legal disputes;
• ensuring IT security and IT operations;
• prevention and investigation of criminal offenses;
• Measures for the business control and further development of services and products.With whom do we share your data (recipient)?
Within the Hines Group, in compliance with applicable data protection laws, those entities will have access to your information needed to fulfill our contractual and legal obligations. Our processors may also collect data for these purposes. These are companies in the categories customer service, IT services, service providers for the management and operation of real estate, logistics, printing services, telecommunications, debt collection and consulting as well as sales and marketing. These data are processed within the European Union and in other third countries, in particular the USA. Please note that we have agreed EU standard data protection clauses with recipients of your data for states without adequacy decision of the European Commission under Article 45 GDPR, in order to protect your data and to achieve an adequate level of protection of your personal data. You have the option of obtaining a copy of these EU standard data protection clauses. Please contact: europe.dataprotection@hines.com.Outside the Hines Group, we may disclose information about you to third parties if one of the legal bases stated under "For what purposes do we process your data?” applies or you submit your con-sent in the data sharing. In this context we share your data with the following recipients:
• Hines Group (www.hines.com)
• Rating agencies (eg: SCHUFA Holding AG, Kormoranweg 5, 65201 Wiesbaden; Verband der Vereine Creditreform e.V., Hellersbergstraße 12, 41460 Neuss
• Broker agenciesHow long do we keep your personal data?
If necessary, we process and store your personal data for the duration of our business relationship, which also includes, for example, the initiation and processing of a contract. In addition, we are subject to various storage and documentation obligations arising from the German Commercial Code (HGB), the Tax Code (AO) and the Money Laundering Act (GWG), among others. The retention periods starts from 2 up to 10 years mainly.
Finally, the retention period is also assessed according to the statutory limitation periods, which, for example, according to §§ 195 ff. of the German Civil Code (BGB), can generally be three years, but in known cases also up to thirty years, whereby the regular limitation period is three years.Your rights
With regard to the processing of your personal data by us, you have the following rights:
• Right of access - you have a right to request access to your personal data and to certain in-formation about the processing of that personal data. This information must usually be provided to you free of charge within a month of receiving your request, Art. 15 GDPR;
• Right of rectification (correction) - you have the right to ask for your personal data to be cor-rected if it is inaccurate, and completed if it is incomplete, Art. 17 GDPR;
• Right to delete your data, Art. 17 GDPR;
• Right to restriction of processing of your data, Art. 18 GDPR;
• Right to data portability, Art. 20 GDPR;To assert these rights, please feel free to contact us directly using the contact details above (see above section "Who we are").
In addition, you have the right to lodge a complaint in relation to our processing of your data with the supervisory authority, Art. 77 GDPR.
Right to object
You have the right at any time, for reasons arising from your particular situation, to prevent the processing of personal data relating to you pursuant to Article 6 para 1e) GDPR (Data Processing in the Public Interest) and Article 6 para 1f) GDPR (data processing on legitimate interests) by objecting; this also applies to a profiling based on this provision within the meaning of Article 4 GDPR, which we use for rating purposes.If you object, we will no longer process your personal information unless we can establish compel-ling legitimate interests for processing that outweigh your interests, rights and freedoms - or the processing is necessary for the purposes of asserting legal claims and defense in legal disputes.
In individual cases, we process your personal data in order to carry out direct mailing (eg by sending information on our projects as well as through newsletters). You have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising. If you object to the processing for direct marketing purposes, we will no longer process your personal data for these purposes. The objection can be raised free form and should be addressed to:
Deutschland.Datenschutz@hines.comDo I have an obligation to provide data?
As part of our business relationship, you only need to provide the personally identifiable information necessary to initiate, establish and conduct our business relationship. In some cases, we are required by law to collect. Furthermore, you are obliged to notify us of any changes regarding data required for the establishment, execution and termination of the business relationship established or to which we are legally obliged to collect. Without this data, we will generally have to refuse to conclude a contract or to execute a specific order or to be unable to complete an existing contract and possibly terminate it.In some cases, we are required under the money laundering regulations to identify you, for example, by means of your identity card prior to the establishment of the business relationship and to record your name, place of birth, date of birth, nationality and your address. In order for us to be able to fulfill this legal obligation, you must provide us the necessary information and documents in accordance with the Money Laundering Act and immediately notify us of any changes resulting from the business relationship. If you do not provide us with the necessary information and documents, the desired business relationship will not be accepted.
Will my data be used for automated decision-making including profiling (scoring)?
In order to establish and conduct the business relationship, we do not use fully automated decision-making pursuant to Article 22 GDPR. We sometimes process your data automatically with the aim of evaluating certain personal aspects (profiling). We use profiling in the following cases:
We use scoring to assess your creditworthiness. This calculates the probability that a business part-ner will fulfill his payment obligations. The calculation may, for example, include income, expenses, existing liabilities, experience from the previous business relationship, repayment of previous loans according to the contract and information from credit reporting agencies. The scoring is based on a mathematically-statistically recognized and proven procedure. The calculated scores help us to make decisions in the context of contract conclusions and the decisions take part of our ongoing risk management.