.svg)
With the following information, we would like to give you, as a “data subject”, an overview of how we process your personal data and your rights under data protection laws. In principle, it is possible to use our Internet pages without entering personal data. However, if you would like to make use of special services offered by our company via our website, processing of personal data could be required. If the processing of personal data is necessary and there is no legal basis for such processing, we will generally obtain your consent.
Personal data, such as your name, address or email address, is always processed in accordance with the General Data Protection Regulation (GDPR) and in accordance with the country-specific data protection regulations applicable to the “administrative level”. By means of this privacy policy, we would like to inform you about the scope and purpose of the personal data we collect, use and process.
As data controller, we have implemented numerous technical and organizational measures to ensure that personal data processed via this website is protected as completely as possible. However, Internet-based data transmissions can generally have security gaps, meaning that absolute protection cannot be guaranteed. For this reason, you are also free to submit personal data to us by alternative means, for example by telephone or post.
You too can take simple and easy-to-implement measures to protect yourself against unauthorized access to your data by third parties. We would therefore like to take this opportunity to provide you with some information on how to handle your data securely:
- Protect your account (login, user or customer account) and your IT system (computer, laptop, tablet or mobile device) with secure passwords.
- Only you should have access to passwords
- Make sure that you only ever use your passwords for one account (login, user or customer account).
- Don't use a password for different websites, applications, or online services.
- In particular when using publicly available IT systems or used jointly with other people, the following applies: You should definitely log out every time you log on to a website, an application or an online service.
- Passwords should consist of at least 12 characters and should be chosen in such a way that they cannot be easily guessed. Therefore, they should not contain common everyday words, your own names or the names of relatives, but uppercase and lowercase letters, numbers and special characters.
Responsible person within the meaning of the GDPR is:
Alessandra Grande
Grande Immobilien
Ramshof 11
47877 Willich
Telephone: +49 2156 4954830
email: info@grande-immo.com
We would like to point out that there is no need to appoint a data protection officer. The contact person for data protection is also Alessandra Grande, see above.
The data protection declaration is based on the terms used by the European legislator when adopting the General Data Protection Regulation (GDPR). Our privacy policy should be easy to read and understand both for the public and for our customers and business partners. To ensure this, we would like to explain the terms used in advance.
In this privacy statement, we use the following terms, among others:
1. Personal data
Personal data is any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more particular characteristics that are an expression of the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person.
2. Affected person
Data subject is any identified or identifiable natural person whose personal data is processed by the controller (our company).
3. Processing
Processing is any process carried out with or without the aid of automated processes or any such series of processes in connection with personal data, such as collecting, organizing, storing, adapting or modifying, reading, querying, using, disclosing through transmission, dissemination or any other form of provision, reconciliation or linking, restriction, deletion or destruction.
4. Restriction of processing
Restriction of processing is the marking of stored personal data with the aim of restricting their future processing.
5. Profiling
Profiling is any type of automated processing of personal data that consists of using this personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects relating to the work performance, economic situation, health, personal preferences, interests, reliability, behavior, whereabouts or changes of location of that natural person.
6. Pseudonymization
Pseudonymization is the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that this additional information is stored separately and is subject to technical and organizational measures which ensure that the personal data is not assigned to an identified or identifiable natural person.
7. Contract processor
Contract processor is a natural or legal person, authority, agency or other body that processes personal data on behalf of the person responsible.
8. Recipient
The recipient is a natural or legal person, authority, institution or other body to which personal data is disclosed, regardless of whether it is a third party or not. However, public authorities that may receive personal data as part of a specific investigation mandate under Union or Member State law are not considered recipients.
9. third party
A third party is a natural or legal person, authority, agency or body other than the data subject, the controller, the processor and the persons who, under the direct responsibility of the controller or processor, are authorized to process personal data.
10. Consent
Consent is any expression of will given voluntarily by the data subject in an informed and unequivocal manner in the form of a statement or other unequivocal affirmative action by which the data subject indicates that he or she agrees to the processing of personal data concerning you.
Art. 6 para. 1 lit. a) GDPR (in conjunction with Section 25 para. 1 TDDDG (formerly TTDSG)) serves our company as the legal basis for processing operations in which we obtain consent for a specific processing purpose.
If the processing of personal data is necessary to fulfill a contract to which you are a party, as is the case, for example, in processing operations that are necessary for the delivery of goods or the provision of another service or consideration, the processing is based on Art. 6 para. 1 lit. b) GDPR. The same applies to such processing operations that are necessary to carry out pre-contractual measures, for example in cases of inquiries about our products or services.
If our company is subject to a legal obligation which requires the processing of personal data, such as to fulfill tax obligations, the processing is based on Art. 6 (1) lit. c) GDPR.
In rare cases, the processing of personal data could be necessary to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor were injured in our company and his name, age, health insurance data or other vital information would then have to be passed on to a doctor, hospital or other third party. Processing would then be based on Article 6 (1) (d) GDPR.
Ultimately, processing operations could be based on Art. 6 para. 1 lit. f) GDPR. Processing operations that are not covered by any of the above legal bases are based on this legal basis if processing is necessary to protect a legitimate interest of our company or a third party, provided that the interests, fundamental rights and fundamental freedoms of the data subject do not prevail. We are permitted to carry out such processing operations in particular because they have been specifically mentioned by the European legislator. In this respect, he was of the opinion that a legitimate interest could be assumed if you are a customer of our company (recital 47 sentence 2 GDPR).
Your personal data will not be transferred to third parties for purposes other than those listed below.
We only share your personal data with third parties if:
1. you have given us your express consent in accordance with Article 6 (1) (a) GDPR,
2. disclosure is permitted in accordance with Article 6 (1) (f) GDPR to protect our legitimate interests and there is no reason to assume that you have an overriding legitimate interest in not disclosing your data,
3. in the event that there is a legal obligation to transfer the data in accordance with Article 6 (1) (c) GDPR, and
4. this is permitted by law and is required in accordance with Article 6 (1) (b) GDPR for the execution of contractual relationships with you.
As part of the processing operations described in this privacy policy, personal data may be transferred to the USA. Companies in the USA only have an appropriate level of data protection if they have certified themselves under the EU-US Data Privacy Framework and the EU Commission's adequacy decision in accordance with Article 45 GDPR therefore applies. We have explicitly stated this in the privacy policy of the service providers concerned. In order to protect your data in all other cases, we have concluded order processing agreements based on the European Commission's standard contractual clauses. If the standard contractual clauses are not sufficient to establish an adequate level of security, your consent may serve as a legal basis for transfer to third countries in accordance with Art. 49 para. 1 lit. a) GDPR. This sometimes does not apply to data transfers to third countries for which the European Commission has issued an adequacy decision in accordance with Article 45 GDPR.
This site uses SSL or TLS encryption to ensure the security of data processing and to protect the transmission of confidential content, such as orders, login data or contact requests that you send to us as the operator. You can recognize an encrypted connection by the fact that the browser's address line contains “https://” instead of “http://” and by the lock icon in your browser line.
We use this technology to protect the information you submit.
We host our website at Webflow, Inc. 398 11th St., Floor 2, San Francisco, CA 94103, USA (hereinafter referred to as Webflow). When you visit our website, your personal data (e.g. IP addresses in log files) is processed on Webflow's servers.
Webflow is used on the basis of Art. 6 para. 1 lit. f) GDPR. We have a legitimate interest in presenting, providing and securing our website as reliably as possible.
We have concluded an order processing contract (AVV) with Webflow in accordance with Art. 28 GDPR. This is a contract required by data protection law, which ensures that Webflow only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.
For more information about Webflow's privacy policy, please visit: https://webflow.com/legal/privacy.
Cookies are small files that your browser automatically creates and that are stored on your IT system (laptop, tablet, smartphone, etc.) when you visit our site.
Information is stored in the cookie, which results from the specific device being used in each case. However, this does not mean that we are immediately aware of your identity as a result.
The use of cookies serves to make the use of our website more pleasant for you. For example, we use so-called session cookies to recognize that you have already visited individual pages of our website. These are automatically deleted after you leave our site.
In addition, we also use temporary cookies to optimize usability, which are stored on your device for a specific period of time. If you visit our site again to use our services, it will automatically recognize that you have already been with us and what entries and settings you have made so that you do not have to enter them again.
On the other hand, we use cookies to statistically record the use of our website and to evaluate our offer for you for the purpose of optimization. When you visit our website again, these cookies enable us to automatically recognize that you have already visited it. The cookies set in this way are automatically deleted after a defined period of time. The respective storage period of cookies can be found in the settings of the consent tool used.
The data processed by cookies, which is required for the website to function properly, is therefore necessary to protect our legitimate interests and those of third parties in accordance with Article 6 (1) (f) GDPR.
For all other cookies, you have given your consent to this via our opt-in cookie banner in accordance with Art. 6 para. 1 lit. a) GDPR.
We use the consent management tool “Usercentrics” from Usercentrics GmbH, Sendlinger Str. 7, 80331 Munich, Germany. This service allows us to obtain and manage the consent of website users to process data.
Usercentrics collects data generated by end users who use our website. When an end user gives consent, Usercentrics automatically logs the following data:
- Browser information.
- date and time of access.
- device information.
- The URL of the page you are visiting.
- Geographical location.
- Site page path.
- The consent status of the end user, which serves as proof of consent.
The consent status is also stored in the end user's browser so that the website can automatically read and follow the end user's consent on all subsequent page requests and future end user sessions for up to 12 months. The consent data (consent and withdrawal of consent) are stored for three years. The storage period corresponds to the regular limitation period in accordance with Section 195 BGB. The data is then immediately deleted or passed on to the responsible person in the form of a data export upon request.
The functionality of the website is not guaranteed without the described processing. The user has no right to object as long as there is a legal obligation to obtain the user's consent to certain data processing processes (Art. 7 para. 1, 6 para. 1 lit. c) GDPR).
Usercentrics is a recipient of your personal data and acts as an order processor for us. Detailed information about using Usercentrics can be found at: https://usercentrics.com/privacy-policy/.
When you contact us (e.g. via contact form or email), personal data is collected. Which data is collected when using a contact form is shown in the respective contact form. This data is stored and used exclusively for the purpose of answering your request or contacting you and the associated technical administration. The legal basis for processing the data is our legitimate interest in responding to your request in accordance with Art. 6 para. 1 lit. f) GDPR. If your contact is aimed at concluding a contract, the additional legal basis for processing is Art. 6 para. 1 lit. b) GDPR. Your data will be deleted after your request has been processed, this is the case if it can be inferred from the circumstances that the matter in question has been finally clarified and the deletion does not conflict with any legal storage requirements.
Our website gives you the opportunity to subscribe to our company's newsletter. The input mask used for this purpose shows which personal data is transmitted to us when ordering the newsletter.
We inform our customers and business partners about our offers at regular intervals by means of a newsletter. In principle, you can only receive our company's newsletter if
1. You have a valid email address and
2. You have signed up to receive the newsletter.
For legal reasons, a confirmation email will be sent to the e-mail address you entered for the first time for sending the newsletter using a double opt-in procedure. This confirmation email is used to check whether you, as the owner of the email address, have authorized receipt of the newsletter.
When you register for the newsletter, we also store the IP address of the IT system you were using at the time of registration, as well as the date and time of registration, as well as the date and time of registration. The collection of this data is necessary to be able to trace the (possible) misuse of your e-mail address at a later date and is therefore our legal protection.
The personal data collected as part of a subscription to the newsletter is used exclusively to send our newsletter. In addition, subscribers to the newsletter could be informed by e-mail if this is necessary to operate the newsletter service or to register in this regard, as could be the case in the event of changes to the newsletter offer or if technical conditions change. There is no transfer of personal data collected as part of the newsletter service to third parties. You can cancel your subscription to our newsletter at any time. The consent to the storage of personal data that you have given us for sending the newsletter can be withdrawn at any time. For the purpose of withdrawing consent, there is a corresponding link in every newsletter. It is also possible to unsubscribe from the newsletter at any time directly on our website or to inform us of this in another way.
The legal basis for data processing for the purpose of sending newsletters is Article 6 (1) (a) GDPR.
So that we can also communicate with you on social networks and inform you about our services, we have our own pages there. If you visit one of our social media pages, we are jointly responsible for the processing with regard to the processing operations triggered as a result, within the meaning of Article 26 GDPR, with the provider of the respective social media platform.
We are not the original provider of these pages, but only use them within the scope of the options offered to us by the respective providers.
As a precautionary measure, we therefore point out that your data may also be processed outside the European Union or the European Economic Area. Use may therefore involve data protection risks for you, as the protection of your rights, e.g. to information, deletion, objection, etc. could be difficult and the processing on social networks is often carried out directly for advertising purposes or to analyze user behavior by the providers, without this being able to be influenced by us. If user profiles are created by the provider, cookies are often used or the usage behavior is assigned to your own social network member profile.
The described processing of personal data is carried out in accordance with Art. 6 para. 1 lit. f) GDPR on the basis of our legitimate interest and the legitimate interest of the respective provider in order to be able to communicate with you in a timely manner or to inform you about our services. If you have to give the respective providers consent to data processing as a user, the legal basis relates to Art. 6 para. 1 lit. a) GDPR in conjunction with Art. 7 GDPR.
Since we have no access to the providers' databases, we would like to point out that it is best to assert your rights (e.g. to information, correction, deletion, etc.) directly with the respective provider. We have provided further information on the processing of your data in social networks below with the respective social network provider we use:
(Co-) responsible for data processing in Germany:
Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
Privacy Policy (Data Policy): https://instagram.com/legal/privacy/
On our websites, we use Google Analytics, a web analysis service provided by Google Ireland Limited (https://www.google.de/intl/de/about/), Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). In this context, pseudonymized user profiles are created and cookies (see “Cookies” section) are used. The information generated by the cookie about your use of this website, such as
1. the browser type/version,
2. the operating system used,
3. the referrer URL (the previously visited page),
4. the host name of the accessing computer (IP address) and
5. time of the server request,
are transferred to a Google server in the USA and stored there. The information is used to evaluate the use of the website, to compile reports on website activity and to provide other services related to website activity and Internet usage for the purposes of market research and to tailor these websites to meet the needs of users. This information may also be transferred to third parties if this is required by law or if third parties process this data on behalf of third parties. Under no circumstances will your IP address be combined with other data from Google. The IP addresses are anonymized so that allocation is not possible (IP masking).
You can prevent the installation of cookies by setting your browser software accordingly; however, we would like to point out that in this case you may not be able to use all functions of this website to their full extent.
These processing operations are carried out exclusively with express consent in accordance with Art. 6 para. 1 lit. a) GDPR.
You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing a browser add-on (https://tools.google.com/dlpage/gaoptout?hl=de).Das Parent company Google LLC is certified as a US company under the EU-US Data Privacy Framework. There is hereby an adequacy decision in accordance with Article 45 of the GDPR, meaning that personal data may also be transferred without further guarantees or additional measures.
The privacy policy of Google Analytics can be viewed at: https://support.google.com/analytics/answer/6004245?hl=de.
We use Adobe Typekit to visually design our website. Typekit is operated by Adobe Systems Software Ireland Ltd., 4-6 Riverwalk, Citywest Business Campus, Dublin 24, Ireland. By using Typekit, we are given access to a font library on Adobe servers (headquartered in the USA). To integrate the fonts we use, your browser connects to an Adobe server in the USA to dynamically download the font required for our website. Adobe receives the information that our website has been accessed from your IP address.
These processing operations are carried out exclusively with express consent in accordance with Art. 6 para. 1 lit. a) GDPR.
The parent company Adobe Inc. is certified as a US company under the EU-US Data Privacy Framework. There is hereby an adequacy decision in accordance with Article 45 of the GDPR, meaning that personal data may also be transferred without further guarantees or additional measures.
Typekit's privacy policy can be viewed at: https://www.adobe.com/privacy/policies/adobe-fonts.html.
The WhatsApp Business privacy policy is currently being created.
The privacy policy for onOffice brokerage software is currently being created.
The privacy policy for Vimeo video integration is currently being created.
You have the right to request confirmation from us as to whether personal data concerning you is being processed.
You have the right to receive free information from us about the personal data stored about you and a copy of this data in accordance with legal provisions at any time.
You have the right to request that incorrect personal data concerning you be corrected. You also have the right to request the completion of incomplete personal data, taking into account the purposes of processing.
You have the right to request that we delete the personal data relating to you immediately, provided that one of the reasons provided for by law applies and insofar as processing or storage is not necessary.
You have the right to ask us to restrict processing if one of the legal requirements is met.
You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format. You also have the right to transfer this data to another person responsible without hindrance from us to whom the personal data has been provided, provided that the processing is based on consent in accordance with Article 6 (1) (a) GDPR or Article 9 (2) (a) GDPR or on a contract in accordance with Article 6 (1) (b) GDPR and the processing is carried out using automated procedures, provided that the processing is not necessary for the performance of a task that is in the public interest or in the exercise of official authority which was transferred to us.
In addition, when exercising your right to data portability in accordance with Article 20 (1) GDPR, you have the right to have the personal data transmitted directly from one person responsible to another person responsible, insofar as this is technically feasible and provided that this does not affect the rights and freedoms of other persons.
For reasons arising from your particular situation, you have the right to object at any time to the processing of personal data concerning you on the basis of Article 6 (1) (e) (data processing in the public interest) or f (data processing based on a balance of interests) GDPR.
This also applies to profiling based on these provisions within the meaning of Art. 4 No. 4 GDPR.
If you file an objection, we will no longer process your personal data unless we can prove compelling legitimate reasons for processing that outweigh your interests, rights and freedoms, or if the processing serves to assert, exercise or defend legal claims.
In individual cases, we process personal data for direct marketing purposes. You can object to the processing of personal data for the purpose of such advertising at any time. This also applies to profiling insofar as it is associated with such direct advertising. If you object to us processing for direct marketing purposes, we will no longer process the personal data for these purposes.
In addition, you have the right, for reasons arising from your particular situation, to object to processing of personal data concerning you by us for scientific or historical research purposes or for statistical purposes in accordance with Article 89 (1) of the GDPR, unless such processing is necessary to perform a task in the public interest.
Notwithstanding Directive 2002/58/EC, you are free to exercise your right of objection in connection with the use of information society services by means of automated procedures using technical specifications.
You have the right to withdraw your consent to the processing of personal data at any time with effect for the future.
You have the right to complain to a supervisory authority responsible for data protection about our processing of personal data.
We process and store your personal data only for the period necessary to achieve the storage purpose or if this is provided for by the legislation to which our company is subject.
If the storage purpose ceases to apply or if a prescribed storage period expires, the personal data will be blocked or deleted routinely and in accordance with legal requirements.
The criterion for the duration of storage of personal data is the respective legal retention period. At the end of the period, the corresponding data will be routinely deleted, provided that it is no longer required to fulfill or initiate a contract.
This privacy policy is currently valid and was last updated: November 2024.
As a result of the development of our websites and offers or due to changes in legal or regulatory requirements, it may be necessary to change this privacy policy. The current privacy policy can be viewed at any time on the website at www.grande-immobilien.com/privacy be retrieved and printed out by you.
