With this data protection declaration, we inform you about how we use, pass on and otherwise process the personal data collected from you. We treat all personal data in accordance with the provisions of European and Austrian data protection law.
A. GENERAL PROVISIONS:
Bundesimmobiliengesellschaft m.b.H., FN 34897 w
Representatives of the controller: see imprint
Data protection officer: Mag. Siegfried Gruber (O.P.P.-Compliance GmbH)
2. Personal data
We collect, process and use your personal data only in accordance with Art 6 (1) GDPR or, where applicable, Art 9 GDPR. In doing so, we process your personal data only if:
- you have given your express consent in accordance with Art 6 (1) (a) GDPR, or
- it is necessary for the processing of contractual relationships with you (Art 6 (1) (b) GDPR), or
- the processing is necessary for the fulfilment of one of our legal obligations (Art 6 (1) (c) GDPR).
You will find the legal basis specifically applicable to the respective processing purpose below in the explanations on the individual processing purposes.
Personal data as defined in the GDPR are all data relating to natural persons whose identity is determined or at least determinable and which contain individual details of personal or material circumstances, e.g. name, address, e-mail address, telephone number, date of birth, age, sex, national insurance number, proof of income, video recordings, photographs.
3. Rights of data subjects
As our contractual partner or generally as a data subject, you have the right to information about your stored personal data as well as the right to correction, data transfer, objection, restriction of processing as well as blocking/anonymisation or deletion of the data, provided that no exception (e.g. legal storage obligation) exists and in accordance with the legal provisions.
If there are any changes to your personal data, we request that you inform us accordingly. You have the right to revoke your consent to the use of your personal data at any time. Your request for information, deletion, correction, restriction, objection and/or data transfer can be sent to the e-mail address datenschutz(at)big.at.
If you are of the opinion that the processing of your personal data by us violates the applicable data protection law or your data protection rights have been violated in any other way, you have the possibility to complain to the responsible supervisory authority. In Austria, the data protection authority is responsible for this (www.dsb.gv.at).
4. Data security
The protection of your personal data is carried out by appropriate organisational and technical precautions. These precautions relate in particular to protection against unauthorised, illegal or even accidental access, processing, loss, use and manipulation. Notwithstanding our efforts to maintain an appropriately high level of due diligence at all times, it cannot be ruled out that information that you disclose to us via the internet may be viewed and used by other persons. Please note that we therefore accept no liability whatsoever for the disclosure of information due to errors in data transmission not caused by us and/or unauthorised access by third parties (e.g. hacking attack on e-mail account or telephone, interception of faxes).
5. Data processing
We will not process the data made available to us for purposes other than the execution of the contractual relationship or for purposes covered by your consent or otherwise by a provision in accordance with the GDPR.
6. Transmission of data to third parties
In order to fulfil our contractual or legal obligations, when necessary for the purpose of data processing or if there is a legitimate interest in the business of those involved (third parties), it may also be necessary to transfer your data to third parties. Possible recipients may be: companies of the group of companies, private and public bodies that disclose or require information in connection with the contractual relationship (e.g. chimney sweeps, maintenance companies), insurance companies (e.g. in connection with damage claims), tax consultants, management consultants or lawyers, public authorities, companies commissioned to support the internal IT infrastructure of the company, as well as service providers and trade companies, such as in particular architects, planners, construction companies, technical and/or economic consultants and professionals whom we generally use or use in the context of property management or construction project and to whom we make data available. This forwarding of your data takes place exclusively on the basis of the GDPR.
If, for individual processing purposes, the data is transferred to third parties where further information is required, you will find this under the respective purpose.
As a rule, your data will be processed within the EEA. However, we only transfer your personal data outside the EEA to countries for which the European Commission has decided that they have an adequate level of data protection or we take measures to ensure that all recipients have an adequate level of data protection, for which we conclude standard contractual clauses (2010/87/EC and/or 2004/915/EC).
7. Data breach notification
We endeavour to ensure that data breaches are identified at an early stage and – in accordance with the legal provisions – reported to you or the relevant supervisory authority without delay, if necessary, including the respective categories of data affected.
8. Data retention
In accordance with the applicable data protection requirements, we are obliged to delete personal data as soon as the purpose for processing has been fulfilled. In this context, we would like to point out that statutory data retention obligations and periods represent a legitimate purpose for the processing of personal data.
In any case, data will be stored and processed by us until the end of the business relationship or beyond that for the retention periods of the BAO (Federal Tax Code). Insofar as there are differences for individual processing purposes, this will be carried out for the respective purpose.
B. SPECIFIC PROVISIONS:
1. Press enquiries
In the case of press enquiries, your personal data will be transmitted to answer this enquiry. If your contact details have been published for the purpose of contacting you about press issues, we may also process them beyond answering your enquiry.
2. Enquiries from interested parties
When you fill out the contact form on our website, the following data is processed:
- First and last name
- E-mail address
- Object in which an interest exists
This data is processed for the purpose of fulfilling (pre-)contractual obligations in accordance with Art 6 (1) (b) GDPR. We store the data until we have answered your enquiry, unless a legal obligation to retain data arises from the content of the respective enquiry. This data will not be passed on to third parties.
3. Newsletter subscription
You have the possibility to subscribe to our newsletter via our website big-art.at.
Our newsletter contains information about our offers and accompanying information. The sign-up to our newsletter is done in a so-called Double-Opt-In-Procedure. This means that you will receive an e-mail after your registration in which you are asked to confirm it. This confirmation is necessary so that nobody can register with another’s e-mail address. Newsletter registrations are logged in accordance with Art 6 (1) (f) GDPR on the basis of our justified interest in verifiability. This includes the storage of the time of registration and confirmation as well as the IP address. Changes to your stored data are also logged.
The dispatch of the newsletter and the measurement of success associated with it are based on the consent of the recipients in accordance with Art 6 (1) (a) GDPR or, if consent is not required, on our legitimate interests in direct marketing for similar products and services in accordance with Art 6 (1) (f) GDPR.
Objection/Cancellation – You can cancel the receipt of our newsletter at any time by revoking your consent with effect for the future in accordance with Art 7 (3) GDPR or by lodging an objection to the processing. You will find a link to unsubscribe at the end of each newsletter. Your e-mail address may be stored for up to three years on the basis of our legitimate interests before we delete it in order to be able to prove that you have previously given your consent. The processing of this data is limited to the purpose of a possible defence against claims.
4. Contact form
When you fill out the contact form on our website, the following data is processed:
- First and last name
- E-mail address
This data is processed for the purpose of fulfilling (pre-)contractual obligations in accordance with Art 6 (1) (b) GDPR. We store the data until we have answered your enquiry, unless a legal obligation to retain data arises from the content of the respective enquiry.
These data will not be passed on to third parties.
5. Video surveillance
The object is marked on the object to indicate that video surveillance is being carried out. Video surveillance is only carried out in public areas of these objects (especially entrance areas). Persons moving or staying in these areas are covered by this video surveillance. The processing is based on our predominant legitimate interest (Art 6 (1) (f) GDPR) in order to guarantee the security and protection of our objects. The rights of the persons concerned are guaranteed by the access restriction and the short storage period. Furthermore, processing is not carried out for the purpose of identifying the data subjects, but only to be able to enforce their rights in the event of an incident.
In order to ensure continuous object protection, the recordings are saved for 14 days and then deleted. The video surveillance was approved by the DSB (Data Protection Authority). If an incident occurs during this period which makes processing necessary for other reasons, specifically the enforcement of our rights, the recordings concerned will be further processed for this purpose on the basis of Art 9 (2) (f) GDPR.
C. USE OF OUR INTERNET PAGES:
The use of our Internet pages (big.at, are.at, big-art.at and nachhaltigkeit.big.at) is generally possible without providing personal data. Insofar as personal data (e.g. name, address or e-mail addresses) is processed on our pages, this is always done on a voluntary basis. If this is not necessary because of the purpose of the processing, these data will not be passed on to third parties without your express consent and will only be used for the purposes stated in each case.
When using our website, so-called “cookies” are stored on your end device. These are small text files that save certain settings and data for exchange with our system via your browser. A cookie contains the name of the domain from which the cookie data was sent, information about the age of the cookie and an alphanumeric identifier (“cookie ID”), and the following data: IP address, browser, operating system. Cookies help us, for example, to improve our website and to be able to offer you optimised services.
In the “session cookies” we use, only the above-mentioned data on your use of the website is temporarily stored. These save a so-called “session ID”, with which various requests from your browser can be assigned to a common session. This enables your computer to be recognised when you return to our website. Session cookies are deleted when you close the browser. In addition, so-called “persistent cookies” are used, which are automatically deleted after a specified period. These enable not only the recognition of your terminal device with which you have already visited our website, but also the non-personal analysis of your behaviour on our website. In the list below you will find information on how long the respective cookies are stored.
If you do not wish to use browser cookies, you can set your browser to not accept cookies. If you prevent the storage of technically required cookies, we would like to point out that you may not be able to use our website to its full extent.
In order to optimise our websites with regard to system performance, user-friendliness and the provision of useful information about our services, the provider of the respective website automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. This includes your Internet Protocol address (IP address), browser and language settings, operating system, referrer URL, your Internet service provider and date/time.
These data are not merged with personal data sources. We reserve the right to check these data subsequently if we become aware of concrete indications of illegal use.
These log files are processed for 28 days.
The legal basis is, on the one hand, the fulfilment of the contract, specifically the provision of our website free of charge (Art 6 (1) (b) GDPR), in our overriding interest in the security and functionality of our website (Art 6 (1) (f) GDPR) and, finally, they are technically necessary for the operation of the website (Art 96 (3) TKG – Austrian Telecommunication Code).
3. Google Analytics
Google will use this information on our behalf in order to evaluate the use of our website by users, to compile reports on the activities within this website and to provide us with further services associated with the use of this website and the use of the Internet. The processed data can be used to create pseudonymous user profiles of the users.
We only use Google Analytics with activated IP anonymisation. This means that the IP address of users is shortened by Google within member states of the European Union or in other states which are party to the Agreement on the European Economic Area. Only in exceptional cases the full IP address is transmitted to a Google server in the USA and shortened there. The IP address transmitted by the user’s browser is not combined with other data from Google.
Users can prevent the storage of cookies by adjusting their browser software accordingly; users can also prevent the collection of data generated by the cookie and relating to their use of the online offer to Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de
You can find further information on Google’s use of data for advertising purposes, as well as setting and objection options on Google’s websites: https://www.google.com/intl/de/policies/privacy/partners/ “Data use by Google when you use our partners’ websites or apps”), http://www.google.com/policies/technologies/ads “Data use for advertising purposes”), https://adssettings.google.com (“Manage information that Google uses to show you advertising”).
Further information can be found at https://support.google.com/analytics/topic/2919631?hl=de&ref_topic=1008008
The purpose of the data collection and processing as well as the use of the data by Facebook, as well as the types of data (scope of the data) can be found by the user in the notes on data protection, which Facebook itself publishes; see: http://www.facebook.com/policy.php. In the interests of the best possible transparency, we summarise the key points for the user:
The data collected in this way is used to analyse usage behaviour and to provide, select, evaluate and understand the advertisements that Facebook provides on and off Facebook (this includes advertisements provided by or on behalf of Facebook subsidiaries) and to compile statistics on users. Facebook will also use the data available to it to improve its advertising and measurement systems so that Facebook can show users on and off Facebook services and measure the effectiveness and reach of advertisements and services. If the user is registered with Facebook, Facebook is able, by using the data collected, to provide services to the user, personalise content for the user and provide the user with links and suggestions in which the user may be interested. Finally, the collected data is used to send marketing communications to the user, to communicate with the user about its services and to inform the user about Facebook’s policies and terms.
Further information on Facebook and the GDPR can be found at: https://www.facebook.com/business/gdpr#Facebook-als-Datenverantwortlicher-vs.-Auftragsverarbeiter.
The purpose of data collection and processing and use of the data by Instagram or Facebook, as well as the types of data (scope of data), can be found by the person concerned in the information on data protection published by Instagram itself; see: https://help.instagram.com/519522125107875. The information given above on Facebook applies analogously to Instagram.
On our websites we link to LinkedIn. The provider is LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland (“LinkedIn”). It provides buttons that allow users of our website to share content within LinkedIn.
Your data is processed on the basis of our legitimate interest in improving our online service in accordance with Art 6 (1) (f) GDPR.
The purpose of the data collection and processing as well as the use of the data by Twitter, as well as the types of data (scope of the data) can be found by the user in the information on data protection, which Twitter itself publishes; see http://twitter.com/privacy.
The purpose of the data collection and processing as well as the use of the data by YouTube, as well as the types of data (scope of the data) can be found by the person concerned in the notes on data protection, which YouTube itself publishes; see: https://policies.google.com/privacy?hl=de&gl=de.
10. Google Maps
This website uses maps from Google Maps, which are considered embedded links in the sense of the E-Commerce Act.
The provider of this service is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA Google Maps accesses the IP address as well as location data, whereby – especially in the case of mobile devices – the user’s corresponding consent is required.
You can find the corresponding data protection declaration at https://www.google.com/policies/privacy/. Furthermore, you have the possibility to opt out under https://adssettings.google.com/authenticated.