DATA PROTECTION DECLARATION (INCLUDING LEGALLY REQUIRED INFORMATION CONTENT)
Data protection information for clients and
prospective clients
Information on data protection concerning our data processing in accordance with Article (Art.) 13, 14 and 21 of the General Data Protection Regulation (GDPR)
We take data protection seriously and hereby inform you about how we process your data and what claims and rights you are entitled to according to the statutory data protection regulations. Valid from 25 May 2018
1. | Responsible bodies and contact details for data processing: | |
Swiss Life Asset Managers Deutschland GmbH
– Data Protection – Clever Str. 36 50668 Cologne DSB-SwissLifeAssetManagers@he-c.de |
Swiss Life Insurance Asset Management GmbH – Data Protection – Zeppelinstrasse 1 85748 Garching near Munich DSB-SwissLifeAsset@he-c.de |
|
SL AM Development Bergedorf 1 GmbH – Data Protection – Clever Str. 36 50668 Cologne DSB-SwissLifeAssetManagers@he-c.de |
SL AM Development Bergedorf 2 GmbH – Data Protection – Clever Str. 36 50668 Cologne DSB-SwissLifeAssetManagers@he-c.de |
|
Swiss Life Asset Managers Luxembourg Niederlassung Deutschland – Data Protection – Hochstrasse 53 60313 Frankfurt am Main DataprotectionAM@swisslife.de |
SL AM Aurum GmbH & Co. KG – Data Protection – Clever Str. 36 50668 Cologne DSB-SwissLifeAssetManagers@he-c.de |
|
SL AM Development Commercial GmbH – Data Protection – Clever Str. 36 50668 Cologne DSB-SwissLifeAssetManagers@he-c.de |
SL AM Development Residential GmbH – Data Protection – Clever Str. 36 50668 Cologne DSB-SwissLifeAssetManagers@he-c.de |
|
BEOS AG – Data Protection – Kurfürstendamm 188 10707 Berlin Datenschutz-Beos@he-c.de |
BEREM Property Management GmbH – Data Protection – Kurfürstendamm 188 10707 Berlin Datenschutz-Beos@he-c.de |
|
PE Reiterstaffel GmbH & Co. KG – Data Protection – Clever Str. 36 50668 Cologne DSB-SwissLifeAssetManagers@he-c.de |
||
Contact details of the data protection officer of Swiss Life Asset
Managers Deutschland GmbH,
Swiss Life Insurance Asset Managers GmbH, Swiss Life Kapitalverwaltungsgesellschaft GmbH and
Swiss Life Asset Managers France:
Harald Eul HEC Harald Eul Consulting GmbH Auf der Höhe 34 DE-50321 Brühl If you have any questions on the subject of data protection, you can contact the relevant data protection responsibles or the data protection officer in confidence at any time. | ||
2. | Purposes and legal basis according to which we process your data
We process personal data in accordance with the stipulations of the General Data-Protection Regulation (GDPR), the German Federal Data-Protection Act (Bundesdatenschutzgesetz – BDSG) and other applicable data-protection provisions (details are provided in the following). The details of which data are processed and how they are used depends largely on the services requested or agreed in each case. Further details or additions for the purposes of data processing can be found in the respective contract documents, forms, a declaration of consent and/or other information provided to you (e. g. in the context of the use of our website or our terms and conditions). In addition, this data protection information may be updated from time to time, as you may find out from our website www.swisslife-am.com | |
2.1 |
Purposes of contract fulfilment or pre-contractual measures (Art. 6, section 1 b
of the GDPR)
The processing of personal data is carried out in order to carry out our contracts with you and the execution of your orders as well as to carry out measures and activities within the framework of pre-contractual relations, e. g. with interested parties. In particular, the processing thus serves to provide real estate related services, in particular marketing, letting, acquisition and sale of real estate according to your orders and wishes and include the necessary services, measures and activities. This essentially includes contract-related communication with you, Credit checks, the verifiability of transactions, orders and other agreements as well as quality control by means of appropriate documentation, goodwill procedures, measures to control and optimize business processes as well as the fulfilment of general duties of care, control and supervision by affiliated companies (e. g. Parent company); statistical evaluations for corporate management, cost recording and controlling, reporting, internal and external communication, emergency management, accounting and tax assessment of operational services, risk management, assertion of legal claims and defence in the event of legal disputes; ensuring IT security ((inter alia system and plausibility tests) and general security, including building and plant security, securing and exercising domestic authority (e. g. by means of access controls); guaranteeing the integrity, authenticity and availability of data, preventing and investigating criminal offences; control by supervisory bodies or supervisory authorities (e. g. auditing). |
|
2.2 |
2.2 Purposes within the framework of a legitimate interest on our part or of third parties
(Art. 6, section 1 f of the GDPR)
Above and beyond the actual fulfilment of the (pre-) agreement, we process your data whenever this is necessary to protect legitimate interests of our own or of third parties, in particular for the following purposes:
|
|
2.3 | Purposes within the framework of your consent (Art. 6,
section 1 a of the GDPR)
Your personal data can also be processed for certain purposes (e.g. use of company communication systems for private purposes; photographs/videos of you for publication in the Intranet/Internet) including as a result of your consent. As a rule, you can revoke this consent at any time. This also applies to the revoking of declarations of consent that were issued to us before the GDPR went into effect, i.e. prior to 25 May 2018. You shall be separately informed about the consequences of revocation or refusal to provide consent in the respective text of the consent. Generally speaking, revocation of consent only applies to the future. Processing that takes place prior to consent being issued is not affected by such and remains lawful |
|
2.4. | Purposes relating to adherence to statutory requirements
(Art. 6, section 1 c of the GDPR) or in the public interest (Art. 6,
section 1 e of the GDPR)
Just like any actor which takes part in business life, we are also subject to a large number of legal obligations. These are primarily statutory requirements (e.g. commercial and tax laws), but also if applicable supervisory law or other requirements set out by government authorities. The purposes of processing may also include identity and age checks, prevention of fraud and money laundering (e.g. comparisons with European and international anti-terror lists), compliance with control and notification obligations under tax law as well as the archiving of data for the purposes of data protection and data security as well as for purposes of audits by tax advisors/auditors, fiscal and other government authorities. In addition, it may be necessary to disclose personal data within the framework of official government/court measures for the purposes of collecting evidence, law enforcement and criminal prosecution or the satisfaction of civil law claims. |
|
3. | 3. The categories of data that we process as long as we do not
receive data directly from you, and its origin If necessary for the contractual relationship with you and the activities performed by you, we may process data which we lawfully receive from other offices or other third parties (e.g. commercial or address sales agencies). In addition, we process personal data that we have lawfully collected, received or acquired from publicly accessible sources (such as, for example, commercial registers and association registers, civil registers, the press, Internet and other media) if such is necessary and we are allowed to process this data in accordance with statutory provisions. Relevant personal data categories may in particular be:
|
|
4. | Recipients or categories of recipients of your data At our company, your data is received by those internal offices or organisational units that need such to fulfil our contractual and statutory obligations or that require such data within the framework of processing and implementing our legitimate interests. Your data is disclosed/passed on to external offices and persons solely
We shall moreover refrain from transmitting your data to third parties if we have not informed you of such separately.If we commission service providers within the framework of processing an order, your data will be subject there to the security standards stipulated by us in order to adequately protect your data. In all other cases, recipients may only use the data for purposes for which the data has been sent to them. |
|
5. | Length of time your data is stored We process and store your data for the duration of our business relationship. This also includes the initiation of a contract (pre-contractual legal relationship) and the execution of a contract. Above and beyond this, we are subject to various retention and documentation obligations that emanate inter alia from the German Commercial Code (HGB) and the German Tax Code (AO), as well as the Makler- und Bauträgerverordnung (MaBV) The periods and deadlines for retention and/or documentation stipulated therein are up to ten years beyond the end of the contractual relationship or the pre-contractual legal relationship. Furthermore, special statutory provisions may require longer retention such as for example the preservation of evidence in connection with statutory time-barring provisions (statute of limitations). Under §§ 195 ff. of the German Civil Code (BGB), the regular time-barred period is three years, but time-barred periods of up to 30 years may also be applicable. If the data is no longer required to meet contractual or statutory obligations and rights, it is regularly deleted unless its further processing – for a limited period – is necessary to fulfil the purposes listed under number 2.2 due to an overriding legit-imate interest. Such an overriding legitimate interest is deemed to be the case, for example, if it is not possible to delete the data as a result of the special type of storage or such is only possible at an unreasonably great expense and processing for other purposes is excluded by appropriate technical and or-ganisational measures. |
|
6. | Processing of your data in a third country or through an
international organisation Data is transmitted to offices in countries outside the European Economic Area EU/EEA (so-called third states) whenever such is necessary to meet a contractual obligation towards you (e.g. if you are despatched to another country), such is required by law (e.g. notification obligations under tax law), such is in the legitimate interest of us or a third party or you have issued us your consent to such. At the same time, your data may be processed in a third country including in connection with the involvement of service providers within the framework of the processing of the order. If no decision has been issued by the EU Commission regarding the ensurance of an adequate level of data protection for the respective country or for one or more specific sectors within a third country, appropriate contracts (such as EU standard contracts) and additional measures may be used as a basis for the transfer. Information on the appropriate or adequate safe-guards and on the possibility of obtaining a copy from you can be requested from the company data protection officer. |
|
7. | Your data-protection rights If certain conditions are met, you can assert your data-protection rights against us
Whenever possible, your applications for the exercise of your rights should be sent in writing to the address stated above or addressed directly to our data-protection officer. |
|
8. | Scope of your obligations to provide us your data You only need to provide data that is necessary for the commencement and performance of the business relationship or for a pre-contractual relationship with us or the collection of which we are required by law. Without this data, we are generally not able to conclude the agreement or continue to perform such. This may also relate to data that is required later within the framework of the contractual relationship. If we request data from you above and beyond this, you shall be informed about the voluntary nature of the information separately. |
|
9. | 9. Presence of an automated decision made in individual cases
(including profiling) We do not use any purely automated decision-making procedure as set out in Article 22 of the GDPR. If we do institute such a procedure in individual cases in the future, we shall inform you pursuant hereto separately if this is required by law Under certain circumstances, we may process your data in part with the aim of evaluating certain personal aspects (profiling). In order to provide you with targeted information and advice on products, we may use evaluation tools. These enable a needs-oriented product design, communication and advertising including market and opinion research. Such procedures can also be used to assess your solvency and creditworthiness as well as to combat money laundering and fraud. “Score values” can be used to assess your creditworthiness and creditworthiness. In the case of scoring, the probability is calculated using mathematical methods with which a customer will meet his payment obligations in accordance with the contract. Such score values thus support us, for example, in assessing our creditworthiness, decision-making in the context of product deals and are incorporated into our risk management. The calculation is based on mathematically and statistically recognised and proven methods and is based on your data, in particular income, expenditure, existing liabilities, profession, employer, length of service, experience from the previous business relationship, repayment of previous loans in accordance with the contract and information from credit agencies. Information on nationality and special categories of personal data according to Art. 9 GDPR are not processed. |
Information about your right to object Art. 21 GDPR
The objection can be filed without adhering to any form requirements and should if possible be sent to Swiss Life Asset Managers Deutschland GmbH z. Hd. Rechtsabteilung Clever Str. 36 50668 Köln Status of the data protection information 28.11.2023 |
PART 2: SUPPLEMENTARY DATA PROTECTION INFORMATION FOR OUR WEBSITE
With the following data protection information, we would like to explain to you in more detail how your data is handled when you use our Websites.
1. | Visiting the website
Each time you visit our website, our systems automatically collect data and information from the
computer system of the calling computer (personal data that your browser transmits to our
server). This also occurs if you do not register or otherwise transmit information to us, for
example by actively entering it. The following data is collected in any case when visiting our
websites:
The storage of the aforementioned data is generally only temporary for the duration of the session and is necessary to enable the proper operation and display of the website. This processing of your data also serves the purpose of evaluating and ensuring system security and stability as well as other administrative purposes. If your data is stored in our log files, this is also only done to ensure the functionality of our websites. In addition, we use the data to optimize and ensure the security of our information technology systems. The legal basis for the processing and storage of your personal data is Art. 6 para. 1 sentence 1 lit. f GDPR. Your data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended. If your data is stored in log files, this is the case after five days at the latest. Data is only stored beyond this period in exceptional cases, for example if this is necessary for technical reasons or to improve our systems. In this case, the IP addresses of the users are deleted or anonymized so that they can no longer be assigned. |
|
2 |
Contact form A contact form is integrated on our website, which you can use to contact us or the broker commissioned by us and named in the input mask. When using the contact form, the data entered in the input mask is collected and, if necessary, transmitted to the broker for the purpose of establishing contact. In addition, your IP address and the date and time of the inquiry are stored. The legal basis for the processing of your data when using the contact form is your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR. The processing of personal data from the input mask is only used to process your contact with us or the broker. |
|
3 |
Electronic newsletter When sending our electronic newsletter to which you can subscribe, we collect and process the personal data you enter in the input screen. We process your e-mail address in order to contact you for the purpose of sending you our electronic newsletter and for information on other products, services or other activities. The legal basis is your consent Art. 6 para. 1 sentence 1 lit. a) GDPR. You can revoke your consent at any time with effect for the future and thus unsubscribe from receiving information about current and future products, services or other information about us. You can declare your revocation by clicking on the link provided in every newsletter e-mail or by sending a message to our contact details. If you object to the use of your data, we will no longer send you promotional communications. |
|
4 |
General information on the use of cookies |
|
5 | Request by e-mail, telephone or fax If you contact us by email, telephone or fax, we will store and process your request, including all resulting personal data, for the purpose of processing your request. This data is processed on the basis of Art. 6 para. 1 lit. b GDPR if your request is related to the fulfillment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the inquiries addressed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR) if this has been requested. You can withdraw your consent at any time with effect for the future. |
|
6 | Links to other websites Our website may contain links to other websites. We have no influence on whether their operators comply with data protection regulations. We also have no influence on the legality of the content of these websites. We therefore reject any responsibility for the content of other websites. |
|
7 |
Questions and comments
If you have any questions, suggestions or comments on the subject of data protection, please
contact: Our supplementary privacy policy for the website and the information on data protection regarding our data processing in accordance with Articles (Art.) 13, 14 and 21 GDPR PART 1 and PART 2 may change from time to time. We will publish all changes on our website. We will make older versions available to you on request at the address given under Part 2 questions and comments. |
|