informationto beprovided.

Information to be provided where personal data are collected from the data subject Art. 13 GDPR

Data controller

Name and contact details of the controller:
Bauwerk Capital GmbH & Co.KG,
Prinzregentenstrasse 22, 80538 Munich,
Managing Directors: Christoph Lemp, Jürgen Schorn,
Registered office of the company: Munich, Munich Local Court, HRA 80602, HRB 144928,
E-mail: info@bauwerk.de
https://www.bauwerk.de

Name and contact details of the data protection officer:
Brigitte Batke-Spitzer 
Anwaltskanzlei Batke-Spitzer
Erbprinzenstraße 11
79098 Freiburg i.Br.
Germany
E-Mail: RA.Batke-Spitzer@web.de und batke-spitzer@outlook.de
 

What data do we process?

Categories of personal data that are processed:
Suppliers (address and functional data) and contact persons for the groups listed below where they are also legal persons (contact details and information concerning support).

Key categories of data are:

• Name
• Address
• Date and place of birth
• Telephone number (mobile and private)
• Data about account numbers and banks
• E-mail addresses (e-mail provided by you for correspondence purposes)
• Possible open receivables
• Authentication data (check on legal age)
• Data from documentation
• Sales data from payment transactions
• Data from fulfilling contractual obligations
• Data about the use of our services via telemedia (website, newsletter, apps)
• Authentication data (signatures)
• Payment orders

Where do data come from? (Source)

Stored data were collected in the course of our contractual relationship and individual orders or they resulted from business relationships and during business initiation. The storage of data is effected in order to perform and process the orders you place with us and for commercial and tax-related documentation and archiving obligations; signatures come from e-mail and documents.

Why do we process your data and on what legal basis is this done?

Purpose and legal basis for processing – Art. 6 GDPR

We process personal data in strict compliance and in accordance with the provisions of the GDPR and the Federal Data Protection Act 2018 (BDSG-neu)

 The Bauwerk Capital & Co. KG group of companies offers services in the area of project development, consulting, sales and marketing of premium real estate.

Data storage is performed in pursuit of our own business interests and to safeguard our legitimate interests as controller.

Similarly, permitted data storage is performed to safeguard the legitimate interests of a third party, to defend against threats to public security and to prosecute criminal offences.

Performance of a contract

(Art. 6 Sect. 1 Subsect. b GDPR)

Personal data are processed primarily for the purpose of performing contracts or pre-contractual measures that have been concluded with you and for executing your orders.

Customer data: The collection, processing or use of personal data is carried out in order to fulfil the business purpose; also to initiate business contacts and to notify customers.

Personnel data: The collection, processing or use of our employees’ personal data is carried out in order to perform and process the relevant contract of employment.

Applicant data: The collection, processing or use of applicants’ personal data is carried out in order to initiate contracts of employment.

Balance of interests

(Art. 6 Sect. 1 Subsect. f GDPR)

The data we process, while taking account of, and safeguarding, legitimate interests (by us or associated third parties), include the following data:

Credit rating enquiries and the exchange of data with credit agencies (e.g. Creditreform, SCHUFA, Bürgel), technical default settings to safeguard IT security within our company, measures aimed at ensuring security (property access) and safeguarding house rules, video surveillance (safeguarding house rules, tracking vandalism, property damage, disturbances, criminal acts), securing evidence.

Consent

(Art. 6 Sect. 1 Subsect. a GDPR)

Further processing of your personal data is lawful provided you have given us written (in some cases also electronic) consent. Based on this consent, it is then possible that we are allowed to use your e-mail address to send out newsletters. Any consent given can be withdrawn at any time.

Who receives your data?

Recipients (categories) of personal data

Public agencies that receive data owing to statutory regulations (e.g. social insurance agencies, tax authorities).

Internal units that are involved in executing the relevant business process (HR administration, bookkeeping, financial accounting, real estate brokering, marketing, sales, telecommunications and IT).

External parties(contractual partners) where this is necessary for contractual performance. External processors (service companies) in accordance with Art. 28 GDPR in order to perform the processing of data on our account. Furthermore, data are passed on to contractors for which you have given your consent.

Other external bodies such as banks (salary payments, supplier invoices), affiliate companies or other external bodies in order to perform the aforementioned purposes provided the data subject has given written consent. This is necessary for contract performance, or data transmission is permissible for some overriding legitimate interest.

Transfer to third countries

There is currently no transfer of data to third countries.

How long are my personal data stored? 

10 years - For documents covered by the German Commercial Code (HGB), Tax Code (AO), Income Tax Act (EStG), Corporate Tax Act (KStG), Trade Tax Act (GewStG), Sales Tax Act (UStG), Companies Act (AktG), Limited Liability Companies Act (GmbHG), Cooperative Societies Act (GenG)

6 years - For commercial and business correspondence and other records (German Commercial Code – HGB, German Civil Code – BGB)

4 years - For examination in accordance with § 35 Para. 2 No. 4 German Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG)

6 months - For unsolicited applications (e-mail), digital applications, general tenant’s voluntary declaration (in digital form)

3 months - Tenant’s voluntary declaration in paper form

The period of storage varies between 3 months and up to 30 years. The period of storage also results from statutory periods of limitation. As a general principle, data are processed and stored for as long as is necessary to maintain our business relationship. It should be noted that a business relationship is a long-term relationship that may last for years.

I have the following rights:

• Right to information
• Right of access and right to object
• Right to rectification, erasure and restriction
• Right to data portability

Right to information 

The following information will be disclosed on request:

• Name and contact details of the controller (where applicable also of its representative)
• Contact details of the data protection officer (if such exists)
• Purpose and legal basis for processing
• Legitimate interests (when processing is performed in accordance with Art. 6 GDPR)
• Recipients or categories of recipients
• Transmission to a third country or international organisation
• Duration of storage
• Right to information, rectification, erasure, restriction, objection and to data portability
• Right to withdraw consent
• Right to lodge a complaint with a supervisory authorityv
• Information as to whether the provision of data is legally or contractually stipulated or is required for the conclusion of a contract and possible consequences of a failure to provide the data
• Automated decision-making including profiling
• Information about a possible change in the purpose of data processing

Right of access and right to object

• Purposes of data processing
• Categories of data
• The recipients or categories of recipients
• Duration of storage
• Right to rectification, erasure and objection
• Right to complain to a supervisory authority
• Source of the data (if not collected from the data subject)
• Automated decision-making including profiling
• Transmission to a third country or international organisation

Right to rectification, erasure and restriction

The following data are erased in accordance with Art. 17 GDPR:

• When the storage of the data is no longer necessary
• When the data subject has withdrawn consent to data processing
• When the data have been unlawfully processed
• When there is a statutory obligation to erase the data under EU or national law

§ 35 German Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG neu) – right to erasure

The right of the data subject and the obligation of the controller to the erasure of personal data does not exist according to Art. 17 Para. 1 of Regulation (EU) 2016/679 supplemental to the exceptions listed in Art. 17 Para. 3 of Regulation (EU) 2016/679 if erasure in the case of non-automated data processing is not possible due to the special type of storage, or is only possible with disproportionate effort, and if the interest of the data subject in erasure is deemed to be slight. In this case, restriction of processing in accordance with Art. 18 of Regulation (EU) 2016/679 will supersede erasure. Clauses 1 and 2 do not apply if personal data were processed unlawfully.

The right to be forgotten does not apply:

• When freedom of expression or freedom of information takes precedence
• When data storage serves to meet a statutory obligation
• When public interest in the area of public health takes precedence
• When archiving or historical and research-related purposes oppose erasure
• When storage is necessary for the assertion, exercise of defence of legal claims

Please note: We can only comply with your request for erasure if no other statutory retention periods apply.

Withdrawal of consent

In accordance Art. 6 Sect. 1 Subsect. a or Art. 9 Sect. 2 Subsect a, every data subject has the right to withdraw partial or all consent that was given, e.g. for the purpose of contract performance, at any time and without personal detriment, without affecting the lawfulness of the processing performed based on consent prior to its withdrawal.

Withdrawal of consent should be sent in writing to:

Bauwerk Capital GmbH & Co.KG, Prinzregentenstrasse 22, 80538 Munich

Automated decision-making and profiling

No automated processes for decision-making as referred to in Art. 22 GDPR or other profiling measures as per Art. 4 Sect. 4 GDPR are used.

Right to data portability

Art. 20 GDPR grants the data subject the right to data portability. In accordance with this provision, the data subject has the right under the conditions of Art. 20 Subsect. a and b GDPR to receive the personal data concerning them and provided by them to the controller in a structured, commonly used and machine-readable format and to transmit these data to another controller without hindrance from the controller.

Right to complain to a supervisory authority

(Art. 13 Sect. 2 Subsect. d, Art. 77 Sect. 1 GDPR)

In accordance with Art. 13 Sect. 2 Subsect. d, Art. 77 Sect. 1 GDPR, every company (controller) must inform all data subjects that they have a comprehensive right to complain to the responsible supervisory authority of their country. This right to lodge a complaint can be exercised when data subjects believe that the processing, storage and use of their data on our part is unlawful. This right to lodge a complaint should be performed in a targeted manner in response to a specific case. The data subject should provide cogent and justified information with the complaint. We would discourage lodging a complaint with the authority without sound information and facts. It is therefore advisable to contact our data protection officer – Mr Reinhold Okon – and seek a corresponding dialogue before submitting the complaint. Furthermore, the complaint is to be lodged with a single supervisory authority (Recital 141 Clause 1 GDPR). This is intended to avoid duplicate complaints.

Our data protection officer will always be happy to answer any questions you may have.

Information to be provided where personal data have not been obtained from the data subject

(Art. 14 GDPR)

Data controller

Name and contact details of the controller:
Bauwerk Capital GmbH & Co.KG,
Prinzregentenstrasse 22, 80538 Munich,
Managing Directors: Christoph Lemp, Jürgen Schorn,
Registered office of the company: Munich, Munich Local Court, HRA 80602, HRB 144928,
E-mail: info@bauwerk.de
https://www.bauwerk.de

Name and contact details of the data protection officer:
Reinhold Okon
Data protection officer
Rosenstr. 1
85757 Karlsfeld
E-mail: info@dsb-okon.de
https://www.dsb-okon.de
 

Why do we process your data and on what legal basis is this done?

Purpose and legal basis for processing – Art. 14 GDPR

We process personal data in strict compliance and in accordance with the provisions of the GDPR and the German Federal Data Protection Act 2018 (Bundesdatenschutzgesetz, BDSG neu).

We process data for the purpose of performing and initiating transactions relating to a relationship with customers, prospects, contractual partners and service providers. (Art. 14 Sect 1 Subsect. c GDPR)

If our company is subject to a legal obligation making it necessary to process personal data such as meeting tax obligations, processing will be performed on the basis of Art. 6 Sect. 1 Subsect. c GDPR.

Performance of a contract

(Art. 6 Sect. 1 Subsect. b and c GDPR)

Personal data are processed primarily for the purpose of performing contracts or pre-contractual measures that have been concluded with you and for executing your orders.

Customer data: The collection, processing or use of personal data is carried out in order to fulfil the business purpose; also to initiate business contacts and to notify customers.

Personnel data: The collection, processing or use of our employees’ personal data is carried out in order to perform and process the relevant contract of employment.

Applicant data: The collection, processing or use of applicants’ personal data is carried out in order to initiate contracts of employment.

In accordance with Art. 6 Sect. 1 Subsect f GDPR, processing is permissible to pursue a legitimate interest on the part of the controller or third party provided this does not override the interests and fundamental rights and freedoms of the data subject. In accordance with Recital 47 Clause 2 GDPR, processing is permissible when a legitimate interest is to be assumed when the data subject receives performance (goods or services) from the controller, or has received such in the past.

Categories of data

(Art. 14 Sect. 1 Subsect. d GDPR)

The following categories of personal data are processed:
Data of customers, prospects, suppliers, employees

Who receives your data?

Recipients (categories) of personal data

Public agencies

• Internal units (affiliate companies, governed by a contract processing agreement)
• External parties
• Other external bodies
• Other bodies

Transfer to third countries

There is currently no transfer of data to third countries.

How long are my personal data stored?

10 years - For documents covered by the German Commercial Code (HGB), Tax Code (AO), Income Tax Act (EStG), Corporate Tax Act (KStG), Trade Tax Act (GewStG), Sales Tax Act (UStG), Companies Act (AktG), Limited Liability Companies Act (GmbHG), Cooperative Societies Act (GenG)

6 years - For commercial and business correspondence and other records (German Commercial Code – HGB, German Civil Code – BGB)

4 years - For examination in accordance with § 35 Para. 2 No. 4 German Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG)

6 months - For unsolicited applications (e-mail), digital applications, general tenant’s voluntary declaration (in digital form)

3 months - Tenant’s voluntary declaration in paper form

The period of storage varies between 3 months and up to 30 years. The period of storage also results from statutory periods of limitation. As a general principle, data are processed and stored for as long as is necessary to maintain our business relationship. It should be noted that a business relationship is a long-term relationship that may last for years.

I have the following rights:

• Right to information
• Right of access and right to object
• Right to rectification, erasure and restriction
• Right to data portability

Right to information

The following information will be disclosed on request:

• Name and contact details of the controller (where applicable also of its representative)
• Contact details of the data protection officer (if such exists)
• Purpose and legal basis for processing
• Legitimate interests (when processing is performed in accordance with Art. 6 GDPR)
• Recipients or categories of recipients
• Transmission to a third country or international organisation
• Duration of storage
• Right to information, rectification, erasure, restriction, objection and to data portability
• Right to withdraw consent
• Right to lodge a complaint with a supervisory authority
• Information as to whether the provision of data is legally or contractually stipulated or is required for the conclusion of a contract and possible consequences of a failure to provide the data
• Automated decision-making including profiling
• Information about a possible change in the purpose of data processing

Right of access and right to object

• Purposes of data processing
• Categories of data
• The recipients or categories of recipients
• Duration of storage
• Right to rectification, erasure and objection
• Right to complain to a supervisory authority
• Source of the data (if not collected from the data subject)
• Automated decision-making including profiling
• Transmission to a third country or international organisation

Right to rectification, erasure and restriction

The following data are erased in accordance with Art. 17 GDPR:

• When the storage of the data is no longer necessary
• When the data subject has withdrawn consent to data processing
• When the data have been unlawfully processed
• When there is a statutory obligation to erase the data under EU or national law

§ 35 German Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG neu) – right to erasure

The right of the data subject and the obligation of the controller to the erasure of personal data does not exist according to Art. 17 Para. 1 of Regulation (EU) 2016/679 supplemental to the exceptions listed in Art. 17 Para. 3 of Regulation (EU) 2016/679 if erasure in the case of non-automated data processing is not possible due to the special type of storage, or is only possible with disproportionate effort, and if the interest of the data subject in erasure is deemed to be slight. In this case, restriction of processing in accordance with Art. 18 of Regulation (EU) 2016/679 will supersede erasure. Clauses 1 and 2 do not apply if personal data were processed unlawfully.

The right to be forgotten does not apply:

• When freedom of expression or freedom of information takes precedence
• When data storage serves to meet a statutory obligation
• When public interest in the area of public health takes precedence
• When archiving or historical and research-related purposes oppose erasure
• When storage is necessary for the assertion, exercise of defence of legal claims

Please note: We can only comply with your request for erasure if no other statutory retention periods apply.

Withdrawal of consent

In accordance Art. 6 Sect. 1 Subsect. a or Art. 9 Sect. 2 Subsect a, every data subject has the right to withdraw partial or all consent that was given, e.g. for the purpose of contract performance, at any time and without personal detriment, without affecting the lawfulness of the processing performed based on consent prior to its withdrawal.

Withdrawal of consent should be sent in writing to:

Bauwerk Capital GmbH & Co.KG, Prinzregentenstrasse 22, 80538 Munich

Automated decision-making and profiling

No automated processes for decision-making as referred to in Art. 22 GDPR or other profiling measures as per Art. 4 Sect. 4 GDPR are used.

Right to data portability

Art. 20 GDPR grants the data subject the right to data portability. In accordance with this provision, the data subject has the right under the conditions of Art. 20 Subsect. a and b GDPR to receive the personal data concerning them and provided by them to the controller in a structured, commonly used and machine-readable format and to transmit these data to another controller without hindrance from the controller.

Right to complain to a supervisory authority

(Art. 13 Sect. 2 Subsect. d, Art. 77 Sect. 1 GDPR)

In accordance with Art. 13 Sect. 2 Subsect. d, Art. 77 Sect. 1 GDPR, every company (controller) must inform all data subjects that they have a comprehensive right to complain to the responsible supervisory authority of their country. This right to lodge a complaint can be exercised when data subjects believe that the processing, storage and use of their data on our part is unlawful. This right to lodge a complaint should be performed in a targeted manner in response to a specific case. The data subject should provide cogent and justified information with the complaint. We would discourage lodging a complaint with the authority without sound information and facts. It is therefore advisable to contact our data protection officer – Mr Reinhold Okon – and seek a corresponding dialogue before submitting the complaint. Furthermore, the complaint is to be lodged with a single supervisory authority (Recital 141 Clause 1 GDPR). This is intended to avoid duplicate complaints.

Our data protection officer will always be happy to answer any questions you may have.