You can adjust your cookie settings under the following link.

Cookie Settings

The information below will give you a rough overview of how your personal data will be processed when you visit the website of Quartillion (hereinafter “we” or “us”). In the following sections, we will brief you in accordance with Art. 13, EU General Data Protection Regulation (GDPR) and Art. 14, GDPR, about scenarios in which no data are directly collected. We will subsequently explain which data we process for what purpose, and tell you what your rights are in this context, among other things.

This data protection statement is intended for visitors of our website, prospects and applicants for our student apartments, but also for our incumbent tenants, among other people.

Our data protection statement is structured as follows:

1. General Information

1.1 Controller and Data Protection Officer

The controller within the meaning of Art. 4, No. 7, GDPR, is:

Trei Real Estate Köln GmbH
- Quartillion -
Klaus-Bungert-Straße 5b
D-40468 Düsseldorf
Phone: +49 (0) 211 54011-000
E-mail: info@treirealestate.com

For more details on the controller, please see the legal notice of this website.

If you have any questions regarding the subject of data protection, please get in touch with our external data protection officer:

Tengelmann Audit GmbH
- Datenschutzbeauftragter -
An der Pönt 45
D40885 Ratingen
E-mail: datenschutz@t-audit.de

1.2 General Information on the Legal Bases for Processing Personal Data

Personal data will only be processed to the extent necessary for a given purpose and/or subject to consent. Processing may principally proceed on the following legal bases, among others:

  • Art. 6, Sec. 1, Lit. a, GDPR (consent of the data subject)
  • Art. 6, Sec. 1, Lit. b, GDPR (fulfilment of a contractual relationship with the data subject, pre-contractual measures at the request of the data subject)
  • Art. 6, Sec. 1, Lit. c, GDPR (fulfilment of a legal obligation)
  • Art. 6, Sec. 1, Lit. d, GDPR (protection of vital interests of the data subject or of another natural person)
  • Art. 6, Sec. 1, Lit. e, GDPR (performance of a task in the public interest or while exercising official authority)
  • Art. 6, Sec. 1, Lit. f, GDPR (protection of a legitimate interest of the controller or of a third party, provided that the interests, fundamental rights and freedoms of the data subject, which require the protection of personal data, prevail)

If consent constitutes the legal basis for processing personal data, you can revoke your consent at any time without stating your reasons. Retracting your consent will principally be effective for the future only. This means that retracting your declaration of consent will not render prior processing impermissible that preceded our receipt of the revocation of your consent.

We are firmly committed to ensuring end-to-end protection of your personal data on this website. Despite all technical and organisational measures taken by us, security gaps can sadly never be ruled out completely during the electronic transmission of data via the Internet. That is why we always give you the option to submit your required data by phone or via postal letter.

2. Data Subject Rights

If we process your personal data in our role as controller, you have the following rights vis-à-vis us with regard to the processing of your personal data, which you may assert at any time:

Right to Information, Erasure and Correction

Within the scope of the applicable legal provisions, you have the right to free information (Art. 15, GDPR) about your processed personal data and other disclosures pursuant to Art. 15, Sec. 1, Lit. a through h, GDPR, at any time. In addition, you may be entitled to the rectification (Art. 16, GDPR) or erasure (Art. 17, GDPR) of these data. The right to erasure may be restricted in cases specified in Art. 17, Sec. 3, GDPR (e. g. whenever the data are required for asserting, exercising or defending legal claims).

Right to Restriction of Processing

You have the right to demand that the processing (Art. 18, GDPR) of your personal data be restricted (or blocked). The right to restriction of processing exists in the cases specified in Art. 18, Sec. 1, Lit. a through d, GDPR. Once the processing of your personal data has been restricted, such data may—apart from being stored—only be processed with your consent or else to assert, exercise or defend legal claims, or to protect the rights of another natural person or legal entity, or for reasons of material public interest of the European Union or one of its member state.

Right to Data Portability

You have the right to receive personal data concerning you in a standard machine-readable format, assuming that you have provided us with the data yourself, that we process these data via automated procedures and that the processing is based on your consent or the fulfilment of a contract with you (Art. 20, GDPR).

Right to Object to the Processing of Your Data

To the extent that personal data are processed (including profiling, where applicable) on the basis of legitimate interests (Art. 6, Sec. 1, Lit. f, GDPR), you have the right to object to the processing of your personal data at any time for reasons arising from your specific circumstances (Art. 21, GDPR). In that case, we will cease to process your personal data for said purposes unless our legitimate interests prevail or unless the processing serves the assertion, exercise or defence of legal claims. Collecting data in order to make the website available and storing log files is imperative for the operation of the website. Without prejudice to this fact, you may object to the processing of your personal data for purposes of direct marketing at any time without stating a reason.

Right to Revoke Your Consent

If consent constitutes the legal basis for processing your personal data, you may retract your consent at any time without stating your reasons (Art. 7, Sec. 3, GDPR). Retracting your consent will principally be effective for the future only. This means that the revocation of your consent will not affect the lawfulness of any processing carried out on the basis of your consent prior to its revocation.

Right to Lodge a Complaint with a Regulator

If you believe that the processing of your personal data violates data protection law, you have the right to lodge a complaint with a regulator, specifically in the member state of your habitual residence, place of work or place of the alleged violation (Art. 77, GDPR). The right to lodge a complaint exists without prejudice to any other administrative or judicial remedy.

To assert your rights against us, please use the contact details above to get in touch with the controller.

Transfer to Third Countries or International Organisations

Unless stated otherwise in the following sections (on this subject, please see e. g. “Data Processing when Visiting Our Website Visits & Cookies,” below), there is no intention to transfer personal data to third countries or to international organisations.

3. Data Processing when Visiting our Website & Cookies

Whenever you visit our website, information may be stored (e. g. in the form of cookies) in your terminal equipment while information previously stored may be accessed (e. g. IP address). In cases where such technical processes become necessary to ensure an error-free and secure provision of services on our homepage, this is done on the basis of Art. 25, Sec. 2, No. 2, Telecommunication Digital Services Data Protection Act (TDDDG). In all other cases, it is done on the basis of your consent pursuant to Art. 25, Sec. 1, TDDDG (which we obtain from you at the same time we obtain your consent pursuant to Art. 6, Sec. 1, Lit. a, GDPR). The subsequent processing of personal data in any kind of procedure is governed by the relevant data protection law requirements (particularly those arising from the GDPR and the German Data Protection Act, BDSG):

When visiting the Quartillion homepage purely for information purposes, meaning whenever you are not signed in or transmit information to us in some other way, your Internet browser will, for technically required purposes, automatically transmit data to our web server as you access our website. Such data includes the date and time of your access, the URL of the referring website, the file accessed, the quantity of data sent, your browser type and version, your operating system and your IP address.

The purposes of processing the aforementioned personal data are to deliver the website to your computer/browser, to ensure the proper functioning of the website and to optimise it for the respective user, and also to ensure the safety of our information technology systems. In fact, it would be technically impossible to make our homepage available to you without such data processing. These purposes also constitute our legitimate interest in the processing of personal data pursuant to Art. 6, Sec. 1, Lit. f, GDPR. This standard serves simultaneously as legal basis for the data processing. The data are stored in so-called log files on our servers, and will be deleted as soon as they have served their purposes and unless the deletion is prevented by legal requirements. In the case of data stored in log files, this tends to happen after seven days at the latest.

So-called cookies may also be used when you visit our website. A cookie is information that a web server sends to a browser, which the browser in turn sends back when it accesses the same web server later on (this is known as a “browser cookie” or “session cookie”). Cookies make it possible to save information between web page requests, and allow a website server to recognise a given visitor’s browser and thus the visitor him- or herself or to remain recognised through the end of a session, in order to make the offer of our homepage technically flawless and user-friendly for visitors. These purposes also constitute our legitimate interest in the processing of your data pursuant to Art. 6, Sec. 1, Lit. f, GDPR.

Most of the cookies used by our website are so-called “session cookies.” They are automatically deleted at the end of your visit. These data, too, are stored separately from other data that you enter while using our website. There is no way for us to associate these data with any specific person.

In addition, our website uses optional cookies of the service providers detailed below, and these cookies are placed only if you consent to them pursuant to Art. 6, Sec. 1, Lit. a, GDPR.

When seeking your consent to the storage of certain cookies on your endpoint or to the use of certain technologies and to document this in a data-protection-compliant manner, we use the “Cookiebot” consent management tool. This technology is provided by Usercentrics A/S based in Copenhagen, Denmark.

The activities of obtaining your consent and the associated setting of cookies as well as the processing of the corresponding personal data are all necessary to fulfil the legal obligation which we are subject to (Art. 6, Sec. 1, Sent. 1, Lit. c, GDPR). It cannot be guaranteed that the website is fully functional in a legally permissible manner without this kind of data processing. To ensure its proper functionality, the following personal data may be processed: Your IP address, consent status and values (date and time of consent, consent ID), geolocation, language, referrer URL.

Your selection will be stored for two months, after which the consent banner will automatically re-open, prompting you to renew your consent.

You can change or decline your consent at any time by clicking the following link.

3.1 Use of Google Analytics

This website uses Google Analytics, a web analysis service provided by Google LLC, California, USA, if you consented to its use. For users inside the European Union (EU)/the European Economic Area (EEA), data processing is carried out by Google Ireland Limited, Ireland (“Google”).

Google Analytics uses cookies that permit analysing your use of our website. The information generated by the cookies about your use of this website will usually be transmitted to and stored by Google on servers in the United States.

In the case of Google Analytics, the anonymisation of IP addresses is enabled by default. IP anonymisation will cause your IP address to be truncated by Google within member states of the EU or in other EEA treaty states. Only in exceptional cases will your full IP address be transmitted to a Google server in the United States and truncated there.

During your visit to this website, your user behaviour will be recorded in the form of “events.” Events can mean, inter alia:

  • page views
  • first-time visit of the website
  • start of session
  • your click trail, interaction with the website
  • scrolls
  • clicks on third-party links
  • internal web search queries
  • interaction with videos
  • file downloads
  • viewed / clicked ads
  • language setting.

The following will also be recorded:

  • your approximate location (region)
  • your IP address (in truncated form)
  • technical details about your browser and the endpoint you use (e. g. language setting, screen resolution)
  • your Internet provider
  • the referrer URL (the website from which you visit us or the advert you place with us).

On behalf of us, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for us and providing other services relating to website activity and Internet usage. We use the reports that Google Analytics provides to analyse the performance of our website and the success of our marketing campaigns.

The data are passed on within the Google group of companies, so that data processing by Google LLC is essentially carried out in the United States.

Please note that, under current data protection legislation, the United States are rated as a so-called third country where statutory data protection regulations apply that deviate from those enforced in the European Union, and that the legally required level of data protection may therefore be lower than that of the European Union. However, the United States are subject to the adequacy decision by the European Commission regarding the EU-US Data Privacy Framework only if a given company has been certified accordingly. The US parent company of Google has been certified along these lines. In cases where data are processed outside the EU/EEA and the level of data protection falls short of the European standard, Google also applies EU standard contractual clauses in order to establish an appropriate level of data protection.

The data sent by us and linked to cookies are automatically deleted after two months. The data whose retention period has expired are automatically deleted once a month.

Legal basis for the processing of personal data as outlined is your consent pursuant to Art. 6, Sec. 1, Lit. a, GDPR.

You may retract your granted consent with effect for the future at any time by visiting your cookie settings as discussed above in this Policy, and by changing your selection there. Doing so will not affect the legitimacy of any processing done with your consent up to the time of your revocation. Aside from withholding your consent, you may also prevent the storage of cookies in general by adjusting your browser settings accordingly. However, configuring your browser to reject all cookies may limit the functionality of this and other websites for you.

For more information on the terms of use of Google Analytics and on Google’s data protection policy, click the following third-party links:

marketingplatform.google.com/about/analytics/terms/en/ und policies.google.com.

3.2 Use of Google Maps

This website uses the Google Maps service. It is provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The service enables us to display interactive maps directly on our website and lets you use the map function at your convenience. It is integrated into our website via a Java Script API. When using Google Maps, other Google services, such as e. g. Google Fonts, may be activated, which Google uses to optimise the way its map service is displayed and functions.

Use of Google Maps, and thus the processing of personal data by Google Maps, is not possible unless you have consented to it through the cookie settings on this page (“Marketing” category). Legal basis for the data processing is therefore your consent pursuant to Art. 6, Sec. 1, Lit. a, GDPR. You may retract your consent with effect to the future via the same cookie settings at any time.

As a result of using Google Maps, Google will receive information that the corresponding (sub)page of our website was called up while also receiving the associated IP address. This will happen regardless of whether Google provides a user account through which you are logged in or whether no such user account exists. If you are signed into a Google service, your data will (probably) be directly associated with your account. If you do not wish to be associated with your profile on Google, you should log out of your Google account before clicking the button. Google stores the data collected about you in the form of a user profile and uses it for advertising purposes, market research and/or the need-based design of its websites. The purpose of such an analysis is specifically to generate customised advertising (even for users not logged in). You have the right to object to the creation of such a user profile, but you will have to contact Google directly to exercise that right.

The aforesaid personal data will be transferred to the United States during the use of Google Maps. Please note that, under current data protection legislation, the United States are rated as a so-called third country where statutory data protection regulations apply that deviate from those enforced in the European Union, and that the legally required level of data protection may therefore be lower than that of the European Union. However, the United States are subject to the adequacy decision by the European Commission regarding the EU-US Data Privacy Framework only if a given company has been certified accordingly. The US parent company of Google has been certified along these lines. In cases where data are processed outside the EU/EEA and the level of data protection falls short of the European standard, Google also applies EU standard contractual clauses in order to establish an appropriate level of data protection.

For more information on the purpose and scope of the collection of data and their processing by the provider of Google Maps, please see the provider’s data protection statements. If you do, Google will also provide more details about your rights and privacy settings (third-party link): www.google.com/policies/privacy.

4. Prospects / Applicants / Tenants

In addition to the general and basic information provided above, the sections below will brief you on the processing of personal data within the framework of expressing your interest in, or submitting your application for, an apartment.

4.2 Applicant / Viewing Appointment

Whenever you contact us as an interested party (booking a viewing appointment), your data will be saved and used for processing purposes so as to enable us to arrange a viewing appointment for you or to contact you. To this end, we will only collect such data from you that are indispensable for processing your query.

The legal basis for processing the required data is Art. 6, Sec. 1, Lit. b, GDPR (pre-contractual measure relating to the lease agreement) as well as our legitimate interest in accordance with Art. 6, Sec. 1, Lit. f, GDPR, to contact you and to coordinate viewing appointments in an efficient manner. Any additional disclosures over and above these data will be made at your discretion which we did not explicitly request.

In the context of appointment requests, we use the so-called “double-opt-in” process. Once you have filled in the input masks, you will receive an e-mail from us, asking you to click a link in order to confirm your e-mail address. Our staff will not receive your data for processing unless you click the link first. If you fail to click our confirmation link within a 7-day period, all your entries will be deleted and the request will not be processed.

4.3 Applicants for a Tenancy

If you wish to submit a concrete application for a lease in a specific apartment complex (the “Applicant” button), you will necessarily have to provide certain personal data to enable us to process your tenancy request. Such data include general information about your person and your contact details, e. g. name, address or e-mail address. In order to process your concrete tenancy request, we will need additional details, which you may submit via a self-disclosure form, plus the relevant documents to substantiate your disclosures. You have the option to upload the documents or to send them in via postal letter.

We will process your data for the purpose of handling your request and signing a lease with you. We also need your data for the purposes of running a credit check on you and to review the local conditions to ensure they are adequate for the intended use.

The legal basis for processing your data for the above purposes is the execution of the lease agreement or pre-contractual measures in accordance with Art. 6, Sec. 1, Lit. b, GDPR, as well as our legitimate interest in accordance with Art. 6, Sec. 1, Lit. f, GDPR, to reduce the risk of payment defaults by tenants through a qualified selection of applicants and to ensure the optimal use of the apartment. Any additional disclosures over and above these data will be made at your discretion.

In the context of your application, we use the so-called “double-opt-in procedure” unless your e-mail address was previously verified already. Once you have filled in the input masks, you will receive an e-mail from us, asking you to confirm your e-mail address by clicking a link. Your data will not be transmitted to us for processing until you click the link. If you fail to click our confirmation link within a 7-day period, all your entries will be deleted and the request will not be processed. You will subsequently be given the opportunity to create a user account. Having your own account will enable you to process the uploaded data autonomously or inversely to delete all records as well as the account itself.

Just before the start of your lease term, at the latest, you will need to verify your data by presenting a government-issued photo ID.

4.4 Portal for Prospects / Applicants

Once your appointment request or application has been given an active status, you can request access to the user portal. Signing up for the portal is not required for the processing of your request. Yet if you decide to use the functionalities of our portal to carry out the pre-contractual measures (on the legal basis of Art. 6, Sec. 1, Lit. b, GDPR), having signed up will enable you to process the uploaded documents or the viewing appointment on your own, and to delete all documents and even to close your account.

Your consent pursuant to Art. 6, Sec. 1, Sent. 1, Lit. a, GDPR, serves as legal basis for the creation of your account in the user portal. You may revoke your consent at any time with effect for the future by closing your account in the portal.

4.5. Data Protection Information for (Sub-)Tenants

The data protection information currently applicable to tenancies (including tenant online portal and sub-tenants) can be retrieved here: Data Protection Information for (Sub-)Tenants and the Tenant Portal

5. Contact Form

When contacting us (using the contact form), your data will be stored and used for the purpose of processing your request. Your disclosures in the designated required fields are necessary for processing your request (including first and last name, e-mail address, request, your note to us), while additional disclosures are made at your discretion. Your data will be stored for as long as it takes to process your request and will be deleted after having served this purpose, subject to statutory retention periods that may apply.

If you contact us for the purpose of initiating the heads of terms or of signing a contract, the lawful basis for such processing is Art. 6, Sec. 1, Lit. b, GDPR. On top of that, Art. 6, Sec. 1, Lit. f, GDPR, also qualifies as legal basis:

The personal data entered by you will exclusively be used to contact you and to adequately process your request, as the case may be. This means we do have the legitimate interest that is required for processing.

6. Disclosure to Any Third Party

Your data may be processed by associated companies as well as by third-party service providers in the context of your visit of these Internet pages and in the context of showing an interest in, or applying for, a tenancy. Relevant entities in this context include, for example, IT service providers, property managers (in particular Savills Property Management Deutschland GmbH) or other service companies. In data protection terms, third parties may count either as commissioned data processor pursuant to Art. 4, No. 8, GDPR, or as controller pursuant to Art. 4, No. 7, GDPR. The selection and use of third-party service providers is carried out in consideration of internal minimum data protection standards and the relevant legal requirements (e. g. the conclusion of applicable contracts pursuant to Art. 28, GDPR, for commissioned data processors).

7. Data Protection when Using the myRENZbox Parcel Locker System

The following sections provide supplementary data protection information in case you opted for the use of the myRENZbox parcel locker system (PKA) at the Quartillion.

The general disclosures, e. g. concerning the controller, the right to lodge a complaint with the competent supervisory authority and with the data protection officer, remain in effect in this context.

The parcel locker system lets you receive parcels even when you are not home. To take advantage of the option, you will have to sign a user agreement with us as the system’s operator. Creating an account in the online management portal of the parcel locker system will require the entry of your first and last name and of your e-mail address. During subsequent steps, you will have to disclose your data (plus your mobile phone number) to parcel service providers and grant drop-off permissions.

Some of the processing of your personal data will be done by commissioned data processors within the meaning of Art. 4, No. 8, GDPR. We employ primarily the following partners as commissioned data processors:

Erwin Renz Metallwarenfabrik GmbH & Co KG (hereinafter “RENZ”), based in Kirchberg / Murr Renz Service GmbH (hereinafter “RENZ Service”), Savills Property Management Deutschland GmbH (hereinafter “Savills”).

The online management portal of the parcel locker system is made available by RENZ. Within the scope of these activities, RENZ processes—unless specified otherwise below—personal data as commissioned by, and for the purposes of, Trei Real Estate GmbH – Quartillion to permit the use of the parcel locker system.

1) Which Data are Processed?

a) User Account in the myRENZ Portal

Use of the parcel locker system requires a user account in the myRENZ portal.

To create the account in the user administration, your first and last name as well as your e-mail address will be required. Once your data have been submitted, you will receive your access data for the myRENZ portal. Following your first sign-in with your log-in name and password, you will be asked to accept the user agreement with Trei Real Estate GmbH – Quartillion as the system operator.

You can change your password in the myRENZ portal in the “access data” tab. In the same tab, you will have to enter your landline number or alternatively your mobile phone number, which will be used, e. g., for text messages. You may also review the user agreement and the data protection statement of RENZ or RENZ Service here.

Required fields in the “user data” tab include the boxes “first name,” “last name,” “address,” “e-mail address” and “landline number” (or “mobile number”). Optional fields include, e. g., “salutation” or “comfort zone” (parcel lockers on a handicap-accessible level), and you may delete data of this type at your discretion any time.

To receive parcels via DHL and Parcellock (dpd, gls and Hermes) you need to have a user account with these providers and grant drop-off permissions to them. The “Logistics” tab is used to integrate parcel service providers. Here, your residential data, assuming you entered them, will be transmitted to the logistics service provider when you enable the process and will be deleted if you disable it again.

Go to the “history” tab to view your entire history of deliveries or collections. This tab will process information about the parcel service provider and the access procedures for each parcel locker. Such information includes particularly the date and time of access, the time spent accessing the locker, and the access authorisation used.

b) Processing Steps for Administrative Purposes

The mentioned data will be processed for the (remote) management of the parcel lockers system, to issue access authorisations to users and to suspend them, to monitor state and functionality of the system, to assign mail boxes, digital name tags for the myRENZbox and your digital bell as resident, for service notifications, as well as to enable and disable logistics processes.

c) Anonymised User Statistics

In order to retain the ability to adapt the services to user needs in the future, and in order to ensure the trouble-free use of the parcel locker system, user statistics may be collected in anonymised form.

This includes statistics on incoming / outgoing deliveries by date / time, total occupancy of parcel lockers of each size by service provider, and total occupancy of parcel lockers of each size.

d) Communication with RENZ and/or RENZ Service

Moreover, RENZ or RENZ Service, respectively, processes personal data that are made available in the event that personal communication (e. g. via e-mail, fax or the online form available for this purpose) with RENZ or RENZ Service occurs via the stated contact options, again for the purpose of processing the submitted request. Controller for these data is RENZ or RENZ Service, as the case may be.

2) Purpose and Lawful Basis for the Data Collection

Your data will be processed exclusively in connection with the use and profitable operation of the parcel locker system.

The lawful basis for processing your data is the execution of the agreement or of pre-contractual measures (Art. 6, Sec. 1, Lit. b, GDPR), as well as the consent optionally granted for some of the data in the administrative portal and there in the “user data” tab (Art. 6, Sec. 1, Lit. a, GDPR), which consent may be revoked with effect for the future at any time by deleting such data.

In conjunction with the processing under item c), No. 1), above, which is done by us on our orders, it is our legitimate interest to ensure a smooth operation or use of the parcel locker system and to be able to check the cost effectiveness of providing the parcel locker system (the legal basis for this being Art. 6, Sec. 1, Sent. 1, Lit. f, GDPR). In addition, the efficient and cost-effective management and operation of the parcel locker system also constitutes a legitimate interest for any kind of personal data processing (including by companies associated with the operator) in the context of the parcel locker system.

3) Who will Have Access to Your Data?

Your personal data may be transmitted to the following recipients:

  • Employees of the operator as well as companies associated with the operator and their employees
  • Employees of Savills
  • Employees of RENZ and/or RENZ Service
  • Logistics service providers and their employees
  • Service providers, software development, help desk (commissioned data processing)

There is no intention to transfer your data to recipients in countries outside the European Union or the Treaty on the European Economic Area where the level of data protection cannot simply be assumed to be comparable with that of the European Union.

4) Retention Periods

Your data will be deleted 14 days after the termination of your user agreement or your revocation of the agreement, provided that doing so does not conflict with any statutory retention periods and / or a longer retention period is necessary to meet statutes of limitation.

The user agreement begins with your consent and for an indefinite period. The user agreement will automatically end together with the termination of your tenancy. It can also be terminated by either party during the tenancy at the end of each month, subject to a two-week notice period.

5) Requirement of Providing Your Personal Data

You are neither legally nor contractually obliged to provide your personal data. However, if you fail to disclose the relevant personal data, it may be impossible to provide the available services of the parcel locker system and of the portal or to provide them in time, or we reserve the right to deny you the use of this service. As a result, you may not be able to use the parcel locker system to dispatch or claim any parcels.

6) Your Rights Regarding Stored Data

If you wish to exercise your data subject rights, which are detailed in the general section of this Data Protection Agreement under “Data Subject Rights,” above, with respect to the parcel locker system, please use the contact details listed above to get in touch with the controller.

8. Other Disclosures

8.1. Obligation to Provide Personal Data

An obligation to provide personal data may arise from contracts already, or yet to be, concluded insofar as doing so is necessary for the contract’s conclusion or performance. Legal obligations may also prompt the collection and/or processing of personal data. While the submission of personal data is voluntary in principle, please note that, depending on a given case, we may not be able to perform/provide certain measures/services if the relevant data have not been submitted.

8.2. Our Principles for the Data Retention Period and Deletion of Personal Data

We will store your personal data for as long as, and to the extent, necessary for the processing purposes, unless you successfully exercised your lawful right of revocation or objection. For example, to conclude a lease agreement, the contract data will be required for the entire duration of the tenancy and will therefore be retained. Once we no longer need your personal data for processing, we will retain them only for as long as you have the right to assert claims (the statutory limitation period normally being three years). In addition, we will retain your personal data for as long as, and to the extent that, we are legally obligated to do so. The relevant obligations are specified in the German Commercial Code (HGB), the Fiscal Code of Germany (AO) and the German Money Laundering Act (GwG). The statutory retention obligations normally specify a ten-year period. Whenever personal data not subject to statutory retention periods are stored within the scope of business origination, we will subject such data to periodic reviews in regard to our internal deletion rules.

8.3. Automated Decision-Making

This website uses no automated decision-making or profiling within the meaning of Art. 22, GDPR.

8.4. Reservation of Right of Modification

Trei Real Estate GmbH, as operator of the website, reserves the right to change security and data protection measures whenever doing so becomes necessary, for instance in response to technological advances. In such cases, we will also adapt our notes on data protection accordingly. Adapting our Data Protection Statement could also be necessitated by changes to our services or by legal developments. Please be sure therefore to take note of the latest version of our Data Protection Statement as amended.

Status March 2024