Data Security
Name and Address
Predium Technology GmbH
Lerchenfeldstraße 30
80538 München
Deutschland
Lerchenfeldstraße 30
80538 München
Deutschland
Introduction
General Information
The following section provides information on the processing of personal data
- our Website https://predium.de
- our Profile in Social Media
Personal data refers to any information that can be related to a specific natural person, such as their name or IP address.
Contact Data
Controller pursuant to Art. 4(7) of the EU General Data Protection Regulation (GDPR) is:Predium Technology GmbH
Lerchenfeldstraße 30
80538 Munich, Germany
Email: info@predium.deWe are legally represented by Jens Thumm, Mohamed Ali Razouane, and Maximilian Körner.Our Data Protection Officer can be contacted via:
heyData GmbH
Schützenstraße 5
10117 Berlin
www.heydata.eu
Email: datenschutz@heydata.eu
Lerchenfeldstraße 30
80538 Munich, Germany
Email: info@predium.deWe are legally represented by Jens Thumm, Mohamed Ali Razouane, and Maximilian Körner.Our Data Protection Officer can be contacted via:
heyData GmbH
Schützenstraße 5
10117 Berlin
www.heydata.eu
Email: datenschutz@heydata.eu
Scope of Data Processing, Purposes of Processing, and Legal Basis
We outline the scope of data processing, its purposes, and the legal bases in detail below. As a general rule, the following legal bases may apply to data processing:
- Art. 6 Abs. 1 S. 1 lit. a GDPR serves as the legal basis for processing operations for which we obtain consent.
- Art. 6 Abs. 1 S. 1 lit. b GDPR is the legal basis where the processing of personal data is necessary for the performance of a contract—for example, when a website visitor purchases a product from us or we provide a service on their behalf. This legal basis also applies to processing operations required for pre-contractual measures, such as inquiries about our products or services.
- Art. 6 Abs. 1 S. 1 lit. c GDPR applies when the processing of personal data is necessary for compliance with a legal obligation—for example, obligations under tax law.
- Art. 6 Abs. 1 S. 1 lit. f GDPR serves as the legal basis when we rely on legitimate interests for the processing of personal data—for example, cookies that are necessary for the technical operation of our website.
Data Processing Outside the EEA
(EEA = European Economic Area)
If we transfer data to service providers or other third parties outside the EEA, the security of such transfers is ensured—where applicable—by adequacy decisions of the European Commission pursuant to Art. 45(3) GDPR. Such decisions currently exist, for example, for the United Kingdom, Canada, and Israel.
When data is transferred to service providers in the United States, the legal basis is also an adequacy decision by the European Commission, provided the service provider is additionally certified under the EU-U.S. Data Privacy Framework.In other cases—where no adequacy decision exists—the legal basis for data transfers is typically (unless otherwise stated) the use of Standard Contractual Clauses (SCCs). These are a set of contractual terms adopted by the European Commission and form part of our agreement with the respective third party.
Under Art. 46(2)(b) GDPR, they provide appropriate safeguards for the transfer of personal data.Many providers have also agreed to additional contractual safeguards that go beyond the SCCs—such as data encryption commitments or a requirement to notify data subjects if law enforcement authorities request access to personal data.
When data is transferred to service providers in the United States, the legal basis is also an adequacy decision by the European Commission, provided the service provider is additionally certified under the EU-U.S. Data Privacy Framework.In other cases—where no adequacy decision exists—the legal basis for data transfers is typically (unless otherwise stated) the use of Standard Contractual Clauses (SCCs). These are a set of contractual terms adopted by the European Commission and form part of our agreement with the respective third party.
Under Art. 46(2)(b) GDPR, they provide appropriate safeguards for the transfer of personal data.Many providers have also agreed to additional contractual safeguards that go beyond the SCCs—such as data encryption commitments or a requirement to notify data subjects if law enforcement authorities request access to personal data.
Storage Duration
Unless expressly stated otherwise in this privacy policy, we delete stored data as soon as it is no longer required for its intended purpose and there are no legal retention obligations preventing its deletion.If data is not deleted because it is required for other legally permissible purposes, its processing will be restricted. In this case, the data will be blocked and not processed for any other purpose.This applies, for example, to data that must be retained for commercial or tax law reasons.
Data Subject Rights
Data subjects have the following rights with respect to their personal data processed by us:
- Right of access
- Right to rectification or erasure
- Right to restriction of processing
- Right to object to processing
- Right to data portability
- Right to withdraw consent at any time
Data subjects also have the right to lodge a complaint with a data protection supervisory authority regarding the processing of their personal data.Contact details for the supervisory authorities can be found at:https://www.bfdi.bund.de/DE/Service/Anschriften/Laender/Laender-node.html
Obligation to Provide Data
Customers, prospective clients, or third parties are only required to provide us with the personal data that is necessary for establishing, performing, or terminating a business relationship or any other relationship, or that we are legally obliged to collect. Without this data, we will generally be unable to conclude a contract, provide a service, or continue an existing contractual or other relationship.
Mandatory fields are clearly marked as such.
No Automated Individual Decision-Making
As a general rule, we do not use fully automated decision-making processes pursuant to Article 22 GDPR for establishing or carrying out a business or other relationship.Should we apply such procedures in individual cases, we will inform you separately where required by law.
Contacting Us
When you contact us—for example, by email or phone—we store the data you provide (such as your name and email address) in order to respond to your inquiry. The legal basis for this processing is our legitimate interest in responding to inquiries directed to us (Art. 6(1)(f) GDPR).We delete the data collected in this context once it is no longer necessary for storage, or we restrict processing if statutory retention obligations apply.
Customer Surveys
From time to time, we conduct customer surveys to better understand our customers and their needs. In doing so, we collect the data requested in each survey.It is in our legitimate interest to gain insights into our customers’ preferences; therefore, the legal basis for the associated data processing is Art. 6(1)(f) GDPR.We delete the data once the survey results have been evaluated.
Data Processing on Our Website
Notice for Website Visitors from Germany
Our website stores information on the end device of website visitors (e.g. cookies) or accesses information already stored on the end device (e.g. IP addresses).
Details on the specific types of information involved can be found in the following sections.This storage and access is carried out on the basis of the following legal provisions:
Details on the specific types of information involved can be found in the following sections.This storage and access is carried out on the basis of the following legal provisions:
- Where such storage or access is strictly necessary to provide a service on our website expressly requested by the visitor (e.g. for operating a chatbot used by the visitor or to ensure IT security on our website), it is based on Section 25 (2) No. 2 of the German Telecommunications Digital Services Data Protection Act (TDDDG).
- In all other cases, such storage or access is based on the consent of the website visitor (Section 25 (1) TDDDG).
Subsequent data processing is carried out in accordance with the following sections and based on the provisions of the General Data Protection Regulation (GDPR).
Informational Use of the Website
When using the website purely for informational purposes—i.e., when visitors do not otherwise submit information—we collect only the personal data that the browser transmits to our server in order to ensure the stability and security of our website.This constitutes a legitimate interest, and the legal basis for this processing is Art. 6(1)(f) GDPR.
The data collected includes:
The data collected includes:
- IP-address
- Date and time of the request
- Time zone difference from Greenwich Mean Time (GMT)
- Content of the request (specific page
- Access status / HTTP status code
- Amount of data transferred in each case
- Website from which the request originates (referrer)
- Browser
- Operating system and its interface
- Language and version of the browser software
This data is also stored in log files. It is deleted once storage is no longer necessary, and at the latest, after 14 days.
Web Hosting and Website Provision
Our website is hosted by Webflow. The provider is Webflow, Inc., 398 11th St., Floor 2, San Francisco, CA 94103, USA. The provider processes personal data transmitted via the website—such as content, usage, metadata/communication data, or contact details—in the United States.
Further information can be found in the provider’s privacy policy:
https://webflow.com/legal/eu-privacy-policyIt is in our legitimate interest to provide a functional website; therefore, the legal basis for the described data processing is Art. 6(1)(f) GDPR.The legal basis for the transfer of data to a country outside the EEA is the use of Standard Contractual Clauses. The security of data transferred to a third country (i.e. outside the EEA) is ensured by Standard Data Protection Clauses issued in accordance with the review procedure under Art. 93(2) GDPR (Art. 46(2)(c) GDPR), which we have agreed with the provider.We also use Webflow’s Content Delivery Network (CDN) for our website. The provider, again Webflow, Inc., processes personal data transmitted via the website—such as content, usage, metadata/communication data, or contact details—in the USA.
Details can be found in their privacy policy:
https://webflow.com/legal/eu-privacy-policyWe have a legitimate interest in ensuring sufficient storage and delivery capacity to maintain optimal data throughput, even during peak traffic. Therefore, the legal basis for this data processing is also Art. 6(1)(f) GDPR.As with hosting, the legal basis for transfers outside the EEA is the use of Standard Contractual Clauses, which ensure an adequate level of protection for the transferred data under Art. 46(2) ( c) GDPR.
Further information can be found in the provider’s privacy policy:
https://webflow.com/legal/eu-privacy-policyIt is in our legitimate interest to provide a functional website; therefore, the legal basis for the described data processing is Art. 6(1)(f) GDPR.The legal basis for the transfer of data to a country outside the EEA is the use of Standard Contractual Clauses. The security of data transferred to a third country (i.e. outside the EEA) is ensured by Standard Data Protection Clauses issued in accordance with the review procedure under Art. 93(2) GDPR (Art. 46(2)(c) GDPR), which we have agreed with the provider.We also use Webflow’s Content Delivery Network (CDN) for our website. The provider, again Webflow, Inc., processes personal data transmitted via the website—such as content, usage, metadata/communication data, or contact details—in the USA.
Details can be found in their privacy policy:
https://webflow.com/legal/eu-privacy-policyWe have a legitimate interest in ensuring sufficient storage and delivery capacity to maintain optimal data throughput, even during peak traffic. Therefore, the legal basis for this data processing is also Art. 6(1)(f) GDPR.As with hosting, the legal basis for transfers outside the EEA is the use of Standard Contractual Clauses, which ensure an adequate level of protection for the transferred data under Art. 46(2) ( c) GDPR.
Contact Form
When you contact us via the contact form on our website, we store the data entered into the form as well as the content of your message. The legal basis for this processing is our legitimate interest in responding to inquiries directed to us, pursuant to Art. 6(1)(f) GDPR.We delete the data once storage is no longer necessary or restrict processing if statutory retention obligations apply.
Job Postings
We publish job openings on our website, on affiliated pages, or on third-party platforms.
The processing of personal data provided in applications is carried out for the purpose of conducting the application process. Where the data is necessary for our decision on establishing an employment relationship, the legal basis is Art. 88(1) GDPR in conjunction with § 26(1) BDSG.
Required data for the application process is marked as such or explicitly indicated. If applicants do not provide this data, we will be unable to process the application. All other data is voluntary and not required for the application process. If applicants provide additional information, the processing is based on their consent (Art. 6(1)(a) GDPR).We kindly ask applicants not to include information about political opinions, religious beliefs, or other sensitive personal data in their CVs or cover letters.
This information is not required for the application process. If such data is nevertheless provided, we cannot prevent its processing as part of the submitted documents. In this case, the processing is also based on the applicant's consent (Art. 9(2)(a) GDPR).If applicants have consented to having their data considered for future recruitment processes, the legal basis for this is also Art. 6(1)(a) GDPR.Applicant data is shared with the responsible HR staff, our recruiting processors, and other relevant personnel involved in the application process.
If an employment relationship is established following the application process, we retain the data until the end of that employment. Otherwise, we delete the data no later than six months after rejection.
If the applicant has given consent to be considered for future job openings, we delete the data one year after receipt of the application.
The processing of personal data provided in applications is carried out for the purpose of conducting the application process. Where the data is necessary for our decision on establishing an employment relationship, the legal basis is Art. 88(1) GDPR in conjunction with § 26(1) BDSG.
Required data for the application process is marked as such or explicitly indicated. If applicants do not provide this data, we will be unable to process the application. All other data is voluntary and not required for the application process. If applicants provide additional information, the processing is based on their consent (Art. 6(1)(a) GDPR).We kindly ask applicants not to include information about political opinions, religious beliefs, or other sensitive personal data in their CVs or cover letters.
This information is not required for the application process. If such data is nevertheless provided, we cannot prevent its processing as part of the submitted documents. In this case, the processing is also based on the applicant's consent (Art. 9(2)(a) GDPR).If applicants have consented to having their data considered for future recruitment processes, the legal basis for this is also Art. 6(1)(a) GDPR.Applicant data is shared with the responsible HR staff, our recruiting processors, and other relevant personnel involved in the application process.
If an employment relationship is established following the application process, we retain the data until the end of that employment. Otherwise, we delete the data no later than six months after rejection.
If the applicant has given consent to be considered for future job openings, we delete the data one year after receipt of the application.
Appointment Booking
Visitors to our website can book appointments with us. In doing so, we process the data entered as well as related metadata or communication data.We have a legitimate interest in offering a user-friendly way for interested parties to schedule appointments. Therefore, the legal basis for processing is Art. 6(1)(f) GDPR.If we use a third-party tool for appointment scheduling, you can find further details under the “Third-Party Providers” section.
Log-In-Section
We provide a login area for our customers. In this context, we process data on the basis of the data processing agreement concluded with the customer.
Technically Necessary Cookies
Our website uses cookies. Cookies are small text files stored in the web browser on the user’s end device. They help make our services more user-friendly, efficient, and secure.Where these cookies are essential for the operation of our website or its core functions (hereinafter referred to as “technically necessary cookies”), the legal basis for the associated data processing is Art. 6(1)(f) GDPR.
We have a legitimate interest in providing a fully functional website to our customers and other visitors.Specifically, we use technically necessary cookies to retain language preferences.
Third-Party
Plausible Analytics
We use Plausible Analytics for website analysis.
The provider is Plausible Insights OÜ, Västriku tn 2, 50403, Tartu, Estonia. The provider processes usage data (e.g. visited pages, interest in content, access times) and metadata/communication data (e.g. device information, IP addresses) within the EU.
The legal basis for this processing is Art. 6(1)(a) GDPR. The processing is based on consent.
Data subjects may withdraw their consent at any time, for example by contacting us using the contact details provided in this privacy policy.
Withdrawal of consent does not affect the lawfulness of processing carried out prior to the withdrawal.The data is deleted once its purpose has been fulfilled and no legal retention obligations apply.Further information can be found in the provider’s privacy policy at:
https://plausible.io/privacy
Weglot
Wir setzen Weglot für Übersetzungen ein. Der Anbieter ist Weglot, 138, rue Pierre Joigneaux in BOIS-COLOMBES (92270), Frankreich. Der Anbieter verarbeitet Meta-/Kommunikationsdaten (z.B. Geräte- Informationen, IP-Adressen) in der EU.
Die Rechtsgrundlage der Verarbeitung ist Art. 6 Abs. 1 S. 1 lit. a DSGVO. Die Verarbeitung erfolgt auf der Basis von Einwilligungen. Betroffene können ihre Einwilligung jederzeit widerrufen, indem sie uns z.B. unter den in unserer Datenschutzerklärung angegebenen Kontaktdaten kontaktieren. Der Widerruf berührt nicht die Rechtmäßigkeit der Verarbeitung bis zum Widerruf.
Die Daten werden gelöscht, wenn der Zweck ihrer Erhebung entfallen ist und keine Aufbewahrungspflicht entgegensteht. Weitere Informationen sind in der Datenschutzerklärung des Anbieters unter https://weglot.com/de/privacy/ abrufbar.
Google Analytics
We use Google Analytics for website analysis.
The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
The provider processes usage data (e.g. pages visited, interest in content, access times) and metadata/communication data (e.g. device information, IP addresses) in the United States.
The legal basis for this processing is Art. 6(1)(a) GDPR. The processing is carried out based on user consent.
Data subjects may withdraw their consent at any time—for example, by contacting us using the details provided in this privacy policy.
Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.The legal basis for transferring data to a country outside the European Economic Area (EEA) is an adequacy decision. The security of data transferred to the third country (i.e. a country outside the EEA) is ensured because the European Commission has determined, under Art. 45(3) GDPR, that the third country provides an adequate level of data protection.The data is deleted once the purpose of its collection no longer applies and no legal retention obligations prevent its deletion.For more information, please refer to the provider’s privacy policy:
https://policies.google.com/privacy?hl=en
YouTube Videos
We use YouTube to embed videos on our website.
The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The provider processes usage data (e.g. pages visited, interest in content, access times) and metadata/communication data (e.g. device information, IP addresses) in the United States.The legal basis for this processing is Art. 6(1)(a) GDPR.
The processing is based on user consent.
Data subjects may withdraw their consent at any time—for example, by contacting us using the contact details provided in this privacy policy.
Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.The legal basis for transferring data to a country outside the EEA is user consent.Further information is available in the provider’s privacy policy:
https://policies.google.com/privacy
HubSpot
We use HubSpot for marketing automation, lead generation, and analytics.
The provider is HubSpot, Inc., 25 First Street, Cambridge, MA 02141, USA. The provider processes usage data (e.g. pages visited, interest in content, access times), content data (e.g. form submissions), and metadata/communication data (e.g. device information, IP addresses) in the United States.The legal basis for this processing is Art. 6(1)(f) GDPR. We have a legitimate interest in managing data in a streamlined and cost-effective manner.
The legal basis for data transfers to a country outside the EEA is the use of Standard Contractual Clauses (SCCs). The security of data transferred to a third country (i.e. outside the EEA) is ensured through Standard Data Protection Clauses adopted under the procedure set out in Art. 93(2) GDPR (Art. 46(2)(c) GDPR), which we have agreed upon with the provider.
Data is deleted once its processing purpose no longer applies and no legal retention obligations prevent deletion.Further information is available in the provider’s privacy policy:
https://legal.hubspot.com/privacy-policy
Data Processing on Social Media Platforms
We maintain a presence on social media platforms to present our organization and services.
The operators of these networks regularly process user data for advertising purposes. Among other things, they create user profiles based on online behavior, which are used to display interest-based advertising both within the platforms and elsewhere on the internet.
To do this, the platform operators store information about user behavior in cookies on users’ devices. It is also possible that the operators combine this information with other data.For further details and information on how users can object to this type of processing, please refer to the privacy policies of the respective platform providers listed below.Please note that some operators—or their servers—may be located in non-EU countries. This may present risks for users, such as reduced ability to enforce data protection rights or potential access to data by foreign state authorities.
When users contact us via our social media profiles, we process the information they provide in order to respond to their inquiries. This constitutes a legitimate interest, making Art. 6(1)(f) GDPR the legal basis for processing.
The operators of these networks regularly process user data for advertising purposes. Among other things, they create user profiles based on online behavior, which are used to display interest-based advertising both within the platforms and elsewhere on the internet.
To do this, the platform operators store information about user behavior in cookies on users’ devices. It is also possible that the operators combine this information with other data.For further details and information on how users can object to this type of processing, please refer to the privacy policies of the respective platform providers listed below.Please note that some operators—or their servers—may be located in non-EU countries. This may present risks for users, such as reduced ability to enforce data protection rights or potential access to data by foreign state authorities.
When users contact us via our social media profiles, we process the information they provide in order to respond to their inquiries. This constitutes a legitimate interest, making Art. 6(1)(f) GDPR the legal basis for processing.
Xing
We maintain a profile on Xing.The operator is New Work SE, Dammtorstraße 29–32, 20354 Hamburg, Germany.The privacy policy can be accessed here: https://privacy.xing.com/en/privacy-policy
Changes to This Privacy Policy
We reserve the right to amend this privacy policy with effect for the future. The current version is always available here.
Questions and Comments
If you have any questions or comments regarding this privacy policy, please feel free to contact us using the contact details provided above.