Data Protection Statement

1.1 Data Controller and Data Protection Officer

The website’s data controller within the meaning of Art. 4, No. 7, GDPR, is

Trei Real Estate GmbH
Klaus-Bungert-Str. 5b
D-40468 Düsseldorf

Phone: +49 211 54011-000
E-mail: info@treirealestate.com

For more details on the parties responsible, please see the legal notice of this website.

If you have any questions regarding the subject of data protection, please get in touch with our external data protection officer:

Tengelmann Audit GmbH
Datenschutzbeauftragter
An der Pönt 45
D-40885 Ratingen

E-mail: datenschutz@t-audit.de

1.2 General Information on the Legal Bases for Processing Personal Data

Personal data will only be processed to the extent necessary for a given purpose and/or subject to consent. Processing may principally proceed on the following legal bases, among others:

• Art. 6, Sec. 1, Lit. a, GDPR (consent by the data subject), or Art. 9, Sec. 2, Lit. a, GDPR (if consent to the processing of special categories of data was granted pursuant to Art. 9, Sec. 1, GDPR)
• Art. 6, Sec. 1, Lit. b, GDPR (fulfilment of a contractual relationship with the data subject, pre-contractual measures at the request of the data subject)
• Art. 6, Sec. 1, Lit. c, GDPR (fulfilment of a legal obligation)
• Art. 6, Sec. 1, Lit. f, GDPR (protection of a legitimate interest of the controller or of a third party, provided that the interests, fundamental rights and freedoms of the data subject, which require the protection of personal data, prevail)
• Art. 49, Sec. 1, Lit. a, GDPR (express consent to the transfer of personal data to third countries).

If consent constitutes the legal basis for processing personal data, you may retract your consent at any time without stating your reasons. Principally, retracting your consent is only effective for the future. This means that retracting your declaration of consent will not render prior processing impermissible that preceded our receipt of the revocation of your consent.

For details on the relevant (or supplementary) legal bases in a given case, please see the following sections of this Data Protection Statement.

If we process your personal data as controller, you have the following rights vis-à-vis us with regard to the processing of your personal data, which you may assert at any time:

Right to Information, Erasure and Correction

Within the scope of the applicable legal provisions, you have the right to free information (Art. 15, GDPR) about your processed personal data and other disclosures pursuant to Art. 15, Sec. 1, Lit. a through h, GDPR, at any time. In addition, you may be entitled to the rectification (Art. 16, GDPR) or erasure (Art. 17, GDPR) of these data. The right to erasure may be restricted in cases specified in Art. 17, Sec. 3, GDPR (e. g. whenever the data are required for asserting, exercising or defending legal claims).

Right to Restriction of Processing

You have the right to demand that the processing (Art. 18, GDPR) of your personal data be restricted (or blocked). The right to restriction of processing exists in the cases specified in Art. 18, Sec. 1, Lit. a to d, GDPR. Once the processing of your personal data has been restricted, such data may—apart from being stored—only be processed with your consent or else to assert, exercise or defend legal claims, or for to protect the rights of another natural person or legal entity, or for reasons of material public interest of the European Union or one of its member state.

Right to Data Portability

You have the right to receive personal data concerning you in a standard machine-readable format, assuming that you have provided us with the data yourself, that we process this data via automated procedures and that the processing is based on your consent or the fulfilment of a contract with you (Art. 20, GDPR).

Right to Object to the Processing of Your Data

To the extent that personal data are processed (including profiling, where applicable) on the basis of legitimate interests (Art. 6, Sec. 1, Lit. f, GDPR), you have the right to object to the processing of your personal data at any time for reasons arising from your specific circumstances (Art. 21, GDPR). In that case, we will cease to process your personal data for said purposes unless our legitimate interests prevail, or unless the processing serves the assertion, exercise or defence of legal claims. Collecting data in order to make the website available and storing log files is imperative for the operation of the website. Without prejudice to this fact, you may object to the processing of your personal data for purposes of direct marketing at any time without stating a reason. The same is true for possible profiling if it is connected to direct marketing of this type.

Right to Revoke Your Consent

If consent constitutes the legal basis for processing your personal data, you may retract your consent at any time without stating your reasons (Art. 7, Sec. 3, GDPR). Principally, retracting your consent is only effective for the future. This means that the revocation of consent will not affect the lawfulness of the processing which was carried out on the basis of your consent prior to its revocation.

Right to Lodge a Complaint with a Regulator

If you believe that the processing of your personal data violates data protection law, you have the right to lodge a complaint with a regulator, specifically in the member state of your habitual residence, place of work or place of the alleged violation (Art. 77, GDPR). The right to lodge a complaint exists without prejudice to any other administrative or judicial remedy.

To assert your rights vis-à-vis us, please get in touch with us, using the contact details quoted in the disclosures about the controller and the data protection officer.

Whenever data subject rights are asserted, personal data will be processed in this same context in order to respond to the request. Here, the processing of personal data is done to fulfil a legal obligation pursuant to Art. 6, Sec. 1, Lit. c, GDPR, or on the basis of our legitimate interest pursuant to Art. 6, Sec. 1, Lit. f, GDPR, to implement the data protection regulations that govern the rights of data subjects.

Visiting our website will cause personal data to be processed, among other data. This section will give you an overview of the data processed in this context as well as on the purpose of, and legal basis for, doing so.

For security reasons and to protect the transmission of data, this site uses SSL or TLS encryption. You can recognise an encrypted connection by the fact that the character string in your browser’s address line changes from “http://” to “https://” and by the lock symbol in your browser line.

Enabling SSL or TLS encryption will, as a rule, make it impossible for third parties to read the data you transmit to us. Please note, however, that electronic data transmission (on the Internet or via e-mail) are always subject to the risk of security gaps despite all precautions taken. There is no way to provide end-to-end protection against third-party access.

Whenever you visit our website our servers can generally access information, such as the IP address of your end device, but information may also be stored on your end device (e. g. in the form of cookies). To the extent that this is necessary to ensure an error-free and secure presentation of our website and the services associated with it, it is principally done on the basis of Art. 25, Sec. 2, Telecommunications and Telemedia Data Protection Act (TTDSG). Alternatively, it is done on the basis of your consent pursuant to Art. 25, Sec. 1, TTDSG.

Whenever the retrieval or storage of information involves the processing of personal data, such processing is usually done on the relevant legal basis pursuant to Art. 6, Sec. 1, GDPR, as mentioned above.

To this end, we use e. g. various technologies (including cookies) that are imperative for the use of certain functions of our website and that are therefore rated “necessary” by us. The use of these technologies serves the purpose of collecting and processing the IP address, the time of your visit, details on your device and browser information as well as information about your use of our website. This will help to optimise the presentation and secure provision of our website and of the respective contents. At the same time, these purposes constitute our legitimate interest pursuant to Art. 6, Sec. 1, Sent. 1, Lit. f, GDPR, and thus the legal basis for processing said data.

For more details on each cookie used, third-party services or other technologies, please click on the “Cookie settings” box shown at the top of this Data Protection Statement. In addition, you will find further information about the cookies used on our web pages, third-party services and other technologies in the sections below.

3.1 Hosting the Website

For technical reasons, every time you access our website, data will automatically be transmitted to the web server of the Internet service provider hosting our website and temporarily stored there.

Server Log

Every time our website is accessed, information will automatically be collected and stored in so-called server log files that your browser automatically transmits to us. These include

• browser type and version
• operating system used
• referrer URL
• retrieved file, quantity of the data transmitted
• date and time of the server request
• and your IP address.

3.2 Cookies and Other Technologies

Our homepage uses so-called cookies. Cookies represent text files that a website stores in the browser history of the person visiting it and that are used to exchange information with the server of the homepage.

Our homepage uses the following types of cookies and third-party services:

We maintain an active presence in various social networks and platforms using company profiles in order to communicate with users and parties interested in our company and to advertise open positions or available services, for example.

Please note that we are in no way responsible for the processing of personal data that the respective platform operators carry out on their own. The data protection statements of the respective operators apply. In addition, we would like to point out that personal data processed during your visit to the respective platforms may also be transferred to so-called third countries (countries outside the European Union and the European Economic Area) where other statutory data protection regulations apply and where the legally required level of data protection may fall short of the standards that apply in the European Union. For more information on the subject, please see the data protection statement of the respective platform operator.

When visiting one of our company profiles, you are under no obligation to actively disclose personal data to us. We may limit the data processing to personal data that you made public (e. g. your clear name in your user profile) and that directly relate to activities on our company profile (e. g. contributions, posts, likes, tags, etc.) or that you provided while communicating with us.

Reasons why we process your personal data may include, depending on the case at hand, either market research and advertising purposes or effective communication with users and the ability to process inquiries by a given user. At the same time, these purposes constitute our legitimate interest and thus the legal basis pursuant to Art. 6, Sec. 1, Lit. 3, GDPR, for processing the associated personal data. Insofar as communication with you via the platforms takes place at your request for the purpose of fulfilling a contract with you or of executing pre-contractual measures, this will also constitute the relevant legal basis pursuant to Art. 6, Sec. 1, Lit. b, GDPR, for the processing of your personal data in the context of communicating with you.

The platform operators also use so-called cookies and similar technologies specifically to identify you as a registered user and normally also to analyse your usage behaviour, at the least. We have no access to information that was gained through cookies and similar technologies. However, such information could serve as basis for compiling statistical/analytic data. For more details on this subject, check the data protection policies of the respective operators.

Please note that your communication with us via a given platform will be handled by the infrastructure of the platform operator whose security we can influence only to a limited extent. For this reason, please contact us directly via our own communication channels if you intend to disclose more detailed or confidential information to us.

Platform operators could also make statistically processed data with or without personal references available to us, which we use to evaluate user behaviour in relation to our company profile. Such data can, e. g., update us on the number of followers, the number of views or likes as well as demographic data (such as a user’s country) or job-related information (industries, areas of responsibility). We have no way to influence the collection or provision of these data. Rather, the data are processed and provided by the respective platform operator. Our evaluation of the data provided to us with regard to user behaviour or interaction behaviour helps us measure our performance and thereby control our activities on such platforms in a target-oriented manner, while these activities simultaneously constitute our legitimate interest pursuant to Art. 6, Sec. 1, Lit. f, GDPR.

Responsibility for certain processing steps involving personal data in the context of our company profile on a given platforms is shared by us and the respective platform operator. This is particularly true whenever the platform operator makes statistics and evaluations involving our company profile available to us. For more details on each of the relevant platform operators, see the sections below:

LinkedIn

When using LinkedIn, the operator of the social network shares our responsibility for data processing on our fan pages/company profiles under data protection law, the operator being:

LinkedIn Ireland Unlimited Company
Wilton Place
Dublin 2, Irland

You may submit data protection complaints on the following page (third-party link): )Contact LinkedIn Help.

To find out more about on what scale and for how long your personal data are collected and processed by LinkedIn, see LinkedIn’s privacy policy sowie LinkedIns user agreement (third-party links).

Responsibility for the processing of personal data in the context of our company profile on LinkedIn is shared by us and LinkedIn Ireland Unlimited Company. For more information on our joint controllership, click here (third-party link).

XING

When using XING, the operator of the social network shares our responsibility for data processing on our fan pages/company profiles under data protection law, the operator being:

New Work SE
Am Strandkai 1
20457 Hamburg, Germany

You may submit data protection complaints on the following page (third-party link): Contact I XING Help.

To find out more about on what scale and for how long your personal data are collected and processed by XING, see XING’s privacy policy and XING’s user agreement (third-party links).

Responsibility for the processing of personal data in the context of our company profile on XING is shared by us and New Work SE. For more information on our joint controllership, click hear (third-party link).

Details on how to get in touch with us are provided in various ways (e. g. on this homepage, on business cards or in e-mail signatures). In most cases, the point of disclosing our contact details is to make it easier for our (potential) business partners to request information from us. If you wish to communicate with us in regard to open positions, please note moreover the relevant passages below.

Whenever you contact us, e. g. via e-mail or telephone, the personal data you submit out of your own free will (e. g. your e-mail address, your name or your phone number) will be processed by us in order to handle/answer your request for information. If the chosen means of communication offers additional options (e. g. video telephony), you are at liberty to enable or disable these at your discretion any time.

Only persons who need these personal data for the lawful purpose of processing them in the relevant context will have access to the personal data you disclosed while communicating with us. Personal data that we received in the context of communicating with you will be shared with third parties only if doing so is either technically necessary (e. g. telecommunications providers or IT service providers) or required for properly completing a given transaction (e. g. cloud, postal or parcel service providers) or if you gave us permission to do so. Third-party service providers are selected and contracted in consideration of internal minimum data protection standards and of the relevant legal requirements (e. g. the conclusion of applicable contracts pursuant to Art. 28, GDPR, for commissioned data processors, to the extent necessary).

Any personal data you submitted while communicating with us will be processed on the legal basis of Art. 6, Sec. 1, Lit. b, GDPR, if your inquiry relates to the fulfilment of a contract or is required for conducting pre-contractual measures. In addition, data processing is based on our legitimate interest to efficiently process inquiries submitted to us (Art. 6, Sec. 1, Lit. f, GDPR) or else is based on your consent (Art. 6, Sec. 1, Lit. a, GDPR) if your consent was requested. You may revoke your consent at any time with effect to the future.

If you are not one of our contractual partners, but e. g. the employee of a (potential/current/former) business partner, the processing of your personal data—to the extent required for establishing, implementing or terminating a business relationship—is based on our legitimate interest pursuant to Art. 6, Sec. 1, Lit. f, GDPR. Efficient communication for the economic fulfilment of our business purpose and for the mutual fulfilment of (pre-)contractual obligations arising from (potential) business relationships constitutes both our own legitimate interest and—at least to some extent—the legitimate interest of our business partners.

The data you disclosed to us within the scope of our mutual communications will be stored until you ask us to delete them, until you revoke your consent to their storage or until the purpose of storing your data ceases to apply (e. g. once your request has been fully processed), unless there are legitimate reasons to the contrary, such as statutory retention periods or a legitimate interest pursuant to Art. 6, Sec. 1, Lit. f, GDPR (e. g. the processing of queries or the examination, assertion, exercise or defence of legal claims).

5.1 Contact via Microsoft Teams

We use the Microsoft Teams tool to host video conferences or sometimes to make phone calls or possibly to exchange documents and other contents. When running Microsoft Teams, the following categories of personal data, among others, may principally be processed:

• User data (e. g. name/alias, e-mail address)
• Communication metadata (e. g. date, time, meeting ID, IP address, phone number)
• Content data from text, audio, video or other files transmitted.

To the extent that Microsoft processes traffic data, content data and other personal data when providing products and services that are considered telecommunications services under applicable law, Microsoft is subject to telecommunications secrecy and responsible for maintaining it.

Trei is responsible for any further processing that results from the use of Microsoft Teams for communication purposes (e. g. via the invitation function, video recordings or document exchange). In this context, Microsoft acts on our behalf as commissioned data processor. Accordingly, we would like you to take note of the following functions and options:

At any time during a Teams session, it is up to you to decide whether to switch your camera and/or your microphone on or off. Moreover, it is up to you to decide whether to share contents or not.

If you use the chat function, any personal data that you share in the chat texts will be processed, and the other attendees will become aware of such content.

One of the technical options available to attendees of an online meeting is to record the meeting. If this function is enabled, you will promptly be notified of the recording and you have the right to object to the recording vis-à-vis the other meeting attendees. The recording will be saved in Microsoft Meetings after the online meeting. The recording may then be shared with other attendees.

Whenever Teams is used in third countries (countries outside the European Union and the European Economic Area) the processing of personal data is principally not intended because Microsoft Corporation has agreed to limit the storage geographically to data centres inside the European Union. However, we cannot rule out the possibility that data are routed via internet servers that are located outside the European Union. This may be the case particularly whenever the attendees of a meeting are located in a third country.

Microsoft Corporation, the parent company of Microsoft, is domiciled in the United States. Pursuant to an adequacy decision by the European Commission as to the EU-US Data Privacy Framework, the United States are rated as a so-called third country under current data protection legislation where statutory data protection regulations apply that deviate from those enforced in the European Union, and that therefore the legally required level of data protection may be lower than that of the European Union. However, the United States are subject to the adequacy decision by the European Commission regarding the EU-US Data Privacy Framework only if a given company has been certified accordingly. The Microsoft Corporation has been certified along these lines. In cases where data are processed outside the EU/EEA and the level of data protection falls short of the European standard, Microsoft also applies EU standard contractual clauses in order to establish an appropriate level of data protection. For more information, you may also check the data protection policy of Microsoft.

If you prefer not to use Microsoft Teams, please let us know via e-mail so that we can jointly agree on alternative ways to communicate.

For more details on the data protection provisions of Microsoft, go to the Microsoft Corporation homepage at (third-party link): https://privacy.microsoft.com/de-de/privacystatement

5.2 Contacting Us to Apply for an Open Position

If you are interested in an open position that we advertise, you may submit an online application. For this purpose, we use the “Personio” e-recruiting system operated by third-party provider Personio SE & Co. KG, which companies may use to advertise job openings as well as to receive and manage applications in accordance with data protection regulations.

For the corresponding data protection information regarding this process, please see the (third-party) link below: Data protection statement for the online application process

Personio’s application management uses cookies. The link above also provides details on this subject.