Data Protection : VEKA Hausverwaltung

Privacy Policy

We, VEKA GmbH (hereinafter referred to as “the company”, “we” or “us”) take the protection of your personal data seriously and would like to inform you here about data protection in our company.

With the entry into force of the EU General Data Protection Regulation (Regulation (EU) 2016/679; hereinafter referred to as “GDPR”), we have been subject to additional obligations under data protection law to ensure the protection of personal data of individuals affected by data processing. In this notice, we also refer to you as the data subject using the terms “customer”, “user”, “you” or “data subject”.

Where we determine, either alone or jointly with others, the purposes and means of processing personal data, we are required to inform you transparently about the nature, scope, purpose, duration and legal basis of the processing (see Articles 13 and 14 GDPR). With this statement (hereinafter: “Privacy Notice”), we inform you of how your personal data is processed by us.

Our privacy notice is modular in structure. It consists of a general section that applies to all types of data processing (A. General) and a specific section, which applies only to the processing situation specified, in particular website visits (B. Website Visit) and contact inquiries (C. Contact).

A. General

(1) Definitions

In accordance with Article 4 of the GDPR, the following definitions apply to this Privacy Notice:

“Personal data” (Art. 4(1) GDPR): all information relating to an identified or identifiable natural person (“data subject”). A person is identifiable if they can be identified directly or indirectly, in particular by reference to an identifier such as a name, identification number, online identifier, location data or information about their physical, physiological, genetic, mental, economic, cultural or social identity. Identifiability may also be established by linking such information with other additional data. The form or medium of the information does not matter (e.g., photos, video or audio recordings may also contain personal data).

“Processing” (Art. 4(2) GDPR): any operation or set of operations which is performed on personal data, whether or not by automated means. This includes collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction, as well as any change in purpose for which the data was originally collected.
“Controller” (Art. 4(7) GDPR): the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

“Third party” (Art. 4(10) GDPR): any natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data. This also includes affiliated group companies.

“Processor” (Art. 4(8) GDPR): a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller, in accordance with the controller’s instructions (e.g., IT service providers). In data protection terms, a processor is not considered a third party.

“Consent” (Art. 4(11) GDPR): any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which they, by a statement or by a clear affirmative action, signify agreement to the processing of personal data relating to them for one or more specific purposes.

(2) Name and address of the controller

The controller responsible for the processing of your personal data within the meaning of Article 4(7) GDPR is:

VEKA GmbH
Schlehdornweg 11a, 50858 Cologne, Germany
Phone: +49 (0)221 540 288 22
Fax: +49 (0)221 540 288 29
Email: verwaltung@veka-hausverwaltung.deWeitere

For information about our company, please refer to the legal notice on our website: www.veka-hausverwaltung.de.

(3) Contact details of the data protection officer

For all questions and as your point of contact on the topic of data protection, our company data protection officer is available at any time. His contact details are:

VEKA GmbH
Robin N. Kuan – Managing Director
Schlehdornweg 11a, 50858 Cologne, Germany
Phone: +49 (0)221 540 288 22
Fax: +49 (0)221 540 288 29
Email: verwaltung@veka-hausverwaltung.de

(4) Legal bases for data processing

As a rule, the processing of personal data is prohibited by law unless it falls under one of the following legal grounds:

Article 6(1)(a) GDPR (“Consent”): where the data subject has given consent to the processing of their personal data for one or more specific purposes in an informed and unambiguous manner;

Article 6(1)(b) GDPR: where processing is necessary for the performance of a contract to which the data subject is a party, or to take steps at the request of the data subject prior to entering into a contract;

Article 6(1)© GDPR: where processing is necessary for compliance with a legal obligation to which the controller is subject (e.g., legal record-keeping obligations);

Article 6(1)(d) GDPR: where processing is necessary in order to protect the vital interests of the data subject or of another natural person;

Article 6(1)(e) GDPR: where processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

Article 6(1)(f) GDPR (“Legitimate Interests”): where processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, unless such interests are overridden by the interests or fundamental rights and freedoms of the data subject (in particular where the data subject is a child).

For each of the processing operations carried out by us, we specify the applicable legal basis below. Processing may also be based on more than one legal ground.

(5) Data deletion and storage duration

For each processing activity we carry out, we indicate how long the data is stored and when it is deleted or blocked. If no specific retention period is stated, your personal data will be deleted or blocked as soon as the purpose for which it was stored or the legal basis for its processing no longer applies. Your data is generally stored only on servers located in Germany, unless otherwise provided for in sections A.(7) and A.(8).

However, data may be stored beyond this period in the event of (imminent) legal disputes with you or other legal proceedings, or if storage is required by statutory provisions to which we are subject as the controller (e.g., § 257 of the German Commercial Code (HGB), § 147 of the German Fiscal Code (AO)). Once the legally required retention period expires, your data will be blocked or deleted unless continued storage is necessary and legally permitted.

(6) Data security

We use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction, or unauthorized access by third parties (e.g., TSL encryption for our website). These measures take into account the state of the art, implementation costs, the nature, scope, context and purpose of the processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of the data subject. Our security measures are continuously improved in line with technological advancements.

Further details are available upon request. Please contact our Data Protection Officer (see section A.(3)).

(7) Cooperation with processors

Like any company, we use external service providers – both domestic and international – to handle our business operations (e.g., in the areas of IT, logistics, telecommunications, sales and marketing). These service providers operate strictly under our instructions and have been contractually bound to comply with applicable data protection laws in accordance with Article 28 GDPR.

(8) Requirements for data transfers to third countries

In the course of our business relationships, your personal data may be shared with or disclosed to third-party companies. These companies may be located outside the European Economic Area (EEA), i.e., in third countries. Such processing is carried out exclusively to fulfill contractual and business obligations and to maintain our business relationship with you. We will inform you of the specific details of such transfers below when applicable.

Some third countries have been deemed by the European Commission to provide an adequate level of data protection (a list of these countries and copies of the adequacy decisions can be found here: http://ec.europa.eu/justice/data-protection/international-transfers/adequacy/index_en.html). For other countries where no such adequacy decision exists, we ensure an appropriate level of protection through mechanisms such as binding corporate rules, standard contractual clauses issued by the European Commission, certifications, approved codes of conduct, or self-certification under the EU-US Privacy Shield (see: https://www.privacyshield.gov/welcome). Please contact our Data Protection Officer (see section A.(3)) if you would like more information.

(9) No automated decision-making (including profiling)

We do not intend to use your personal data for any automated decision-making process (including profiling).

(10) No obligation to provide personal data

We do not make the conclusion of contracts with us dependent on the provision of personal data. As a customer, you are generally under no legal or contractual obligation to provide us with personal data. However, we may not be able to offer certain services, or only to a limited extent, if the necessary data is not provided. If exceptions to this rule apply for any of our products or services, we will inform you separately.

(11) Legal obligation to disclose certain data

We may be subject to legal or regulatory obligations requiring us to lawfully disclose personal data to third parties, especially public authorities (Article 6(1)© GDPR).

(12) Your rights

As a data subject, you may assert the following rights regarding the processing of your personal data at any time using the contact details provided under A.(2):

In accordance with Article 15 GDPR, you have the right to obtain access to the personal data we process about you. This includes information on the purposes of processing, the categories of data, the recipients or categories of recipients to whom your data has been or will be disclosed, the planned duration of storage, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the source of your data (if not collected by us), and the existence of automated decision-making, including profiling, and meaningful information about the logic involved;

In accordance with Article 16 GDPR, you have the right to request the immediate correction of inaccurate data or the completion of your data stored by us;

In accordance with Article 17 GDPR, you have the right to request the deletion of your personal data stored by us, unless the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise or defense of legal claims;

In accordance with Article 18 GDPR, you have the right to request the restriction of processing of your personal data if you contest the accuracy of the data, the processing is unlawful, or you have objected to the processing;

In accordance with Article 20 GDPR, you have the right to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format and to transmit those data to another controller (“data portability”);

In accordance with Article 21 GDPR, you have the right to object to processing based on Article 6(1)(e) or (f) GDPR. This particularly applies if the processing is not required for fulfilling a contract with you. If the objection is not related to direct marketing, please explain the reasons why you object to the processing. In case of a justified objection, we will examine the situation and either cease or adapt the data processing or provide compelling legitimate grounds for continuing the processing;

In accordance with Article 7(3) GDPR, you have the right to withdraw your consent at any time, including any consent given prior to the GDPR (i.e., before May 25, 2018). This means that we may no longer continue the data processing that was based on this consent in the future, and
In accordance with Article 77 GDPR, you have the right to lodge a complaint with a supervisory authority regarding the processing of your personal data in our company. You can contact, for example, the supervisory authority responsible for us:
Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen,
P.O. Box 20 04 44, 40102 Düsseldorf,
www.ldi.nrw.de,
Email: poststelle@ldi.nrw.de.

(13) Changes to this Privacy Notice

In the context of the ongoing development of data protection law and technological or organizational changes, we regularly review our Privacy Notice for potential updates or additions. We will inform you of any changes, particularly on our website at www.veka-hausverwaltung.de. This Privacy Notice is current as of September 1, 2022.

B. Visiting our website

(1) Functionality explained

Information about our company and the services we offer can be found in particular on www.veka-hausverwaltung.de and its subpages (hereinafter collectively referred to as “websites”). When you visit our websites, your personal data may be processed.

(2) Processed personal data

When visiting the websites for informational purposes only, the following categories of personal data are collected, stored, and processed:

“Log data”: When you visit our websites, a so-called log file is temporarily and anonymously stored on our web server. This log file contains:

the page from which the page was requested (so-called referrer URL)

the name and URL of the requested page

the date and time of access

a description of the type, language, and version of the web browser used

the IP address of the requesting device, shortened to render identification impossible

the volume of data transferred

the operating system

a notification whether the access was successful (access status/HTTP status code)

the GMT time zone difference

(3) Purpose and legal basis for data processing

We process the above-mentioned personal data in accordance with the provisions of the GDPR and other applicable data protection laws only to the extent necessary. Where processing is based on Article 6(1)(f) GDPR, the purposes mentioned also constitute our legitimate interests.

The processing of log data serves statistical purposes and to improve the quality of our website, in particular the stability and security of the connection (legal basis is Article 6(1)(f) GDPR).

(4) Duration of data processing

Your data is only processed for as long as necessary to achieve the above-mentioned processing purposes; the legal bases mentioned for the respective processing purposes apply accordingly.

Third-party providers engaged by us will store your data on their systems for as long as is necessary to provide the services under the respective agreement with us.

Further details on storage duration can also be found under A.(5).

(5) Transfer of personal data to third parties; legal basis

The following categories of recipients, typically processors (see also A.(7)), may be granted access to your personal data:

Service providers for operating our website and processing the data stored or transmitted through the systems (e.g., IT security services). The legal basis for the transfer is Article 6(1)(b) or (f) GDPR, unless they are processors;

Government authorities, to the extent required to fulfill a legal obligation. The legal basis for the transfer is Article 6(1)© GDPR;

Individuals involved in running our business (e.g., auditors, banks, insurance companies, legal advisors, supervisory authorities, participants in company acquisitions or joint ventures). The legal basis for the transfer is Article 6(1)(b) or (f) GDPR.

See A.(8) for information on appropriate safeguards regarding the transfer of data to third countries.

Furthermore, we will only disclose your personal data to third parties if you have given your express consent pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR.

C. Contacting us

(1) Explanation

When you contact us, we collect the following personal data, as necessary:

Title, salutation, first name, last name

Contact details (email addresses, telephone numbers, postal addresses)

Date of birth

Bank account details

Information related to the initiation and execution of a contract (self-disclosure, SCHUFA)

(2) Purpose and legal basis of data processing

The collection of this data is carried out:

for initiating, concluding and executing a contractual or rental relationship

for communication with you

for invoicing

for handling any contractual, rental, warranty, and liability claims

for commissioning tradespeople to carry out repairs

for transferring data to service providers (e.g. utility billing companies, notaries, legal guardians, real estate agents, tax consultants, utility companies)

for preparing service charge statements

for preparing homeowner association (HOA) fee statements

for issuing tenant confirmations for registration authorities

for issuing rent debt clearance certificates

for invitations to homeowners’ meetings

for invitations to administrative advisory board meetings

for preparing property management contracts

for preparing contracts for the management of individual property units

for asserting or defending legal claims

for opening, maintaining and closing security deposit accounts

Data processing is necessary under Art. 6 para. 1 sentence 1 lit. b GDPR and Art. 28 para. 3 GDPR for the initiation and execution of the contract/rental relationship and for fulfilling mutual obligations under the contract.

(3) Duration of data storage

Your data will only be processed for as long as necessary to achieve the aforementioned purposes of processing; the legal bases cited in connection with the respective purposes of processing apply accordingly.

Third parties engaged by us will retain your data on their systems for as long as is necessary to perform services for us in accordance with the respective engagement.

(4) Disclosure of data to third parties

Your personal data may be disclosed to the following categories of recipients:

Clients / landlords, insofar as this is necessary to initiate a contract / rental agreement with you. The legal basis for disclosure is Art. 6 para. 1 sentence 1 lit. b or lit. f GDPR, unless they are processors;

Public authorities, to the extent necessary to comply with a legal obligation. The legal basis for disclosure is Art. 6 para. 1 sentence 1 lit. c GDPR;

Service providers, tradespeople, and utility companies involved in performing the contract / rental relationship. The legal basis for disclosure is Art. 6 para. 1 sentence 1 lit. b or lit. f GDPR, unless they are processors;

Individuals involved in conducting our business operations (e.g., auditors, banks, insurers, legal advisers, regulators, parties involved in corporate transactions or joint ventures). The legal basis for disclosure is Art. 6 para. 1 sentence 1 lit. b or lit. f GDPR.

See A.(8) for information on the safeguards regarding the transfer of data to third countries.

Furthermore, we will only disclose your personal data to third parties if you have given your express consent pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR.

Regulated professions / business activity subject to licensing:

Residential property manager pursuant to §34c para. 1 sentence 1 no. 4 GewO
Real estate broker pursuant to §34c para. 1 sentence 1 no. 1 GewO

Supervisory authority:

City of Cologne
Public Order Office
Special Trade Affairs
Willy-Brandt-Platz 3
50679 Cologne

T: +49 (0) 221–221 35257

E: SpezielleGewerbeangelegenheiten@stadt-koeln.de

Privacy Policy

Regulated professions / business activity subject to licensing:

Supervisory authority:

Legal Notices

Sitemap

Pri­va­cy Poli­cy

Regu­la­ted pro­fes­si­ons / busi­ness acti­vi­ty sub­ject to licen­sing:

Super­vi­so­ry aut­ho­ri­ty:

Privacy Policy

Regulated professions / business activity subject to licensing:

Supervisory authority: