Controller, Art. 4 Nr. 7 GDPR
10119 Berlin – Deutschland
Tel.: 0800 500 80 02
1. Definitions / Scope
1.1. Personal data
‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
‘processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
1.3. Restriction of processing
‘restriction of processing’ means the marking of stored personal data with the aim of limiting their processing in the future.
‘profiling’ means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
‘pseudonymisation’ means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
‘controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
‘processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
‘recipient’ means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.
1.9. Third party
‘third party’ means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
‘consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
2. General information about data processing
If a personal data transfer to a third country or an international organization takes place by McMakler and / or a processor, McMakler will verify to the processor / partner, in particular, the existence of an adequacy decision pursuant to Art. 45 (3) GDPR or the existence of appropriate guarantees by type 46 GDPR. Otherwise, a transfer will only take place if one of the requirements according to Art. 49 (1) lit. a) to g) is fulfilled.
In addition, we do not operate exclusively automated decision-making ("profiling") in order to establish and conduct a business relationship.
If we pass on personal data to third parties, this usually takes place on the basis of your consent in accordance with Art. Art. 6 (1) lit. a) GDPR, unless justified by a legitimate interest or operational requirement of McMakler, Art. 6 (1) lit. f) GDPR or the processing is required precontractual or by contract, Art. 6 (1) lit. b) GDPR. A legitimate interest can in principle also exist in the transfer for purposes of direct marketing, Recital 47 GDPR. Advertising measures are also subject to § 7 Abs. 3 Gesetz gegen den unlauteren Wettbewerb (UWG) permissible on our part and / or as far as another legal regulation permits. In addition, disclosure to third parties is only made on the basis of a legal obligation to which the person responsible is subject (eg statutory information and notification obligations).
We have appointed a data protection officer for our companies. You can achieve this as follows:
Data Protection Officer (DPO)
10119 Berlin – Deutschland
3. Server log files
When you visit our website, our system automatically collects data and information from the computer system of your computer. The following data is collected:
a. IP address of the requesting computer,
b. Date and time of access,
c. Name and URL of the expired file,
d. Website from which access is made (referrer URL),
e. used browser and, if applicable, the operating system of your computer as well as the name of your access provider
This data is stored as standardized on any other web server in the log files of our system. A combination of these data together with other personal data is not done. The storage in the log files is done by us to ensure the functionality of our website and to protect us from abusive or illegal use of the website as well as to analyze attack patterns ("hacking"). With this data, we can also optimize our website and ensure the security of our information technology systems. In addition, this information may be relevant for law enforcement purposes and may only then be merged with other data, such as: Your identity. We can not produce a direct personal reference based on the information itself.
For these purposes, our legitimate interest in the processing of data according to Art. 6 (1) lit. f) GDPR. The server log data is kept for 90 days.
We use so-called "cookies" on our website. These are text files that are stored on your device. Some of the cookies we use, called session cookies, are deleted immediately when you close your browser, that is, when the session ends. Other cookies will continue to be stored on your device and allow us and our third party providers (see 5.2. an following) to recognize your browser the next time you visit our website (persistent cookies). Cookies are processed to an individual extent and collect data such as browser and location data as well as (anonymized) IP address values. Persistent cookies are automatically deleted after a specified period of time.
Cookies do not harm your computer and are designed to make your visit to our website attractive and to enable the use of certain functions. If the cookies set by us or third parties process personal data, the processing is carried out in accordance with Art. 6 (1) lit. b) GDPR either for contractual purposes or pursuant to Art. 6 (1) lit. f) GDPR lawfully for the protection of our legitimate interests of analytics purposes an to provide you with a user-friendly website and services.
To prevent the setting of cookies, you can set your browser so that you are informed about the setting of cookies and individually decide on their acceptance or exclude the acceptance of cookies for certain cases in general. The type of browser setting is different for each browser. A description of the cookie and privacy settings can be found for the respective browser under the following links:
Please note that if you do not accept cookies, the functionality of our website may be limited. If the browser you listed is not listed, feel free to contact us.
5. Collection and use of data
As part of your visit to our website, we process personally identifiable information you provide in particular through online forms provided by McMakler. Below is a list of possible data processing by us as well as the online forms integrated on partner sites. This data will be deleted as soon as the purpose of storage no longer exists and there are no legal and / or legitimate retention periods. In addition to the purposes and legal bases specified below, the data may also be used for purposes of contract performance and fulfillment, Art. 6 (1) lit. b) GDPR as well as for marketing purposes on the basis of your consent (Art. 6 (1) lit. a) GDPR) or based on legitimate interests pursuant to Art. 6 (1) lit. f) GDPR, if necessary in conjunction with recital 47 GDPR are processed accordingly, insofar as a other legal basis (eg § 7 (3) UWG) is not relevant.
5.1. McMakler forms and data collected about them
In order for you to be able to use our services, we provide these forms for your specific needs. If you fill out one or more of these forms and submit, we will receive the data entered and process them on our systems. The following illustration of forms used by McMakler may not be exhaustive. We reserve the right to change the content of individual online forms, to rename them or to process comparable information through those services.
5.1.1. Form: Property/real estate valuation (land, house, flat or business/commercial real estate)
This form will give you a free initial evaluation of your property. At the same time we accept your request and provide our agency/brokerage services. If required, information provided by telephone or by e-mail is supplemented. The processing is based on your consent in accordance with. Art. 6 (1) lit. a) as well as, if applicable, based on legitimate interest pursuant to Art. 6 (1) lit. f), if necessary in conjunction with recital 47 GDPR (marketing purposes) as well as for purposes of pre-contractual measures, which are carried out at the request of the data subject, Art. 6 (1) lit. b) GDPR (sales and/or buying interest). In order for you to get a realistic rating of your property/real estate, the specification of specific data is required in addition to your personal contact information. In addition, these will be processed accordingly for the offered agency/brokerage services as well as the further communication with you. The details can be found in the online form.
5.1.2. Form: Create search request
Through this form, we take inquiries from prospective buyers into our search index and make our services available. If necessary, information about your search request issued by telephone and/or by e-mail will be added. The processing is based on your consent in accordance with. Art. 6 (1) lit. a) or due to legitimate interests Art. 6 (1) lit. f), if necessary in conjunction with recital 47 GDPR (marketing purposes) as well as for purposes of precontractual measures, which are carried out at the request of the data subject, Art. 6 (1) lit. b) GDPR. In order to be able to present you suitable real estate/property, in addition to providing your personal contact details, you must provide specific property details and preferences regarding our agency/brokerage services. These data are processed for the offered agency/brokerage services as well as the further communication with you. The details can be found in the online form.
5.1.3. Form: Application for property/real estate
Through this form we accept applications for real estate, which are marketed by us on behalf of the customer. In order to enable you to apply with success chances usually only the indication of your personal contact data for the object and optional information in the free text field (voluntary information) is required. These data are processed for the offered agency/brokerage services as well as the further communication with you. Legal basis is Art. 6 (1) lit. b) GDPR (pre-contractual and contractual measures) as well as processing for marketing purposes your consent, Art. 6 (1) lit. a) GDPR, as well as legitimate interests, Art. 6 (1) lit. f), if necessary in conjunction with recital 47 GDPR (Marketing Purposes). The details can be found in the online form.
5.1.4. Prospect portal (login area):
As part of the lending, we accept your request for financing in the login area and support you through our subsidiary company, McMakler Finanz GmbH, Torstr. 19, 10119 Berlin, in the real estate financing/credit mediation. This information is required, which meet your individual criteria. These can be:
Identity and contact information
Information and documents on personal assets / creditworthiness
Details of the financing object
Information and documents for financing and settlement
These data are processed for the offered agency/brokerage services as well as the further communication with you. Legal basis is Art. 6 (1) lit. b) GDPR (pre-contractual and contractual measures) as well as for processing for marketing purposes your consent, 6 (1) lit. a) and, if applicable, Art. 6 (1) lit. f) in conjunction with recital 47 GDPR (Marketing Purposes). In addition, you have the possibility to manage your personal appointments and applications in your personal area. You can view your personal data in your member area at any time.
5.1.5. Form: "finance property/real estate":
With this form we accept your request for financing and support you through our subsidiary company, McMakler Finanz GmbH, Torstr. 19, 10119 Berlin, in the real estate financing/credit mediation. If necessary, information about the financing project issued by telephone and/or by e-mail is added. The processing is based on your consent in accordance with. Art. 6 (1) lit. a) or due to legitimate interests Art. 6 (1) lit. f), if necessary in conjunction with recital 47 GDPR (marketing purposes) as well as for purposes of pre-contractual measures, which are carried out at the request of the data subject, Art. 6 (1) lit. b) GDPR or for the execution of the contract. To ensure a financial/credit mediation and service that meets your individual criteria, the provision of personal data is required. These are details of your contact and personal data as well as specific details of the financing project/object and your creditwothiness. These data are processed for the offered agency/brokerage services as well as the further communication with you. The details can be found in the form.
5.2. Data collected by other sources
If you visit our website, third-party data may also be collected and processed. Processing is for the purpose of operating and optimizing our website, for marketing purposes, and for the purpose of providing and performing our agency/brokerage services (see 5.2.1 and below). In addition, our online forms and marketing tools will also be linked to affiliate sites, see 5.1, for accessing our website and/or using our services.
5.2.1. Web analytics services
The tracking measures listed below are used by us in accordance with Art. 6 (1) lit. f) GDPR for the protection of our legitimate interests and in individual cases on the basis of your consent, Art. 6 (1) lit. a). Basically, we want to optimize our website continuously and record and evaluate the data statistically. In general, we use these services according to type, scope and technical-organizational requirements without the requirement of an explicit consent ("opt-in") on your part. We reserve the right to make any adjustments and/or changes with regard to the current legal situation. Many of these services are active on partner and/or other third party sites, so there is a high likelihood that your browser already knows about these services and will execute cookies.
22.214.171.124. Google Analytics
This website uses Google Analytics, a web analytics service provided by Google Inc. (1600 Amphitheater Parkway, Mountain View, CA 94043, USA, hereafter "Google"). Google Analytics uses so-called "cookies", text files that are stored on your device and allow an analysis of the use of the website. If you allow these cookies, they will be stored in your browser for 2 years since your last visit to the site by Google, which will allow you to be recognized on your next visit. How to prevent the substitution of cookies and/or cookies by third parties, see point 4. "Cookies".
The information generated by the cookie such as:
- Browser type / version,
- Operating system used,
- Referrer URL (the previously visited page),
- Host name of the accessing computer (anonymized IP address),
- Time of the server request
126.96.36.199. Google Tag Manager
We use Google Tag Manager. Through this service of Google Inc. (see 188.8.131.52.) website tags can be managed via a user interface. The Google Tag Manager only implements tags. This means: no cookies are used and no personal data is collected. Google Tag Manager triggers other tags, which in turn may capture data. However, Google Tag Manager does not access this data. If deactivated at the domain or cookie level, it will remain in effect for all tracking tags as far as they are implemented with the Google Tag Manager.
184.108.40.206. Google Optimize
Our website also uses Google Optimize. Google Optimize analyzes the use of different variations of our website and helps us to improve the usability according to the behavior of our users on the website. Google Optimize is a tool built into Google Analytics, see 220.127.116.11.
This website uses Fullstory, of Fullstory Inc. (hereinafter "Fullstory"), 818 Marietta Street, Atlanta, GA 30318, USA. Fullstory processes information about the user behavior of the visit to our website. This is done for the purpose of analyzing user experience and improving the website experience of our visitors. Fullstory stores and collects this information in an anonymous form using cookies. How to prevent the setting of cookies, see point 4. "Cookies". You can deactivate the cookie tracking of Fullstory at any time, here you go to the opt-out: https://www.fullstory.com/optout. For more information on privacy at Fullstory, see: www.fullstory.com. Fullstory guarantees compliance with European privacy standards through certification under the EU-US Privacy Shield.
18.104.22.168. New Relic
22.214.171.124. Adobe Analytics
This page uses the capabilities of Adobe Analytics ("Adobe") of Adobe Systems Software Ireland Limited, 4-6 Riverwalk, Citywest Business Campus, Dublin 24, Republic of Ireland. This analysis tool enables us to optimize our services and to analyze the preferences of our site visitors. For example, to facilitate navigation on our site and to improve usability. In particular, Adobe uses the cookie "demdex". Your IP address will not be saved during the evaluation and will only be processed by us in anonymous form. In addition, pseudonymized information may be processed for marketing purposes. The generated information is transmitted to and stored by an Adobe server in the European Union. We have no control over the processing of the data by Adobe - Adobe also guarantees compliance with European data protection regulations through certification under the EU-US Privacy Shield. For how to refuse to accept cookies, see 4. "Cookies". For more information about privacy at Adobe and your opt-out opportunity, visit https://www.adobe.com/privacy/opt-out.html.
5.2.2. Marketing Services
For marketing purposes, ie for the purpose of advertising, providing and optimizing our agency services and websites, we use the following marketing services. The processing of data by using various marketing services is thus based on our legitimate interest in accordance with Art. 6 (1) lit. f) GDPR and in individual cases on the basis of your consent, Art. 6 (1) lit. a) GDPR. In general, we use these services according to type, scope and technical-organizational requirements without the requirement of explicit consent on your part. We reserve the right to make any adjustments and / or changes with regard to the current legal situation. Many of these services are active on partner and / or other third party sites, so there is a high likelihood that your browser already knows about these services and will execute cookies.
126.96.36.199. Google Ads Services (formerly Google Adwords)
We also use the Google Ads Remarketing feature of the Google Ads service, which allows us to present interest-based advertising on other pages within the Google Network to users of our website. For this purpose, interactions with our website are analyzed and a cookie is set by Google, which records the visits within the Google Display Network. This information identifies a particular web browser on a particular device, not the person. You can prevent the setting of cookies as described above. Google also provides a special browser plug-in: https://support.google.com/ads/answer/7395996. You can also opt-out of personalized ad serving through Google's Ads Ads Settings or via the Network Advertising Initiative opt-out page at: http://optout.networkadvertising.org/?c=1.
188.8.131.52. Display & Video 360 by Google (formerly DoubleClick Bid Manager by Google)
184.108.40.206. Awin (formerly affilinet)
220.127.116.11. Microsoft Bing Ads
This website uses Microsoft Corporation conversion tracking ("Microsoft", One Microsoft Way, Redmond, WA 98052-6399, USA). Microsoft Bing Ads uses a cookie for this purpose when you visit our website via a Microsoft Bing ad. This way, we can see that our ad has been clicked and you have been redirected to our website and have previously reached a specific landing page ("conversion page"). We receive statistical evaluations about the users who clicked on a Bing ad and were redirected to the conversion page. Your identity will not be revealed. The storage period is a maximum of 60 days. You can prevent the setting of cookies, see point 4 "Cookies". You can opt-out from Microsoft via the following link, the opportunity to explain your opposition and prevent the setting of cookies: https://account.microsoft.com/privacy/ad-settings/signedout?ru=https:%2F%2Faccount.microsoft.com%2Fprivacy%2Fad-settings. For more information about Microsoft cookies and Bing Ads, visit the Microsoft Website at https://privacy.microsoft.com/en-us/privacystatement.
18.104.22.168. Yahoo Gemini
This website uses the realTargeting technology of adality GmbH, Neumarkter Str. 22, 81673 Munich ("adality") for the optimization of initiation chains. When using our website, a cookie is set on your device by adality. The IP address or Mac address of your computer transmitted for technical reasons will be removed by deletion prior to forwarding the aforementioned information to adality, so that adality can not identify you. Adality uses Amazon Web Services Inc. as the processor to store the cookie ID. This may result in the above data being transmitted to a country that does not meet the same data protection standards as the European Union. In this case, adality ensures that the service providers guarantee by contract or otherwise an equivalent level of data protection. The adality cookie is automatically deleted after one year. You can object to the processing of your access data for the purpose of individualized online advertising at any time by clicking on this link. Further information on privacy at adality can be found at https://adality.de/datenschutz-auf-der-website.
22.214.171.124. Casale Media
5.2.3. Social Networks / Social Media Plugins
We may use social networks on our website, as far as these are activated at the time oft he visit of our website. Which company processes data in this context can be seen here. The data processing is based on Art. 6 para. 1 lit. f) GDPR on our legitimate interest.
Our website contains plugins/services from Facebook, 1601 South California Ave., Palo Alto, CA 94304, USA. The respective plugin is recognizable by the Facebook logo or the "like me" button. As soon as you visit our website, the Facebook plug-in establishes a direct connection between your Internet browser and the Facebook servers. In this way, Facebook is informed that your website has been visited with your IP address. In the event that you should be logged in to Facebook, you can use the "Like" button, the corresponding content that is located on our website, link in your profile on Facebook. Facebook is then able to assign your visit to our website to your Facebook account. We, as the provider of our website, are not informed by Facebook about the content of the transmitted data or the data usage. Here you can get further information. In the event that you should be a member of Facebook, but do not want Facebook through our website receives data about you and connects with your membership data, you must log out of Facebook before you visit our website.
You can find LinkedIn or LinkedIn Corporation plugins/services on our website at 2029 Stierlin Court, Mountain View, CA 94043, United States of America (hereafter "LinkedIn"). You can recognize the plugins of LinkedIn by the corresponding logo or the "Recommend" button. Please note that when you visit our website, the plugin establishes a connection between your respective internet browser and LinkedIn's server. LinkedIn is informed that our website has been visited with your IP address. If you click LinkedIn's "Recommend" button while logged in to your LinkedIn account, you have the option to link content from our website to your LinkedIn profile page. In doing so, you enable LinkedIn to associate your visit to our website with you or your user account. You must understand that we have no knowledge of the content of the submitted data and its use by LinkedIn. For more details on how to collect the data and your legal options, as well as recruitment options, please visit LinkedIn. These are provided here.
Our Website includes features of Twitter Inc., 795 Folsom Street, Suite 600, San Francisco, CA 94107, USA. If you use Twitter and in particular the "Re-Tweet" function, Twitter will link your Twitter account to the websites you frequently visit. This will be announced to other users on Twitter, especially your followers. In this way also a data transfer takes place to Twitter. We, as the provider of our website, are not informed by Twitter about the content of the transmitted data or the data usage. Here you can get further information. Please note, however, that you have the option to change your privacy settings on Twitter in your local account settings.
We use Ambassador for the realization of a partner program as part of our tipster portal (mcmakler.getambassador.com). Ambassador is a referral marketing software of Zferral, Inc. dba Ambassador Software, 301 West 4th Street, STE 301, Royal Oak, MI 48067, USA. For this purpose, we will hand over the contact data of the affiliate program registration to the software for the further management of the partnership. The legal basis for this data processing here is your consent under Art. 6 (1) lit. a) GDPR and our legitimate interest in implementing the partner program pursuant to Art. 6 (1) lit. f) GDPR. Further information about Ambassador's data processing and data protection can be found at https://www.getambassador.com/privacy.
5.2.5. Rating on Trustpilot
On our website we offer you the opportunity to rate our services via the Trustpilot portal of Trustpilot A / S, Pilestræde 58, 5, 1112 Copenhagen, Denmark. The purpose is to improve and feedback McMakler Group performance. After the conclusion of a contract, you will receive an e-mail from us on https://www.trustpilot.de, where you can rate our services. This requires the processing of your e-mail address as well as your first name and surname. These reviews are potentially accessible to third parties through our website and partner sites. Further information on data protection at Trustpilot can be found at https://de.legal.trustpilot.com/end-user-privacy-terms.
5.2.6. Rating on Ausgezeichnet.org
On our website we offer the opportunity to rate our services via the portal ausgezeichnet.org of AUBII GmbH, Alsterufer 34, 20354 Hamburg, Germany. The purpose is to improve and feedback McMakler Group performance. After conclusion of a contract, you will receive an e-mail for review at https://www.ausgezeichnet.org where you can rate our services. This requires the processing of your e-mail address as well as your first name and surname. These reviews are potentially accessible to third parties through our website and partner sites. For more information on privacy at ausgezeichnet.org, see https://www.ausgezeichnet.org/datenschutz/.
6. Marketing E-Mails / Newsletter
If you have given us consent to communicate by e-mail as part of our service or there is a legitimate interest, we will send you relevant e-mails around the topic real estate/property. We have collected the data that we process in this process from previous services you have requested from us. After obtaining consent, the sending of marketing e-mails in accordance with Art. 6 (1) lit. a) GDPR is generally lawful. If you are already an existing customer with us, the sending of marketing e-mails is permitted according to § 7 III UWG. If you still do not want to receive these marketing e-mails, please send us a written declaration of revocation to firstname.lastname@example.org. You can also unsubscribe from the marketing e-mails at any time by following the unsubscribe link in the relevant marketing e-mail. For e-mail marketing, we use the marketing cloud services. We have entered into a processing contract with the service provider, which includes standard contract clauses and binding corporate rules. Our cloud service is certified under the EU-US Privacy Shield and guarantees compliance with European privacy requirements.
7. E-Mail Contact
You have the opportunity to contact us via the following e-mail addresses:
In this case, we process and store the personal data transmitted by e-mail. This will basically be your e-mail address and all other information provided by you. Such data processing is required for the conversation and to provide you with our services. The data processing is based on our legitimate interest within the meaning of Art. 6 (1) lit. f) GDPR and is therefore lawful, as far as you are not unduly limited in your rights. If the contact serves the conclusion of a contract, the processing according to Art. 6 (1) lit. b) GDPR is lawfully. If you provide unsolicited further data, the processing is based on your consent within the meaning of Art. 6 (1) a) GDPR. We will delete this data as soon as the conversation ends and there is no purpose for storage/no legal and/or legitimate retention period. The conversation ends when it can be inferred from the circumstances that the affected process has finally been clarified.
8. Disclosure of your data by us
We disclose personal information in order to comply with legal obligations, to investigate complaints about offers or content that infringe the rights of third parties and to protect the rights, property or security of third parties. Disclosure of this information is strictly in accordance with applicable laws/privacy laws. In particular, we may disclose your personal information to law enforcement or regulatory agencies or authorized third parties for any obligation or authority in connection with any investigation or suspicion of a criminal offense, unlawful act or other matter that may arise for us, you or anyone give a third party a justification for disclosure. In such cases, we will disclose the necessary data such as name, location, postal code, telephone number, e-mail address, previous usernames, IP address, fraudulent complaints and other information as far as this is permitted.
9. Rights of the data subject
The applicable data protection law grants you as the data subject to the controller (McMakler) with regard to the processing of your personal data comprehensive data subject rights (information and intervention rights), about which we inform you below:
9.1. Right to confirmation
The data subject has the right to ask the controller for a confirmation as to whether personal data concerning them are being processed.
9.2. Right to information
If personal data of the data subject are processed, you have the right to information about this personal data and to the following information:
a. the processing purposes;
b. the categories of personal data being processed;
c. the recipients or categories of recipients to whom the personal data have been disclosed or are still being disclosed, in particular to recipients in third countries or to international organizations;
d. if possible, the planned duration for which the personal data are stored or, if this is not possible, the criteria for determining that duration;
e. the existence of a right to rectification or erasure of the personal data relating to him or to a restriction of processing by the controller or a right to object to such processing;
f. the existence of a right of appeal to a supervisory authority;
g. if the personal data are not collected from the data subject, all available information on the source of the data;
h. the existence of automated decision-making, including profiling, as referred to in Article 22 (1) and (4) and, at least in these cases, meaningful information about the logic involved and the scope and intended impact of such processing on the data subject.
9.3. Right to correction and completion
The data subject has the right to demand from the controller without delay the correction of incorrect personal data concerning him. Taking into account the purposes of the processing, the data subject has the right to request the completion of incomplete personal data, including by means of a supplementary statement.
9.4. Right to be forgotten
The data subject has the right to require the controller to delete personal data concerning him or her without delay, and the controller is obliged to delete personal data immediately, if one of the following reasons applies:
a. the personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
b. the controller revokes the consent on which the processing referred to in Article 6 (1) lit. a) or 9 (2) lit. a) was based and lacks any other legal basis for the processing.
c. the data subject objects to the processing in accordance with Article 21 (1) and there are no legitimate grounds for processing, or the data subject objects to the processing in accordance with Article 21 (2) lit. d).
e. the personal data were processed unlawfully.
f. the deletion of personal data is necessary to fulfill a legal obligation under Union law or the law of the Member States to which the controller is subject.
g. the personal data were collected in relation to information society services offered in accordance with Article 8 (1).
However, the above does not apply if the processing is for legal purposes (see 8.). A deletion is also excluded if there are statutory storage requirements or overwhelming interests of the controller for the storage.
9.5. Right to restriction of processing
The data subject has the right to require the controller to restrict the processing if one of the following conditions is met:
a. the accuracy of the personal data is disputed by the data subject for a period of time allowing the controller to verify the accuracy of the personal data;
b. the processing is unlawful and the data subject refuses to delete the personal data and instead requests the restriction of the use of the personal data;
c. the controller no longer needs the personal data for processing purposes, but the data subject requires them to assert, exercise or defend legal claims; or
d. the person concerned has lodged an objection to the processing referred to in Article 21 (1) pending determination of whether the legitimate grounds of the controller prevail over those of the data subject.
Therefore, if the processing has been restricted, these personal data may only be stored with the consent of the data subject or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person or for important public interest of the Union or a Member State.
An affected person who has restricted processing will be notified by the controller before the restriction is lifted.
9.6. Right to data transferability
The data subject has the right to receive in a structured, common and machine - readable format the personal data relating to him / her that are made available to a responsible person, and has the right to transfer that data to another person without hindrance by the person responsible for the data personal data provided, provided that:
a. the processing is based on a consent in accordance with Article 6 (1) lit. a) or Article 9 (2) lit. a) or on a contract pursuant to Article 6 (1) lit. b); and
b. the processing is done by automated methods.
In exercising their right to data portability, the data subject has the right to obtain that the personal data are transmitted directly from one controller to another responsible party where technically feasible.
9.7. Right to objection
The data subject has the right at any time, for reasons arising from his / her special situation, against the processing of personal data relating to him or her, which pursuant to Art. 6 (1) lit. e) and f), to object; this also applies to profiling based on these provisions. The controller no longer processes the personal data unless he can demonstrate compelling legitimate grounds for processing that outweigh the interests, rights and freedoms of the data subject, or the processing is for the purpose of enforcing, pursuing or defending legal claims.
9.8. Right to revoke the consent granted
The data subject has the right to revoke their consent at any time with future effect. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent until the revocation. The data subject will be informed before the consent is given. You can send a revocation at any time textually to us (e-mail is sufficient) under email@example.com. Please understand that in the case of a revocation it may take up to 4 weeks before the revocation has been processed. In the meantime, there may be overlaps in the way of handling your request with marketing measures.
9.9. Right to appeal
Without prejudice to any other administrative or judicial remedy, any data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of the habitual residence, place of work or place of alleged infringement, if the data subject considers that the processing concerns them personal data breaches this Regulation.
10. Additional data protection advice for those affected
10.1. Joint controller (partners and cooperations)
According to Art. 26 (2) GDPR we inform you about the processing of personal data in joint controllership with cooperation partners. The purpose of this processing is the acquisition of new customers through advertising media of various online formats and cooperations (eg through online forms, affiliates etc.). The parties have jointly determined the order of processing of this data in the individual process sections and concluded a data protection agreement in joint controllership. In this connection, it is agreed between the parties which of the parties fulfills which obligations under the GDPR. This concerns, in particular, the exercise of the rights of data subjects and the fulfillment of the information obligations in accordance with Articles 13 and 14 GDPR. You can exercise your rights under the GDPR directly against both parties. In particular, both parties shall provide the information required under Articles 13 and 14 GDPR in a clear, transparent, understandable and easily accessible form, in a clear and simple language, free of charge. In individual cases, the parties inform each other immediately about legal positions asserted by the parties concerned. They provide each other with all the information necessary to respond to requests for information, as far as this is necessary. Our services are identified accordingly on third parties. In general, no personal data is processed by McMakler through banner advertising on third-party websites, regardless of the fact that you access our website via corresponding advertising material. A shared responsibility for the processing of personal data may also exist within the McMakler Group and in cooperation with partner companies. A shared responsibility, Art. 26 GDPR, may also exist as part of the processing of credit bureaus and in cooperation with web analysis, marketing and social media services (see 5.2.1 to 5.2.3.). If this is the case, appropriate data protection agreements have been concluded with the respective company. Your contact for services communicated through us is McMakler GmbH, Torstraße 19, 10119 Berlin. The current data protection regulations apply in their current version.
10.2. Additional information for customers and interested parties
10.2.1 Purposes and legal bases of the processing
10.2.2. Categories of recipients of personal data
Within the scope of the purposes and legal bases specified in 10.2.1. and this policy, recipients of personal data will receive them for the following purposes:
Processing of payment transactions, brokerage and services
Law firms and courts
Enforcement and defense of claims as well as consulting services, legal cases
Owner of real estate
Contracting and execution of the brokerage, purchase and service
Prospective buyers and buyers of real estate
Contracting and execution of the brokerage, purchase and service
External auditors/consultants (auditors, tax consultants, data protection officers, etc.)
Initiation and implementation of legal and / or authorized testing and consulting services
Authorities and other government agencies
Legal information, notification, cooperation obligations (eg money laundering prevention)
Business and cooperation partners
Realization of agreements for the purposes of real estate brokerage, real estate credit mediation/brokerage, partner programs, affiliates, tipsters
Credit check, check for credit risks
Information parties/Credit reporting
Credit check, checking for credit risk
IT service providers
Specialized IT and audit services, operation and provision of software and services
Processors (Art. 28 GDPR)
Operation and provision of SaaS and specialized services, software maintenance
Internal areas and employees of McMakler GmbH
Efficient control of business processes and tasks
Companies and employees of the McMakler Group
Efficient control of business processes and tasks, group-internal administrative purposes, initiation and execution of specialized services and agreements (eg real estate credit mediation)
10.3. Additional information for job applicants
10.3.1. Which personal data we process
If you provide us with personal data as part of the application process, these are classified for collection, processing and / or use in the following types of data and data categories:
- Personal data (first and last name, date of birth, address, graduation)
- Communication data (telephone number, mobile phone number, fax number, e-mail address)
- Information from third parties, see 10.3.2.
- Data on assessment and evaluation in the application process
- Data on education (school, vocational training, civil / military service, study, doctorate)
- Data on the current professional background, training and employment certificates
- Information on other qualifications (eg language skills, computer skills, etc.)
- Application photo
- Information on salary requirements
- Applicant history (storage limited, Art. 5 (1) e) GDPR)
10.3.2. From what sources does personal data come from if we do not collect it from you?
Incidentally, we may process your publicly available job-related information, such as a profile in professional social media networks. If we do not collect the data directly from you and you have an active profile on StepStone, Xing or LinkedIn, or if you disclose an inactive or partially active profile to us during the application process, we may also collect personal information about it.
10.3.3. For what purposes and on what legal basis do we process personal data?
We process personal information about you for the purpose of your application for employment, to the extent that this is necessary for the decision to establish employment with us. The legal basis is Art. 6 (1) lit. b) GDPR in conjunction with § 26 Bundesdatenschutzgesetz (BDSG). Furthermore, we may process personal data about you, as far as this is required to defend against asserted legal claims from the application process against us. The legal basis is Art. 6 (1) lit. f) GDPR, the legitimate interest is, for example, a burden of proof in proceedings under the „Allgemeines Gleichbehandlungsgesetz (AGG)“ (D) respectively „Gleichbehandlungsgesetz (GIBG)“ (AT). For these purposes, the applicant data is kept for 6 months, see no. 9.
If there is an employment relationship between you and us, we may further process the personal data already received by you for employment purposes, if this is necessary for the execution or termination of the employment relationship or for performance or fulfillment of required by law or a collective agreement, an operating or service agreement (collective agreement) and duties of employee representation.
Your personal data will only be processed by persons involved in the application process. All data controllers are required to protect the confidentiality of your information. A transfer of the data to third parties only takes place, as far as you have given your consent or we are obliged by law and / or official or judicial orders to a data transfer.
10.3.4. Categories of recipients
We may transfer your personal data to companies affiliated with us (internal administrative purposes in accordance with recital 48 GDPR), insofar as this is possible within the framework of the provisions of Art. 6 and legal bases. Otherwise, personal data are processed on our behalf on the basis of contracts pursuant to Art. 26, 28 GDPR, in particular by host providers or providers of applicant management systems. Further transfers take place only on the basis of legal obligations (eg social security, tax authorities etc.).
10.3.5. Transfer of personal data to a third country
If a personal data transfer to a third country or an international organization takes place by McMakler and/or a processor, McMakler will verify to the processor/partner, in particular, the existence of an adequacy decision pursuant to Art. 45 (3) GDPR or the existence of appropriate guarantees by type 46 GDPR. Otherwise, a transfer will only take place if one of the prerequisites according to Art. 49 (1) lit. a) to g) is present.
10.3.6. How long will your data be stored?
We store your personal information as long as this is necessary to decide on your application. In addition, if employment between you and us does not materialize, we may continue to retain the information as necessary to defend against possible legal claims. The application documents will be deleted no later than six to nine months after notification of the rejection decision, unless a longer storage due to litigation is required.
10.3.7. Necessity of providing personal data
The provision of personal information is not required by law or contract, nor are you required to provide the personal information. However, the provision of personal information is required to enter into a contract of employment with us. This means that unless you provide us with personal data when applying, we can not enter into any employment relationship with you.
10.3.8. Automated decision making
There is no automated decision making on a case-by-case basis or no "profiling" within the meaning of Art. 22 DSGVO, ie the decision on your application is not based solely on automated processing.