Disclaimer: This text is for informational purposes only. Legally binding is the German text: https://www.on-geo.de/datenschutz.

Principles

Your trust is important to us. on-geo GmbH takes the protection of your personal data very seriously and complies with the rules of data protection. Personal data are collected, processed or used only if the data subject has given consent, if this is required for the performance of a contract or for pre-contractual measures, or if a law permits or requires the collection, processing or use.

Data processing on the websites

Personal data are collected only to the extent that is technically necessary. Under no circumstances are the data collected passed on to third parties without a valid legal basis. The following information gives you an overview of how on-geo GmbH ensures this protection and which types of data are collected, processed or used on the websites and for which purposes.

Logging

When you visit our websites, on-geo GmbH automatically stores certain information that is usually transmitted by the browser in its server log files. on-geo GmbH is not able to assign these data to specific individuals. These data are not combined with data from other sources.

Cookies

Our websites use so-called cookies in some areas. These cookies do not cause any damage to your computer and do not contain viruses. Cookies help to make our offering more user-friendly, more effective and more secure. Cookies are small text files that are stored on your computer and saved by your browser. The cookies we use are so-called “session cookies”. They are automatically deleted after you finish your visit. You can configure your browser so that you are informed when cookies are set, only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general, and activate the automatic deletion of cookies when closing the browser. As a user, you can also continue to deactivate tracking as a default function. To do so, use the “Do Not Track” feature of your web browser. If cookie and tracking functions are disabled, the functionality of this website or of functions of our other services may be restricted.

Optional cookies

When you visit our site, you are asked to make a selection regarding cookies. In addition to the necessary session cookies, you can optionally choose cookies for website analysis using Matomo.

Change cookie settings

Cookie consent management platform

We use consent management platform (CMP) software on our website, which makes the correct and secure handling of scripts and cookies easier for both you and us. The software automatically generates a cookie pop-up, scans and monitors all scripts and cookies, provides you with the cookie consent required under privacy policy and data protection law, and helps both you and us to keep track of all cookies. With most cookie consent management tools, all existing cookies are identified and categorised. As a website visitor, you then decide yourself whether and which scripts and cookies you wish to allow or not allow.

Company that processes the data

CookieYes Limited

3 Warren Yard, Wolverton Mill, Milton Keynes, England, MK125NW, United Kingdom

Legal basis

• Article 6(1)(c) sentence 1 GDPR (legal obligation)

Deleting data or preventing data storage

You have the right to access your personal data at any time and to delete them.

• Cookie notice script You can, for example, prevent data from being collected and stored by refusing the use of cookies via the cookie notice script.

• Browser settings If you wish to deactivate, delete or manage cookies in general (independently of Google Analytics), there are specific instructions for each browser.

Privacy policy & further links

Privacy policy https://www.cookieyes.com/privacy-policy/

Information on CookieYes: https://www.cookieyes.com

Website analysis

To continuously improve our online presence, we use the analysis software Matomo Analytics (formerly PIWIK) on our pages. It is provided by InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand. Matomo is open-source software that enables us to collect and evaluate anonymous usage data on the website. Based on the data obtained, we can constantly improve our online services and make them more interesting for you as a user.

The legal basis for the use of Matomo is your consent to the cookie (Art. 6 para. 1 lit. a GDPR).

If you have consented to the use of the Matomo cookie, the following data will be processed on our website.

1. Anonymous IP address
2. Your anonymous location based on your anonymised IP address
3. The browser you use, including any browser extensions (plugins)
4. Date and time of access, as well as the URL of the page accessed
5. The screen resolution you use
6. The subpages that are accessed from the page visited
7. The time spent on the website
8. The duration of the page load

Your IP address is an anonymous identifier for us; we have no technical means of identifying you as a logged-in user. You remain anonymous to us as a user.

Matomo Analytics runs exclusively on the servers of our own website. The data is deleted as soon as it is no longer required for our recording purposes. The generated statistics and underlying data remain.

You may object to the recording of your data via Matomo Analytics at any time. In this case, a temporary session cookie will be placed in your browser, prompting Matomo not to collect any data for storage or analysis. When you close your browser, the cookie is deleted, thereby lifting your objection to data storage and analysis. You can renew this objection at any time during future visits to our website.

You may choose to prevent this website from aggregating and analyzing the actions you take here. Doing so will protect your privacy, but will also prevent the owner from learning from your actions and creating a better experience for you and other users. You are not opted out. Uncheck this box to opt-out.

Collection, processing and use of personal data

In order to send you the publications or newsletters offered on the website and ordered by you, we request your contact details via a form. These data are stored and used exclusively for carrying out the dispatch. By entering your contact details in the form, you give us your consent to store the data and to use them for sending the requested information. The personal data you provide for receiving the newsletter will be stored until you cancel the subscription.

If you use an on-geo contact form, we use your contact details exclusively for the purpose of getting in touch in order to respond to your enquiry appropriately. In line with the principle of data minimisation, only as much personal data as is absolutely necessary to answer the enquiry is collected in the contact form.

The data transmitted in the context of a provisional or existing contractual relationship or for registration, as well as the data of a transaction carried out via the on-geo systems (user data, address data, contact data, contract data and contract contents as well as the following transaction data: product, amount, currency, time and transaction number and, for location-based services, the GPS data) are collected and processed by on-geo GmbH for proper handling. In these cases, the information is transmitted in encrypted form to prevent misuse of the data by third parties.

Application procedure

You can find our privacy policy for applications here.

Sending promotional emails to prospects (non-customers)

Provided your voluntary consent has been given, on-geo GmbH uses your personal data for marketing purposes, e.g. to introduce new products to you. You have the right to object at any time to the use of your personal data for marketing purposes. If your email provider supports the automatic use of Transport Layer Security (TLS), email communication will be encrypted.

For what purposes do we process your data and on what legal basis?

We process personal data in accordance with the provisions of the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).

a) for the performance of contractual obligations (Art. 6 para. 1 b GDPR) Data is processed for the provision of services within the framework of executing our contracts or for carrying out pre-contractual measures taken at your request.

b) within the scope of commissioned processing (Art. 28 GDPR) The collection and processing of data within commissioned processing is based on a contract or another legal instrument between the controller and on-geo GmbH. It sets out the subject matter, purpose, type and duration of the processing, the nature of the personal data, the categories of data subjects, and the rights and obligations of all parties.

c) based on your consent (Art. 6 para. 1 a GDPR) If you have given us consent to process personal data for specific purposes (e.g. for marketing purposes, photographs at events, newsletter distribution), the lawfulness of this processing is based on your consent. Consent granted can be withdrawn at any time. This also applies to declarations of consent given to us before the GDPR came into effect on 25 May 2018. Withdrawal applies only to future processing and does not affect the lawfulness of data processed before the withdrawal.

d) due to legal requirements (Art. 6 para. 1 c GDPR) or in the public interest (Art. 6 para. 1 e GDPR) As a company, we are also subject to various obligations and legal requirements (e.g. taxes and insurance). Purposes of processing include identity verification, fraud prevention, and the assessment and management of risks within our company.

e) within the framework of legitimate interests (Art. 6 para. 1 f GDPR) Where necessary, we process your data to protect our legitimate interests or those of third parties. Examples:

• Assertion of legal claims and defence in legal disputes,
• Ensuring IT security and IT operations,
• Prevention and investigation of criminal offences,
• Measures to ensure building and facility security (e.g. access controls),
• Measures to ensure property rights,
• Measures for business management and the further development of services and products,
• Risk management within the company.

f) within the context of application procedures and employment relationships processing is carried out for the purpose of the application procedure and within the employment relationship (§ 26 BDSG-new).

To what extent is there automated decision-making?

For establishing and carrying out the business relationship or a contractual or legal relationship, we generally do not use fully automated decision-making as defined in Article 22 GDPR. Should we use such procedures in individual cases, we will inform you about this and about your corresponding rights.

Am I obliged to provide data?

Within the context of our business relationship or a contractual or legal relationship, you must provide the personal data required to establish, carry out and terminate the relationship and to fulfil the associated contractual obligations, or those we are legally or contractually obliged to collect. Without this data, we will generally not be able to enter into, perform or conclude a contract with you.

In particular, it may be necessary before establishing the business relationship or contractual or legal relationships to identify you using appropriate methods, to obtain and record proof of expertise and qualifications, and to request information on prior convictions for specific business areas. If you use an on-geo contact form, we require your contact details for the purpose of getting in touch in order to respond to your enquiry appropriately.

Security

on-geo GmbH implements appropriate technical and organisational security measures to protect the data you provide to on-geo GmbH against accidental or intentional manipulation, loss, destruction or access by unauthorised persons. Our security measures are continuously improved in line with technological developments.

To secure web communication, on-geo GmbH uses HTTPS encryption technology with TLS. Information transmitted in encrypted form over the internet cannot be read by unauthorised persons. During encryption, the characters you enter are converted into a code that can be safely transmitted online.

For electronic communication via email, we use the TLS encryption method, which is activated by default. If the receiving party also supports the automatic use of TLS, communication is automatically encrypted.

Robust authorisation concepts ensure that only persons authorised to access your personal data have access to it within our data processing systems.

Disclosure to third parties

Within on-geo GmbH, those departments that require your data to fulfil our contractual and legal obligations have access to it. Service providers and agents engaged by us may also receive data for these purposes, provided they comply with data protection regulations.

Regarding the transfer of data to recipients outside on-geo GmbH, it should first be noted that our company is obliged to maintain confidentiality about all personal data we become aware of (banking secrecy and data protection).

As a rule, we may only disclose information if required by law, if the data subject has given consent, if we are contractually authorised to disclose it, or if we are permitted to transfer personal data on the basis of a legitimate interest assessment.

Land register digitisation and document processing (Smartextract)

To extract land register data from PDF documents and data from other records and integrate them into the valuation process, we use Smartextract, a service provided by dida Datenschmiede GmbH, Hauptstraße 8, 10827 Berlin. For the processing of personal data via Smartextract, the separate commissioned data processing agreement concluded with us in accordance with Art. 28 GDPR applies.

After the completion of the processing services, all personal data is deleted unless there is a statutory obligation to retain the personal data. Further information on data protection at Smartextract can be found here (https://smartextract.ai/de/datenschutzerklarung).

Web host

Our website is operated on server systems of Hetzner Online GmbH, Industriestraße 25, 91710 Gunzenhausen. Hetzner’s data centres are located in data centre parks in Nuremberg and Falkenstein. In addition, Hetzner operates a data centre in Helsinki, Finland. Hetzner Online is certified according to DIN ISO/IEC 27001. The certificate verifies adequate security management, data security, confidentiality of information and availability of IT systems. As part of our cooperation, we do not pass on any personal data about your visit to our website directly to Hetzner. However, it may occur that Hetzner, for example during maintenance work, at least potentially gains access to personal data, or that your IP address is routed through the firewall when accessing this website and checked and logged for security reasons.

Appropriate data protection agreements (processing agreements pursuant to Art. 28 GDPR) with Hetzner ensure the protection of your personal data even in such cases.

Übermittlung in Drittstaaten

Eine Datenübermittlung an Stellen in Staaten außerhalb der Europäischen Union (sogenannte Drittstaaten) findet nur statt, soweit gesetzlich vorgeschrieben, Sie uns eine Einwilligung erteilt haben oder dies zur Ausführung Ihrer Aufträge erforderlich ist.

Google Maps

Optionally, at your request, we integrate the maps of the “Google Maps” service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, into our applications. The processed personal data include the addresses/coordinates to be displayed as well as the user’s IP address, which is, however, strictly required to use the “map display” service. on-geo does not transfer any data to Google in this case. Communication takes place directly between your web browser and Google. The data transferred for the map display may be processed in the USA. Privacy policy: https://www.google.com/policies/privacy.

If you do not connect the PC directly to the Internet but use a proxy in between, the public IP address of the proxy server may be used for communication with Google instead of your own IP address.

Google reCAPTCHA

To ensure adequate data security when transmitting forms, we use the reCAPTCHA service of Google Inc. in certain cases. This primarily serves to distinguish whether an entry is made by a natural person or is being misused through machine-based or automated processing. The service includes transmitting the IP address and, where applicable, further data required by Google for the reCAPTCHA service to Google. Google Inc.’s privacy policy applies in this context. Further information on the privacy policies of Google Inc. can be found at http://www.google.de/intl/de/privacy or https://www.google.com/intl/de/policies/privacy.

The legal basis for the data processing described is the explicit consent of the user (Art. 6(1)(a) GDPR). In addition, we have a legitimate interest in ensuring the security of our web services through this measure and in protecting ourselves against automated entries (attacks) (Art. 6(1)(f) GDPR).

How long will my data be stored?

We process and store your personal data for as long as is necessary to fulfill our contractual and legal obligations. If the data is no longer required to fulfil contractual or legal obligations, it is regularly deleted unless its temporary further processing is required for the following purposes:

• Compliance with commercial and tax retention obligations arising, for example, from the German Commercial Code (HGB) and the Fiscal Code (AO). The retention or documentation periods stipulated there generally range from two to ten years.
• Preservation of evidence within the scope of statutory limitation provisions. According to Sections 195 et seq. of the German Civil Code (BGB), these limitation periods can be up to 30 years, while the regular limitation period is 3 years.
• In compliance with the General Equal Treatment Act (AGG), data from the application process will be retained for a maximum of 6 months after a rejection and then deleted, destroyed, or returned.

The retention period for data processed by on-geo on behalf of the controllers within the scope of commissioned processing is determined by the controller.

Who is responsible for data processing and whom can I contact?

If a direct contractual or legal relationship exists between you and on-geo, on-geo GmbH is the responsible entity.

on-geo GmbH Parsevalstraße 2 99092 Erfurt Germany

Email: kontakt@on-geo.de Phone: + 49 (0)361 / 21 68 10

You can reach our data protection officer at

on-geo GmbH Parsevalstraße 2 99092 Erfurt Germany Mail: datenschutz@on-geo.de

If no direct contractual or legal relationship exists between you and us, and on-geo GmbH acts as a processor in accordance with Article 28 GDPR, our company collects, processes and uses the data on behalf of the respective client (for example, a financial institution). In this case, please contact your contractual partner directly.

What data protection rights do I have?

Every data subject has the right of access under Article 15 GDPR, the right to rectification under Article 16 GDPR, the right to erasure under Article 17 GDPR, the right to restriction of processing under Article 18 GDPR, the right to object under Article 21 GDPR, and the right to data portability under Article 20 GDPR. The restrictions under Sections 34 and 35 of the German Federal Data Protection Act (BDSG) apply to the right of access and the right to erasure. Furthermore, there is a right to lodge a complaint with a competent data protection supervisory authority (Article 77 GDPR in conjunction with Section 19 BDSG). The responsibility for safeguarding the rights of the data subject lies with the respective controller.

You may withdraw any consent you have given for the processing of personal data at any time, provided we are the controller. This also applies to consent declarations granted to us before the GDPR came into effect, i.e. before 25 May 2018. Please note that the withdrawal only takes effect for the future. Processing operations carried out before the withdrawal are not affected.

If no direct contractual or legal relationship exists between you and us, and on-geo GmbH acts as a processor under Article 28 GDPR, our company collects, processes and uses the data on behalf of the respective client (for example, a financial institution). In this case, please contact your contractual partner directly. You may assert your data subject rights with your contractual partner. We will support your contractual partner in safeguarding your rights

Further information

If you require information that this privacy policy cannot provide or if you would like further details on a specific point, please contact the data protection officer of on-geo GmbH.

Contact details of the on-geo data protection officer

Email: datenschutz@on-geo.de