Privacy Policy of WISTA Management GmbH

We are very pleased about your interest in our company. The management of WISTA Management GmbH attaches particular importance to data protection. In the following we will inform you about the collection of personal data when you use our website.

1. Definitions

This privacy policy is based on the terminology used by the General Data Protection Regulation (GDPR). Our privacy policy shall be easy to read and easy to understand for the public as well as for our customers and business partners. To ensure this we would like to explain the terms used in advance. We use the following terms, among others, in this privacy policy:

a) Personal data

'Personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

b) Data subject

'Data subject' means any identified or identifiable natural person whose personal data are processed by the controller.

c) Processing

‘Processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

d) Restriction of processing

Restriction of processing is the marking of stored personal data with the aim of limiting their future processing.

e) Profiling

‘Profiling’ means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

f) Pseudonymisation

‘Pseudonymisation’ means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

g) Controller and joint controller ship

‘Controller’ means the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

h) Processor

‘Processor’ means a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.

i) Recipient

‘Recipient’ means a natural or legal person, public authority, agency, or another body, to which the personal data are disclosed, whether a third party or not. 2However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.

j) Third party

'Third party’ means a natural or legal person, public authority, agency, or body other than the data subject, controller, processor, and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

k) Consent

‘Consent’ of the data subject means any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

2. Name and address of the controller

The controller responsible within the meaning of the General Data Protection Regulation, other data protection laws applicable in the member states of the European Union and other regulations regarding data protection is:

WISTA Management GmbH

Rudower Chaussee 17

12489 Berlin

Germany

+49 30 6392-2200

info(at)wista.de

www.wista.de

3. Name and address of the data protection officer

You can reach our data protection officer at the address stated above or at the following e-mail address:

datenschutz(at)wista.de

Every person concerned can contact our data protection officer directly at any time with all questions and suggestions regarding data protection.

4. Your rights

We will be pleased to provide you with information as to whether and which of your personal data are processed by us and for which purposes (Art. 15 GDPR). In addition, you are entitled to the right of correction (Art. 16 GDPR), the right to restrict processing (Art. 18 GDPR) and the right of data transferability (Art. 20 GDPR), subject to the respective legal requirements.

You also have the right to object to processing of your data (Art. 21 GDPR).

To exercise your rights, please contact us by e-mail at datenschutz(at)wista.de or by post at our address mentioned above. The exercise of your rights of course is free of charge.

Without prejudice to these rights and to the possibility of asserting any other administrative or judicial remedy, you may at any time exercise your right to appeal to a supervisory authority. In particular you can appeal to a supervisory authority in the Member State in which you are resident, in which you work or the place where the alleged infringement occurred, if you consider that the processing of personal data concerning you is in breach of data protection legislation (Art. 77 GDPR).

5. Purpose and legal basis of our data processing

The processing of personal data can be based on different legal bases. If we need your data to fulfil a contract with you or to answer your enquiries regarding a contract, the legal basis for this data processing is Art. 6 (1) (b) GDPR. If we obtain your consent for a specific processing, the legal basis is Art. 6 (1) (a) GDPR. We carry out some data processing based on our legitimate interests. The legal basis for this is Art. 6 (1) (f) GDPR. Insofar as the processing is necessary to fulfil a legal obligation to which we are subject, the legal basis is Art. 6 (1) (c) GDPR.

In the following, we explain how we process personal data relating our website.

5.1. Establishing contact

When you contact us by e-mail or through a contact form, the data you provide (your e-mail address, your name and telephone number if applicable) will be stored by us to answer your questions and process your requests. The legal basis in this respect is Art. 6 (1) (f) GDPR. As far as we ask for information through our contact form, that are not necessary for contacting you, we have always marked them as optional. This information serves us to concretise your inquiry and to improve the processing of your request. Any communication of this information is expressly on a voluntary basis and with your consent, Art. 6 (1) (a) GDPR. If you provide information on communication channels (e.g., e-mail address, telephone number), you also agree that we may contact you via this communication channel to answer your request. You can of course revoke this consent at any time in the future.

Your data, which we have received in the course of contacting you, will be deleted as soon as they are no longer required for the purposes of their collection, your request is fully processed, and no further communication is necessary or desired by you.

If you would like to send us feedback, you can send your feedback/comment directly to us by clicking the send button. As part of this feedback function, we collect, process, and store your name and e-mail address. We collect process and store this data only to the extent necessary to process your feedback. The legal basis for the collection and processing of your personal data is Art. 6 (1) (f) GDPR.

In addition, you can request offers for event rooms, tickets, or guided tours on our website. When you contact us regarding your request, the data you provide us with (your e-mail address and your name and, if applicable, your telephone number) will be processed by us via the request form to process your request and provide you with an offer, Art. 6 (1) (a), (b) GDPR.

As controller, WISTA Management GmbH has implemented numerous technical and organisational measures to ensure that the personal data processed through this website is protected as comprehensively as possible. Nevertheless, internet-based data transmissions can generally have security gaps. Absolute protection cannot be guaranteed; in any case, sending unencrypted e-mails is not secure. We therefore request that sensitive data is not send by means of unencrypted e-mail, but through either encrypted communication channels (e.g., our contact form) or the postal service.

5.2. Applications

The controller collects and processes the personal data of applicants for executing the application procedure. Applicants may also apply electronically. This is particularly the case if an applicant submits relevant application documents to the controller electronically, for example by e-mail. If the application concludes in an employment contract with an applicant, the data transferred is stored for executing the employment in accordance with legal requirements. If the application does not conclude in an employment contract with the applicant, the application documents are automatically deleted two months after notification, at the latest after a maximum of 6 months after the decision, provided that no other legitimate interests of the data controller conflict with a deletion or you have not expressly given your consent to a longer storage of your data. Our legitimate interests in this sense include, for example, a duty of proof in proceedings under the General Equal Treatment Act “Allgemeines Gleichbehandlungsgesetz” (AGG). Please note that unencrypted e-mails are not protected against illegal or undesired access. The legal basis is Art. 6 (1) (a), (b), and (f) GDPR as well as § 26 BDSG (Federal Data Protection Act).

5.3. Collection of general data while visiting our website

The website of WISTA Management GmbH collects a range of general data and information every time a data subject or automated system accesses the website. This general data and information is stored in the log files of the web server. The following can be recorded: (1) browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system accesses our website (so-called referrer), (4) the sub-websites that are accessed via an accessing system on our website, (5) the date and time of an access to the Internet site, (6) an Internet Protocol address (IP address), (7) the Internet service provider of the accessing system and (8) other similar data and information which serve to avert danger in the event of attacks on our information technology systems.

When using this general data and information, WISTA Management GmbH will not draw any conclusions about the data subject. Rather, this information is required in order (1) to deliver the contents of the website, (2) to optimize the contents of our website and the advertising for it, (3) to ensure the permanent operability of our information technology systems and the technology of our website and /4) to provide law enforcement authorities with the information necessary for criminal prosecution in the event of a cyber-attack. This anonymously collected data and information is therefore evaluated by WISTA Management GmbH both statistically and with the aim of increasing data protection and data security in our company, ultimately ensuring an optimum level of protection for the personal data processed by us. The anonymous data in the server log files are stored separately from all personal data provided by a data subject.

5.4. Registration

You have the possibility to register on our website www.adlershof.de and create a customer/user account. Necessary personal data are marked as mandatory fields in the respective registration form, further information is voluntary. The personal data you enter is collected and stored exclusively for internal use and for our own purposes.

We use the so-called double opt-in procedure for registration, which means that your registration is not complete until you have confirmed your registration by clicking on a link in a confirmation e-mail sent to you for this purpose. If you do not confirm this, your registration will be automatically deleted from our database. After successful registration, you will receive a personal, password-protected access and can view and manage the data you have stored. Registration is voluntary but may be a prerequisite for using certain of our services (newsletter dispatch).

The purpose of registration is to offer you content or services, which, due to the nature of the matter can only be offered to registered users. Registered persons are free to change the personal data provided during registration at any time or to have it deleted completely from the database.

The legal basis for this data processing is Art. 6 (1) (a), (b) GDPR.

5.5. Subscription of our newsletters

You are welcome to subscribe to various newsletters of our company.

The legal basis for sending the newsletter is your consent in accordance with Art. 6 (1) (a) GDPR in conjunction with § 7 (2) (III) UWG or the legal permission according to § 7 (3) UWG. The legal basis for the transmission of the Adlershof Journal is Art. 6 (1) (b) GDPR (subscription contract). Your e-mail address is the only compulsory information for sending the newsletter. Mandatory data for the postal transmission of the journal is also your name and address. The provision of further data is voluntary.

With our newsletter, WISTA Management GmbH informs its customers and business partners regularly about company offers. You can only receive our company's newsletter if (1) you have a valid e-mail address and (2) you have registered to receive the newsletter. For legal reasons, a confirmation e-mail will be sent to the e-mail address you have registered for the newsletter for the first time using the double opt-in procedure. This confirmation mail serves to check whether the owner of the e-mail address has authorized the receipt of the newsletter. After your confirmation we will save your e-mail address for the purpose of sending the newsletter and until revoked.

We also store your IP address current at the time of registration, the time of registration and the confirmation for up to three years after registration (limitation period). The purpose of this procedure is to be able to prove your registration in case of doubt and, if necessary, to clarify any misuse of your personal data. The legal basis for the logging of the registration is our legitimate interest in accordance with Art. 6 (1) (f) GDPR in proof of a previously given consent, see also Art. 7 (1) GDPR.

The personal data collected during registration for the newsletter is used exclusively for sending our newsletter. Furthermore, subscribers to the newsletter could be informed by e-mail about changes regarding our mailing activities, e.g., technical or content changes. The personal data collected within the scope of the newsletter service will not be passed on to third parties. You can revoke your consent to our newsletter at any time and unsubscribe from the newsletter. For the purpose of revoking your consent, you will find a corresponding link in every newsletter. Furthermore, it is also possible at any time to unsubscribe from the newsletter service directly on our website or to inform us of this in another way.

5.6. Cookies

The website of WISTA Management GmbH uses cookies. Cookies are text files that are stored on a computer system via an Internet browser.

Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier for the cookie. It consists of a string of characters that can be used to assign Internet pages and servers to the specific Internet browser in which the cookie was stored. This enables the Internet pages and servers visited to distinguish the individual browser of the person concerned from other Internet browsers that contain other cookies. A specific Internet browser can be recognized and identified by means of the unique cookie ID.

The use of cookies enables WISTA Management GmbH to provide users of this website with more user-friendly services.

By means of a cookie, the information and offers on our website can be optimized in the interests of the user. As already mentioned, cookies enable us to recognize the users of our website. The purpose of this recognition is to make it easier for users to use our website. For example, the user of a website that uses cookies does not have to enter his or her access data each time he or she visits the website, because this is done by the website and the cookie stored on the user's computer system.

You can prevent the setting of cookies by our website at any time by means of an appropriate setting in the Internet browser used, thereby permanently opposing the setting of cookies. Furthermore, you can delete cookies that have already been set at any time via an Internet browser or other software programs. This is possible in all common Internet browsers. If you deactivate the setting of cookies in the Internet browser used, it is possible that not all functions of our website are usable to their full extent.

5.7. Flockler

To display social media content on our website we use the service Flockler, Flockler Oy Rautatienkatu 26 B 32, 33100, Tampere Finland, which aggregates relevant social media channels and displays them on our website.

By interacting with the content, a connection to Flockler's servers is established. Furthermore, Flockler obtains your IP address. This also applies if you are not logged in with the respective social media provider or do not have an account with them. The websites you visit will be linked to your social media account and made known to other users.

In the process, data is also transferred to the social media provider. We would like to point out that we, as the provider of the sites, have no knowledge of the content of the transmitted data or its use by the social media provider. Further information can be found in the privacy policy of the respective provider.

The use of the Flockler Plugin is based on Art. 6 (1) (a) GDPR.

We have concluded a data processing agreement (Art. 28 GDPR) with the provider Flockler to ensure an adequate level of protection of your data. This can be accessed here.

The data protection regulations and further information about this service provider can be found at: flockler.com/privacy-policy.

5.8. Use of social bookmarks

This website uses social bookmarks of the following providers:

• LinkedIn (provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland)
• Facebook (provider: Meta Platforms Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA)
• Twitter (provider: Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA)
• WhatsApp (provider: WhatsApp Irleand Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland)

Social bookmarks are Internet bookmarks with which the users of such a service can collect links and news items. These are included on our website merely as links to the corresponding services. After clicking on the embedded graphic, you will be redirected to the page of the respective provider, i.e., only then will user information be transferred to the respective provider. For information on how your personal data is handled when using these websites, please refer to the respective data protection regulations of the providers.

5.9. OpenStreetMap

The website of WISTA Management GmbH integrates the maps of the OpenStreetMap Foundation service via the API of Leaflets (https://wiki.osmfoundation.org/wiki/Main_Page). OpenStreetMap, as a Google Maps alternative, is an open-source JavaScript library that enables us to integrate interactive maps on our website. From a technical point of view, it is necessary to make requests to the server.arcgisonline.com to display the maps correctly. As a result of these requests, it is generally possible that information about your use of this website (including your IP address and location data) may be transmitted to other servers and stored there. To the best of our knowledge, OpenStreetMap uses user data exclusively for the purpose of displaying map functions and temporarily storing the selected settings. Further information about OpenStreetMap and the respective storage period of the collected data can be obtained from the provider or at https://www.openstreetmap.de/faq.html or https://wiki.osmfoundation.org/wiki/Privacy_Policy. More information on the API leaflets used can be found at https://www.leafletjs.com.

You can deactivate the OpenStreetMap service and thus prevent data transfer to third parties by deactivating JavaScript in your browser. However, we would like to point out that in this case you will not be able to use the map display on our pages, or only to a limited extent.

5.10. Google Custom Search Engine (Google CSE)

Within the WISTA Management GmbH website, the “Google Custom Search Engine” (Google CSE) is used as the central search service. The integrated search service enables a full-text search for the contents of the website. Access to this search function is possible via a specially set up search page. Google Inc (“Google”) provides the search field on this page (“search field”). Entering a search term in the search field activates the search field and the data entered is forwarded to Google. The search results are reloaded using a plug-in provided by Google.

As a matter of principle, we transmit no data to the provider of the search service (Google) when official websites of WISTA Management GmbH are accessed. Data is only transmitted to Google as soon as the user uses the search field on the search page. By activating and using the search function within the page, users' data is simultaneously transmitted to Google.

By activating and using the full-text search function, the visitor consents to the use of the Google search service and thus also to the transfer of data to the Google service. This includes, for example, the search terms entered by the visitor and the IP address of the computer used. Please note that different data protection standards apply to Google than to the WISTA Management GmbH website. We expressly draw your attention to the fact that the processing, in particular the storage, deletion and use of any personal data that may be transmitted is the responsibility of the provider of the search service and that the operator of the WISTA Management GmbH website has no influence on the type and scope of the transmitted data or on its further processing.

If you are simultaneously logged in at Google, the Google service is able to assign the information directly to your user profile.

Further information from Google on the handling of user data (privacy policy) is available at: policies.google.com/privacy.

6. Data transfer

As a matter of principle, your data will not be transferred to third parties, unless we are legally obliged to do so. As far as external service providers are exposed to your personal data, we have ensured through legal, technical, and organisational measures as well as through regular controls that they comply with the regulations of the data protection laws. Furthermore, these service providers may only use your data in accordance with our instructions.

7. Routine deletion and blocking of personal data

The controller shall process and store personal data relating to the data subject only for the period of time necessary to achieve the purpose of storage or when it is allowed by the European legislator or other legislators by law or regulations to which the controller is subject.

If the purpose of storage ceases to apply or if a retention period regulated by the European legislator or another competent legislator expires, the personal data will be blocked or deleted as a matter of routine and in accordance with the statutory provisions.