For all of us at PAT ART LAB, initiated by PATRIZIA AG, protecting your privacy when you use our website is an important concern. With the following information, we would like to inform you of the nature, scope and purpose of the personal data that we collect and use when you visit our website.
Part 1: Information on data protection regarding our processing under Articles 13, 14 and 21 of the General Data Protection Regulation (GDPR)
Information on data protection regarding our processing under Articles 13, 14 and 21 of the General Data Protection Regulation (GDPR). We take data protection very seriously and inform you herein how we process your data and what claims and rights you are entitled to under data protection regulations. Applicable from 25 May 2018.
86150 Augsburg, Germany
Phone: +49 821 50910-000
Fax: +49 821 50910-999
Contact data of our data-protection officer:
HEC Harald Eul Consulting GmbH
Datenschutz + Datensicherheit
Harald Eul (data-protection officer PATRIZIA)
Auf der Höhe 34
We process personal data in accordance with the stipulations of the General Data-Protection Regulation (GDPR), the German Federal Data-Protection Act (Bundesdatenschutzgesetz – BDSG) and other applicable data-protection provisions (details are provided in the following). The details of which data are processed and how they are used depends largely on the services requested or agreed in each case. Further details or additions for the purposes of data processing can be found in the respective contract documents, forms, a declaration of consent and/or other information provided to you (e. g. in the context of the use of our website or our terms and conditions). In addition, this data protection information may be updated from time to time.
The processing of personal data is carried out in order to carry out our contracts with you and the execution of your orders as well as to carry out measures and activities within the framework of pre-contractual relations, e. g. with interested parties. In particular, the processing thus serves to provide services according to your orders and wishes and include the necessary services, measures and activities. This essentially includes contract-related communication with you, the verifiability of transactions, orders and other agreements as well as quality control by means of appropriate documentation, goodwill procedures, measures to control and optimize business processes as well as the fulfilment of general duties of care, control and supervision by affiliated companies (e. g. Parent company); statistical evaluations for corporate management, cost recording and controlling, reporting, internal and external communication, emergency management, accounting and tax assessment of operational services, risk management, assertion of legal claims and defence in the event of legal disputes; ensuring IT security ((inter alia system and plausibility tests) and general security, including building and plant security, securing and exercising domestic authority (e. g. by means of access controls); guaranteeing the integrity, authenticity and availability of data, preventing and investigating criminal offences; control by supervisory bodies or supervisory authorities (e. g. auditing).
Above and beyond the actual fulfilment of the (pre-) agreement, we process your data whenever this is necessary to protect legitimate interests of our own or of third parties, in particular for the following purposes:
Your personal data can also be processed for certain purposes (e.g. use of company communication systems for private purposes; photographs/videos of you for publication in the Intranet/Internet) including as a result of your consent. As a rule, you can revoke this consent at any time. This also applies to the revoking of declarations of consent that were issued to us before the GDPR went into effect, i.e. prior to 25 May 2018. You shall be separately informed about the consequences of revocation or refusal to provide consent in the respective text of the consent.
Generally speaking, revocation of consent only applies to the future. Processing that takes place prior to consent being issued is not affected by such and remains lawful.
Just like any actor which takes part in business life, we are also subject to a large number of legal obligations. These are primarily statutory requirements (e.g. commercial and tax laws), but also if applicable supervisory law or other requirements set out by government authorities. The purposes of processing may also include identity and age checks, prevention of fraud and money laundering (e.g. comparisons with European and international anti-terror lists), compliance with control and notification obligations under tax law as well as the archiving of data for the purposes of data protection and data security as well as for purposes of audits by tax advisors/auditors, fiscal and other government authorities. In addition, it may be necessary to disclose personal data within the framework of official government/court measures for the purposes of collecting evidence, law enforcement and criminal prosecution or the satisfaction of civil law claims.
If necessary for the contractual relationship with you and the activities performed by you, we may process data which we lawfully receive from other offices or other third parties (e.g. quality assessment or complaints by customers/suppliers/consumers). In addition, we process personal data that we have lawfully collected, received or acquired from publicly accessible sources (such as, for example, commercial registers and association registers, civil registers, the press, Internet and other media) if such is necessary and we are allowed to process this data in accordance with statutory provisions.
Relevant personal data categories may in particular be:
At our company, your data is received by those internal offices or organisational units that need such to fulfil our contractual and statutory obligations or that require such data within the framework of processing and implementing our legitimate interests.
Your data is disclosed/passed on to external offices and persons solely
We shall moreover refrain from transmitting your data to third parties if we have not informed you of such separately. If we commission service providers within the framework of processing an order, your data will be subject there to the security standards stipulated by us in order to adequately protect your data. In all other cases, recipients may only use the data for purposes for which the data has been sent to them.
We process and store your data for the duration of our business relationship. This also includes the initiation of a contract (pre-contractual legal relationship) and the execution of a contract.
Above and beyond this, we are subject to various retention and documentation obligations that emanate inter alia from the German Commercial Code (HGB) and the German Tax Code (AO). The periods and deadlines for retention and/or documentation stipulated therein are up to ten years beyond the end of the contractual relationship or the pre-contractual legal relationship.
Furthermore, special statutory provisions may require longer retention such as for example the preservation of evidence in connection with statutory time-barring provisions (statute of limitations). Under §§ 195 ff. of the German Civil Code (BGB), the regular time-barred period is three years, but time-barred periods of up to 30 years may also be applicable.
If the data is no longer required to meet contractual or statutory obligations and rights, it is regularly deleted unless its further processing – for a limited period – is necessary to fulfil the purposes listed under number 2.2 due to an overriding legitimate interest. Such an overriding legitimate interest is deemed to be the case, for example, if it is not possible to delete the data as a result of the special type of storage or such is only possible at an unreasonably great expense and processing for other purposes is excluded by appropriate technical and organisational measures.
Data is transmitted to offices in countries outside the European Economic Area EU/EEA (so-called third states) whenever such is necessary to meet a contractual obligation towards you (e.g. if you are despatched to another country), such is required by law (e.g. notification obligations under tax law), such is in the legitimate interest of us or a third party or you have issued us your consent to such.
At the same time, your data may be processed in a third country including in connection with the involvement of service providers within the framework of the processing of the order. If no decision has been issued by the EU Commission regarding the presence of a reasonable level of data protection for the respective country, we warrant that your rights and freedoms will be reasonably protected and guarantied in accordance with EU data-protection requirements through contractual agreements to this effect. We will provide you with detailed information on request.
You can request information on the suitable or reasonable guarantees and the possibility, how and where to receive a copy of these from the company data-protection officer or the human resources department in charge of you.
If certain conditions are met, you can assert your data-protection rights against us
Whenever possible, your applications for the exercise of your rights should be sent in writing to the address stated above or addressed directly to our data-protection officer.
You only need to provide data that is necessary for the commencement and performance of the business relationship or for a pre-contractual relationship with us or the collection of which we are required by law. Without this data, we are generally not able to conclude the agreement or continue to perform such. This may also relate to data that is required later within the framework of the contractual relationship. If we request data from you above and beyond this, you shall be informed about the voluntary nature of the information separately.
We do not use any purely automated decision-making procedure as set out in Article 22 of the GDPR. If we do institute such a procedure in individual cases in the future, we shall inform you pursuant hereto separately if this is required by law.
Under certain circumstances, we may process your data in part with the aim of evaluating certain personal aspects (profiling).
In order to provide you with targeted information and advice on products, we may use evaluation tools. These enable a needs-oriented product design, communication and advertising including market and opinion research.
Such procedures can also be used to assess your solvency and creditworthiness as well as to combat money laundering and fraud. “Score values” can be used to assess your creditworthiness and creditworthiness. In the case of scoring, the probability is calculated using mathematical methods with which a customer will meet his payment obligations in accordance with the contract. Such score values thus support us, for example, in assessing our creditworthiness, decision-making in the context of product deals and are incorporated into our risk management. The calculation is based on mathematically and statistically recognised and proven methods and is based on your data, in par particular income, expenditure, existing liabilities, profession, employer, length of service, experience from the previous business relationship, repayment of previous loans in accordance with the contract and information from credit agencies.
Information on nationality and special categories of personal data according to Art. 9 GDPR are not processed.
1. You have the right to file an objection at any time against processing of your data which is performed on the basis of Art. 6, section 1 f of the GDPR (data-processing on the basis of a weighing out of interests) or Art. 6, section 1 e of the GDPR (data-processing in the public interest). The precondition for this, however, is that there are grounds for your objection emanating from your special personal situation. This also applies to profiling that is based on this purpose in the meaning of Art. 4, no. 4 of the GDPR. If you file an objection, we shall no longer process your personal data unless we can demonstrate compelling reasons warranting protection for the processing that outweigh your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims.
2. We will also use your personal data in order to perform direct advertising. If you do not want to receive any advertising, you have the right to file an objection to such at any time. This also applies to the profiling to the extent that it is connected with such direct advertising. We shall respect this objection with effect into the future.
The objection can be filed without adhering to any form requirements and should if possible be sent to
86150 Augsburg, Germany
Phone: +49 821 50910-000
Fax: +49 821 50910-999
We shall no longer process your data for the purpose of direct advertising if you object to processing for this purpose.
Data controller for data collection, processing and use of data relating to the use of our internet services is PATRIZIA AG.
The use of our website does not require prior registration – except in the login area for institutional investors. During your visit to our website, we collect and process information that you technically automated transmit to us (see item 3) and/or personal data (see item 4).
When you visit our website or use our services, the device and the internet browser that you use to open our website with automatically transmits log data to our server. This log data especially includes the name of the file (webpage) that was accessed, the data volume transferred, the type and version of the web browser used, the operating system used (type and version), the date and time at which the page was accessed, the referrer (URL of the website from which you accessed our website by link) as well as the IP address of the computer requesting access. After the IP address is no longer technically required in order to access the internet site, it will be stored (anonymously) for statistical analysis in abbreviated form only.
The above-mentioned automatically transmitted data is recorded and used solely for the purposes of properly and optimally displaying the information provided as well as for statistical analysis. It is not possible for us to connect the data automatically transmitted to the server with individual natural persons which means that, generally speaking, we do not have the means to identify you directly using the automatically transmitted data. However, please note that with the cooperation of your internet access provider, it is theoretically possible, over a certain length of time, to determine the owner of the internet connection that you access our website from using the automatically transmitted data. Your internet access provider can provide information on how long it stores used and assigned IP addresses.
We collect, process and use personal data such as name, address, telephone number or email address on these websites only for contract execution purposes and to preserve our own legitimate business interests regarding the counsel and support of our clients. Apart from that, we use the information you voluntarily provide only for the purpose for which it was provided. Only if you have given us your consent to the use of your data for other services or for marketing purposes do we use it accordingly. Your personal data will be deleted as soon as it is no longer needed to fulfill the purpose it was stored for, at the latest, however, after full execution of the contract and expiry of the tax and trade law regulations.
a. Contact form
You can contact us using the contact/email form which can be accessed on our website. The use of the form as well as the entry of personal data into this contact form is, of course, voluntary. The personal data that you transmit using the contact form will be used only to process your query unless you have specially consented to further use. Should you use our email form to contact us, the data entered here will be encrypted as it leaves your computer according to the latest technical standards (SSL) to protect it against misuse by third parties.
b. Sharing information with third parties
Personal data transmitted during use of our website will be shared with third parties only under consideration of the strict conditions of the Federal Data Protection Act (Bundes-datenschutzgesetz), that is, if you have given prior consent to the sharing of data, if we are entitled to do so based on statutory provisions and/or are obligated on basis of statute, regulation, court order or order by public authority to disclose such data. In general, sharing data with third parties for advertising purposes does not take place.
c. Information, correction, blocking, deletion
You have the right to demand information on the personal data that is stored regarding yourself, the recipients or categories of recipients with whom such data is shared as well as the purpose of storage free of charge. Furthermore, you may have a right to have personal data corrected, blocked or deleted under the statutory conditions. Contact information can be found under Legal.
We also use a cookie within our disclaimer for opening secure pages on our website (e.g. on the pages regarding real estate funds) that is activated after you confirm the disclaimer by checking the box and clicking the “Confirm” button and which enables navigation within the secure pages. This cookie will be automatically deleted after you close the browser window.
b. Google Analytics
When you visit our website, we transmit data to our service provider Google Inc. within the scope of Google Analytics. Google Analytics is configured so that your IP address will be anonymously transmitted to Google (anonymizeIP). Google processes your usage data on our behalf, on our website, in order to compile reports on website activity. We use these reports to determine your interest in what we offer and make improvements.
If you wish to avoid tracking by Google Analytics, you can install a browser add-on to prevent tracking by Google Analytics.
Google has obligated itself to comply with the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework on the collection, use and storage of personal data from member states of the EU and Switzerland as set forth by the US Department of Commerce. You can find further information here.
c. Social plugins
Our website uses social network plugins (Twitter, Facebook etc.). Each time you open a page on our website that has a plugin on it, the plugin initiates a download of the visual depiction of the plugin from the social network’s server. In doing so, the social network server is informed of which page on our website you are currently visiting and other data such as your IP address.
To ensure an adequate standard of data protection on our website we have therefore initially deactivated the plugins with corresponding buttons and inserted a short data protection notice.
If you are not satisfied with the privacy protection measures described here or have further questions regarding the collection, processing and/or use of your personal data, we would like to hear from you. We will endeavor to answer your question as quickly as possible and implement your suggestions. Please contact us at datenschutz-patrizia(at)he-c.de.
If you open an external website from our site (external link), the external provider may receive information from your browser on which of our webpages you came from. The external provider is responsible for this data. We (just as every other website provider) are not able to influence this process.
PATRIZIA implements technical and organizational security measures to protect the data you provide from random or intentional manipulation, loss, destruction or access by unauthorized persons. In case personal data is collected and processed, the information will be transmitted in encrypted form to prevent misuse of data by third parties. Our security measures are continually revised in line with technological developments. Our employees are obligated to maintain confidentiality.
Contact data of our data-protection officer: