Data protection information for business partners

The following information provides you as a business partner (customers, service providers, analysts, investors and interested parties) with an overview of the processing of your personal data by TAG Immobilien AG and your rights under data protection law. Which data is processed in detail depends largely on the type and scope of the existing business relationship. Further data protection notices may be relevant for you, e.g. when you visit our website or use IT applications provided by us. Responsibility for data processing lies with the organization TAG Immobilien AG (hereinafter referred to as "TAG").

Responsibilities 

We are responsible for the processing of your personal data:
TAG Immobilien AG
represented by the Executive Board: Claudia Hoyer, Martin
Thiel Steckelhörn 5
20457 Hamburg
Phone: 040 380 32-0
E-mail: datenschutztag-agcom

Please address your questions about data protection to:
TAG Immobilien AG Data
Protection Management
Kreuzstraße 7 c, 04103 Leipzig
E-mail: datenschutz@tag-ag.com 

TAG Immobilien AG has appointed as external data protection officer:
DOMUS Consult Wirtschaftsberatungsgesellschaft mbH
Schornsteinfegergasse 13, 14482 Potsdam-Babelsberg
Phone: 0331 743 30-0
E-mail: datenschutztag-agcom

These contact details of the data protection officer for TAG Immobilien AG also apply to all companies affiliated with TAG Immobilien AG (hereinafter "TAG") under company law, i.e. all companies belonging to the TAG Group. 

What data do we use and how do we collect it? 

As part of the information about our business development and the initiation and execution of the business relationship, we process in particular the following categories of data of our business partners or their contact persons, which we have received directly from them or from other companies of the TAG Group or from other third parties in a permissible manner (e.g. to fulfill contracts or on the basis of consent given). On the other hand, we process data that we have legitimately obtained from publicly accessible sources (e.g. commercial register, press, internet): 

Interested parties, analysts, investors, shareholders, other business partners: 

1. Personal/contact data (e.g. first name, surname, company if applicable, address, (mobile) telephone number, fax, e-mail)
2. Communication data in connection with correspondence (e-mails, correspondence)
3. when accessing or using our IT applications: Log data (e.g. user ID, time stamp, type of access)

Customers, suppliers, service providers

1. Personal/contact data (e.g. first name, surname, company, (mobile) telephone number, fax, e-mail)
2. Contract and billing data (e.g. bank details, goods ordered, invoice data,
3. Communication data in connection with correspondence (e-mails, correspondence)
4. Identification data (e.g. identity documents), authentication data (e.g. signature test), Schufa score
5. when accessing or using our IT applications: Log data (e.g. user ID, time stamp, type of access) 

Supervisory Board members, managing directors and other contacts at subsidiaries and associated companies

1. Personal/contact data (e.g. first name, surname, company, business address, (mobile) telephone number, fax, e-mail)
2. Communication data in connection with correspondence (e-mails, correspondence)
3. Dates of participation in internal Group events
4. when accessing or using our IT applications: Log data (e.g. user ID, time stamp, type of access)
5. for mandate holders: Information on the mandate, commercial register entry, date of birth, private address

For what purposes and on what legal basis is your data processed?

Data processing by TAG is carried out in order to perform the tasks of TAG Immobilien AG and its affiliated companies pursuant to Sections 15 et seq. AktG in compliance with the provisions of the EU General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG) and all other relevant laws (e.g. HGB, AO, etc.). 

a. For the performance of a contract or for pre-contractual measures (Art. 6 (1b) GDPR) 

Personal data is processed to fulfill contracts with our customers, suppliers and service providers. This also includes the implementation of pre-contractual measures, e.g. inquiries and requests for quotations from business partners. 

b. In the context of a balancing of interests (Art. 6 para. 1 f) GDPR) 

If necessary, we process your data beyond the actual fulfillment of the contract in order to protect our legitimate interests or those of third parties, such as

1. Assertion of legal claims and defense in legal disputes,
2. for internal administrative purposes within the TAG Group,
3. Ensuring IT security and IT operations,
4. Prevention of criminal offenses,
5. Property protection, theft protection (video),
6. Access control,
7. Testing and optimization of procedures for needs analysis and direct customer contact,
8. advertising or market and opinion research, unless you have objected to the use of your data,
9. Organization of Group events. 

c. On the basis of consent (Art. 6 para. 1 a) GDPR)

If you have given us your consent to process personal data for specific purposes (e.g. newsletter), the lawfulness of this processing is based on your consent. Any consent given can be revoked at any time with effect for the future. This also applies to the revocation of declarations of consent given before the validity of the GDPR, i.e. before May 25, 2018. Please note that the revocation is only effective for the future. Processing that took place before the revocation is not affected.

d. Due to legal requirements (Art. 6 para. 1 c) GDPR) or in the public interest (Art. 6 para. 1 e) GDPR)

We are also subject to various legal obligations, i.e. statutory requirements, z. e.g. tax regulations. 

Who receives your data? 

Within our company, those departments that require your data to fulfill our contractual and legal obligations or the above-mentioned purposes will have access to it. Service providers and vicarious agents employed by us may also receive data for this purpose.  

Data will only be passed on outside the company if this is required by law, if there are legitimate interests in doing so or if you have given your consent. 

All recipients are obliged to comply with data protection. 

Under these conditions, recipients of personal data may be 

1. Public bodies and institutions (e.g. tax authorities) in the event of a legal or official obligation,
2. Processors to whom we transfer personal data in order to carry out the business relationship with you (e.g. support/maintenance of IT systems, data processing, payment transactions, accounting),
3. those bodies for which you may have given us your consent to data transfer. 

As a matter of principle, no data is transferred to recipients in countries outside the EU or the EEA (so-called third countries). If data is transferred to third countries in individual cases, this is either necessary for the performance of a contract, takes place as part of order processing, is required by law or takes place on the basis of consent that you have given us. If service providers are used in a third country, an appropriate level of data protection is guaranteed.

How long will your data be stored? 

We process and store your personal data for as long as is necessary to fulfill the purposes stated in this policy. It should be noted that many of our business relationships are long-term. If the data is no longer required for the fulfillment of contractual or legal obligations, it must be deleted regularly, unless its temporary further processing is necessary for the following purposes:

1. Fulfillment of retention periods under commercial and tax law, e.g. according to the German Commercial Code or Fiscal Code. The periods specified there are 2 to 10 years,
2. Preservation of evidence within the framework of the statute of limitations (e.g. Sections 195 et seq. BGB). 

What data protection rights do I have? 

Every data subject has the right of access under Article 15 GDPR, the right to rectification under Article 16 GDPR, the right to erasure under Article 17 GDPR, the right to restriction of processing under Article 18 GDPR, the right to object under Article 21 GDPR and the right to data portability under Article 20 GDPR. The restrictions of Sections 34 and 35 BDSG apply to the right to information and the right to erasure. This means that the right to erasure is aimed at restricting the processing of personal data, as TAG is obliged to secure its automated data processing systems (backups) and the erasure of personal data in these systems would involve unreasonable and disproportionate effort. Finally, there is a right of appeal to a competent data protection supervisory authority (Article 77 GDPR in conjunction with Section 19 BDSG).  

You can withdraw your consent to the processing of personal data at any time. This also applies to the revocation of declarations of consent that were given to us before the GDPR came into force, i.e. before May 25, 2018. Please note that the revocation only takes effect for the future. Processing that took place before the withdrawal is not affected.

The assertion of these data protection rights and in particular the assertion of the right to object are to be sent by e-mail to: datenschutztag-agcom

or in writing by post to Data Protection Management
TAG Immobilien AG
Data Protection Management
Kreuzstraße 7 c, 04103 Leipzig 

to address. The assertion of rights is free of charge.

Do I have an obligation to provide data?

As part of our business relationship, you must provide the personal data that is necessary for the establishment, execution and termination of a business relationship and for the fulfillment of the associated contractual obligations or that we are legally obliged to collect. Without this data, we will generally not be able to conclude, execute and terminate a contract with you. 

What data protection measures are observed at the TAG Group? 

Within its area of responsibility, TAG has designed the internal organization in such a way that the special requirements of data protection and the requirements of the GDPR and the BDSG are met. Technical and organizational measures have been taken to protect the data that meet these requirements. TAG is convinced that the measures taken offer an appropriate level of protection for the risks associated with the processing of personal data. The companies observe the principle of data minimization, i.e. only the data that is necessary for the execution and processing of the contracts or that must be retained on the basis of consent and/or legal requirements is collected, processed and retained. Personal data is only received and passed on (e.g. in the case of purchase and sale) on the basis of strict confidentiality agreements and insofar as this is necessary for the processing and execution of transactions. 

If you contact us via our websites, the data protection information for accessing the website, which is stored on the website itself and can be viewed and downloaded (at https://tag-wohnen.de or https://www.tag-ag.com), applies in addition to this data protection information.

TAG reserves the right to amend and update this data protection notice on an ongoing basis due to technical developments and the unknown practice of the supervisory authorities. The updated data protection notice shall apply from the date on which it is published on the website. 

Use of the signing function

When you use the service, we may ask you for your name, company name, e-mail address and telephone numbers. As part of a signature process, we process the signature you provide. Your name and e-mail address may also have been provided to us by someone who has sent you a signature request. 

The use of the services requires that certain personal data is exchanged between the users who exchange a signed document. Once a signing process has been completed, we send a signing log both to the user who initiated the signing process and to all users who have signed the document or are otherwise associated with the signing process. This signing log can contain the names, e-mail addresses, IP addresses, browser type and browser version and timestamps of all users involved. All changes to the document initiated by users, such as text, data and signatures, are included in the signature log. 

During the signing process, we can provide the users involved with information about the status of the signing process, e.g. whether a signature request has been delivered, viewed, downloaded and/or resulted in a signature. These events can also be included in the signature log.  

The criteria used to determine the retention period of personal data are the statutory retention periods. After this period has expired, the relevant data is deleted unless it is no longer required for the fulfillment of the contract or the start of a new contract.

In addition, we take measures to ensure that unauthorized access to personal data is prohibited.

Information about your right to object in accordance with Article 21 GDPR Individual right to object

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Article 6(1)(e) GDPR (data processing in the public interest) and Article 6(1)(f) GDPR (data processing on the basis of a balancing of interests); this also applies to profiling based on this provision within the meaning of Article 4(4) GDPR. 

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defense of legal claims. 

The objection can be addressed informally to: 

TAG Immobilien AG
Data Protection Management
Kreuzstraße 7 c, 04103 Leipzig
E-mail: datenschutztagtag-agcom.

Status: June 2024