Privacy Declaration

This privacy policy clarifies the nature, scope and purpose of the processing of personal data (hereinafter referred to as « data ») within our online offer and with web pages, features and content, and external online sites, such as our Social Media Profiles (collectively referred to as « Online Services »). With regard the terms used, such as We refer to « processing » or « responsible person » to the definitions in Article 4 of the DSGVO (GDPR).


CTR Immo Dresden GmbH
Ostra-Allee 13
01067 Dresden

Telephone 0351 497 720 10
Types of processed data:

– Inventory data (e.g., names, addresses).
– contact information (e.g., email, phone numbers).
– content data (e.g., text input, photographs, videos).
– usage data (e.g., websites visited, interest in content, access times).
– Meta / communication data (e.g., device information, IP addresses).
Categories of affected persons

Visitors and users of the online offer (hereinafter we refer to the affected Summarizing people as « users »).

Purpose of processing

– Providing the online offer, its features and content.
– Answering contact requests and communicating with users.
– Safety measures
. – Audience measurement / Marketing

Used terms

« Personal Data » is any information that identifies itself to you or identifiable natural person (hereinafter referred to as « affected person ») Respectively; Being identifiable becomes a natural one Person considered directly or indirectly, in particular by assignment to an identifier, such as a name, an identification number, location data, and so on Online identifier (e.g., cookie) or one or more special features can be identified, the expression of the physical, physiological, genetic, mental, economic, cultural or social identity of these natural person are.

« Processing » is any one executed with or without the aid of automated procedures Operation or each such series of operations in Related to personal data. The term goes far and includes virtually every deal with data.

« Pseudonymization » means the processing of personal data in a way that the personal data without consultation additional information can no longer be assigned to a specific data subject, provided that additional information Information must be kept separate and subject to technical and organizational measures to ensure that the personal data are not assigned to an identified or identifiable natural person.

« Profiling » means any kind of automated processing of personal data that consists of that personal information Data may be used to evaluate certain personal aspects relating to a natural person, in particular aspects of work performance, economic situation, health, personal preferences, interests, reliability, To analyze or predict the behavior, whereabouts, or location of that natural person.

The « person responsible » shall be the natural or legal person, public authority, body or body acting alone or together with others about the purposes and means of processing personal data.

« Processor » means a natural or legal person, public authority, body or organization another body that processes personal data on behalf of the controller.
Relevant legal bases

In accordance with Art. 13 DSGVO (GDPR), we will inform you of the legal basis of our Data processing. If the legal basis in the privacy policy the legal basis for obtaining Consent is Art. 6 Abs. 1 lit. a and Art. 7 DSGVO (GDPR), the legal basis for the processing to fulfill our services and to carry out contractual Measures as well as answering inquiries are Art. 6 Abs. 1 lit. b DSGVO, the Legal basis for processing to fulfill our legal obligations is Art. 6 Abs. 1 lit. c DSGVO (GDPR), and the legal basis for the processing of Safeguarding our legitimate interests is Art. 6 Abs. 1 lit. f DSGVO (GDPR). For the Case that vital interests of the person concerned or another require a person to process personal data, Art. 6 Abs. 1 lit. d DSGVO (GDPR) as legal basis.

Safety measures

We meet in accordance with Art. 32 DSGVO (GDPR), taking into account the state of the art Technology, the implementation costs and the type, scope, circumstances and the purpose of the processing and the different likelihood of occurrence and seriousness of the risk to the rights and freedoms of natural persons, appropriate technical and organizational measures to be commensurate with the risk To ensure protection level.

The measures include, in particular, the safeguarding of confidentiality and integrity and availability of data by controlling physical access to the data, as well as their access, input, disclosure, backup the availability and their separation. Furthermore, we have established procedures the one perception of data subjects, deletion of data and reaction to Ensure the risk of data. We also take protection into account personal data already in the development or selection of hardware, Software and procedures, according to the principle of data protection by Technique design and privacy-friendly default settings (Art. 25 DSGVO).
Collaboration with processors and third parties

Unless we provide data to other individuals and companies as part of our processing (Order processors or third parties), forward them to them or them otherwise grant access to the data, this is done only on the basis of a legal Permission (for example, if a transmission of the data to third parties, such as payment service providers, according Art. 6 Abs. 1 lit. b DSGVO (GDPR) is required to fulfill the contract), you have consented a legal obligation to do so or based on our legitimate Interests (e.g., when using agents, web hosts, etc.).

Provided that we third parties with the processing of data on the basis of a so-called. Commissioning « contract processing contract », this is done on the basis of Art. 28 DSGVO.

Transfers to third countries

If we have data in a third country (ie outside the European Union (EU) or the European Economic Area (EEA)) or within the framework of the Use of third party services or disclosure, or transmission of data to third parties, this will only be done if it is necessary to fulfill our (above) contractual obligations, based on your consent, due to a legal obligation or based on our legitimate interests happens. Subject to legal or contractual permissions, we process or leave the data in a third country only if available the special requirements of Art. 44 ff. DSGVO (GDPR). That the Processing is e.g. based on special guarantees, such as the official recognized statement of an EU level of data protection (For example, for the US by the « Privacy Shield ») or respect officially recognized specific contractual obligations (so-called « standard contractual clauses »).

Rights of the concerned persons

You have the right to ask for confirmation of any relevant data be processed and for information about this data and for further information and copy of the data according to Art. 15 DSGVO (GDPR).

You have accordingly Art. 16 DSGVO (GDPR) the right to complete the you data or correction of incorrect data concerning you to demand.

In accordance with Art. 17 DSGVO (GDPR), they have the right to demand that the person concerned Data are deleted immediately, or alternatively in accordance with Art. 18 DSGVO (GDPR) to require a limitation of the processing of the data.

You have the right to demand that the data concerning you be provided to us have obtained according to Art. 20 DSGVO (GDPR) and their transmission to demand other responsible persons.

You have gem. Art. 77 DSGVO (GDPR) the right to submit a complaint to the supervisory authority.


You have the right to revoke consent granted in accordance with Art. 7 Abs. 3 DSGVO with effect for the future.


Right of objection

You may object to the future processing of data relating to you in accordance with Art. 21 DSGVO at any time. The objection can be made in particular against the processing for purposes of direct advertising.

Cookies and right to object to direct advertising

« Cookies » are small files stored on users’ computers become. Different information can be stored within the cookies. A cookie is primarily used to provide information about a user (or the device on the the cookie is stored) during or even after his visit within one Save online offer. As temporary cookies, or « session cookies » or « transient cookies » are cookies that are deleted after a User leaves an online offer and closes his browser. In such a Cookie may e.g. the contents of a shopping cart in an online shop or a Login status will be saved. Cookies become « permanent » or « persistent » which remain saved even after the browser has been closed. So can e.g. The login status will be saved if the users post these after several days attention. Likewise, the interests of the users can be stored in such a cookie which are used for range measurement or marketing purposes. « Third party cookies » are cookies that are used by other providers as the person responsible for the online offer (otherwise, if it’s just their cookies, it’s called first-party cookies).

We can use temporary and permanent cookies and clarify this in the context of our privacy policy.

If users do not want cookies stored on their machine, they will be asked for the appropriate option in their system settings Disable browser. Saved cookies can be found in the system settings of the browser. The exclusion of cookies may be too Function restrictions of this online offer lead.

A general contradiction to the use of for the purposes of online marketing Cookies used in a variety of services, especially in the case of tracking, via the US site or the EU page be explained. Furthermore, the storage of cookies by means of their shutdown in the Settings of the browser can be achieved. Please note that then may not be all functions of this online offer can be used.

Deletion of data

The data processed by us are processed in accordance with Articles 17 and 18 DSGVO (GDPR) deleted or restricted in their processing. Unless under this Privacy statement expressly stated, the stored with us Data is deleted as soon as it is no longer required for its purpose and the deletion does not conflict with statutory retention requirements. Unless the data is deleted because it is for others and legally permissible purposes, their processing is restricted. That The data is blocked and not processed for other purposes. This applies, for example for data that, for commercial or tax reasons must be kept.

According to legal requirements in Germany, the storage is done in particular for 10 years according to §§ 147 Abs. 1 AO, 257 Abs. 1 Nr. 1 und 4, Abs. 4 HGB (Books, records, management reports, accounting records, trading books, for Taxation of relevant documents, etc.) and 6 years pursuant to § 257 Abs. 1 Nr. 2 und 3, Abs. 4 HGB (commercial letters).

According to legal requirements in Austria, the storage takes place in particular for 7 years in accordance with § 132 Abs. 1 BAO (accounting documents, vouchers / invoices, Accounts, receipts, business papers, statement of revenue and expenditure, etc.), for 22 years in connection with land and for 10 years in documents in connection with electronically provided services, telecommunications, Broadcasting services to non-entrepreneurs in EU Member States and for which the Mini-One-Stop-Shop (MOSS) is used.

Cooperation with the data processor Quality Reservation Deutschland GmbH
You have the opportunity to book apartments online with us. To this functionality we can work with the company Quality Reservation Deutschland GmbH, Ostpassage 11, D-30853 Langenhagen together.

As part of this cooperation, the Quality Reservation Germany GmbH processes your personal data as a processor for us, if you agree. If not, unfortunately an online booking is not possible, but you are welcome to contact us by phone. You can read in advance about the privacy policy of Quality Reservation Deutschland GmbH inform here: Privacy Policy QR Deutschland GmbH

brokerage services

We process the data of our customers, clients and prospects (uniformly referred to as « customers ») comply with Art. 6 Abs. 1 lit. b. DSGVO (GDPR), to provide you with our contractual or pre-contractual services. The data processed, the nature, the scope and the purpose and the The necessity of their processing depends on the underlying order. This basically includes inventory and master data of the customer (name, address, etc.), as well as the contact data (e-mail address, telephone, etc.), the contract data (Content of the commission, fees, terms, details of the mediated Company / insurers / services) and payment data (commissions, payment history, etc.). We may also provide information about the characteristics and circumstances of persons or persons process belongings belonging to them, if this belongs to our order. This can e.g. Information about personal circumstances, moveable or immovable property.
As part of our assignment, it may also be necessary for us to specialize Categories of data according Art. 9 Abs. 1 DSGVO (GDPR), in particular health claims process a person. For this we will, if necessary, according Art. 6 Abs. 1 lit a., Art. 7, Art. 9 Abs. 2 lit. DSGVO (GDPR) an express Consent of the customers.
Unless disclosed or required by law for performance of the contract or disclosed We use customer data in the context of coverage requests, deals and settlements Contracts data to providers of mediated services / objects, insurers, Reinsurers, brokerage pools, technical service providers, other service providers, such as cooperating associations, as well as financial service providers, credit institutions and Investment companies and social security funds, tax authorities, Accountants, legal advisers, accountants, insurance ombudsmen and the Institutions Federal Financial Supervisory Authority (BaFin). Further we can Hire subcontractors, such as Under mediator. We get a consent the customer, if this to the disclosure / transmission of a consent of the customer is required (which, for example, in the case of particular categories of data according Art. 9 DSGVO (GDPR) may be the case).
The deletion of the data takes place after expiration of legal warranty and comparable Obligations whereby the necessity of keeping the data is reviewed every three years becomes; apart from that, the legal storage obligations apply.
In the case of legal archiving obligations, the deletion takes place after its expiration. In particular, according to German law, the insurance and financial industry consulting protocols for 5 years, brokerage notes for 7 years and brokerage agreements for 5 years and generally 6 years for relevant commercial law Documents and 10 years for tax-relevant documents.

External payment service providers

We use external payment service providers whose users use their platforms and we can make payment transactions (e.g., with link to the privacy declaration,
Visa (, Mastercard (, American Express (

In the context of the fulfillment of contracts, we set up the payment service providers Basis of Art. 6 Abs. 1 lit. b. DSGVO (GDPR). Incidentally, we use external & nbsp; Payment service provider based on our legitimate interests according Art. 6 Abs. 1 lit. b. DSGVO (GDPR) to make our users effective and safe to offer payment.

The data processed by PSPs includes inventory data, such as. the name and the address, bank data, such as Account numbers or Credit card numbers, passwords, TANs and checksums and the contract, Totals and recipient-related information. The information is required to the To carry out transactions. However, the data entered is only by the Payment service providers processed and stored in these. That we obtain no account or credit card information, but only Information with confirmation or negative disclosure of the payment. Under In some circumstances, the data from the payment service providers will be sent to credit reference agencies transmitted. This transmission aims at the identity and credit check. For this we refer to the terms and privacy policy of payment service providers.

For the payment transactions, the terms and conditions and the privacy policy apply the respective payment service provider, which within the respective websites, or transactional applications are retrievable. We also refer to these for further information and assertion of revocation, information and other data subjects.

Administration, financial accounting, office organization, contact management

We process data in the context of administrative tasks as well as organization of our company, Financial accounting and compliance with legal obligations, such as archiving. In doing so, we process the same data that we provide in the course of providing our services process contractual services. The processing basics are Art. 6 Abs. 1 lit. c. DSGVO, Art. 6 Abs. 1 lit. f. DSGVO (GDPR). From the processing Customers, prospects, business partners and website visitors are affected. The purpose and our interest in processing lies in administration, financial accounting, Office organization, archiving of data, so the task of maintaining our Business activities, performing our duties and providing our services. The deletion of the data with regard to contractual services and the contractual Communication corresponds to the information given in these processing activities.

We disclose or transmit data to the tax authorities, Consultants, such as tax accountants or auditors, as well as other fees and payment service providers.

Furthermore, we store information based on our business interests to suppliers, promoters and other business partners, e.g. for the sake of later Contact. We store this majority of company-related data basically permanent.

Business analysis and market research

To operate our business economically, market trends, wishes of contractors and to be able to recognize users, we analyze the data available to us Business transactions, contracts, inquiries, etc. We process stock data, Communication data, contract data, payment data, usage data, metadata Basis of Art. 6 Abs. 1 lit. f. DSGVO (GDPR), being among the persons concerned Contract partners, prospects, customers, visitors and users of our online offer belong.

The analyzes are carried out for the purpose of business analysis, of marketing and market research. We can do the profiles of registered user with information, e.g. to their claimed Services, take into account. The analyzes serve to increase the User-friendliness, the optimization of our offer and the business economy. The analyzes are for us alone and will not be disclosed externally unless they are are anonymous analyzes with summarized values.

If these analyzes or profiles are personal, they will terminate with notice User deleted or anonymized, otherwise after two years from the conclusion of the contract. in the By the way, the total economic analyzes and general Tendency determinations created anonymously if possible.


When contacting us (for example via contact form, e-mail, telephone or via social media) are the information of the user to process the contact request and their settlement gem. Art. 6 Abs. 1 lit. b) DSGVO (GDPR) processed. The information of the Users can work in a Customer Relationship Management System (« CRM System ») or comparable request organization are stored.

We delete the requests, if they are no longer required. We check the necessity every two years; Furthermore, the legal archiving obligations apply.

Hosting E-Mailing

The hosting services we use are for the purpose of making available the following services: Infrastructure and platform services, computing capacity, storage space and Database services, e-mailing, Security and technical maintenance services we provide for the purpose of Use of this online offer.

Here we, or our hosting provider, process inventory data, contact data, Content data, contract data, Usage data, meta and communication data of customers, prospects and visitors this online offer based on our legitimate interests in an efficient and secure Providing this Online offer according Art. 6 Abs. 1 lit. f DSGVO(GDPR) in connection with Art. 28 DSGVO (GDPR) (Conclusion of contract processing contract).

Collection of access data and log files

We, or our hosting provider, will pick up Basis of our legitimate interests in the sense of Art. 6 Abs. 1 lit. f. DSGVO data about every access to the server on which this service is located (so-called server log files). The access data includes name of the retrieved web page, file, date and time of the call, amount of data transferred, message via successful retrieval, browser type and version, the user’s operating system, Referrer URL (the previously visited page), IP address and the requesting provider.

Logfile information are for security reasons (for example, to investigate abusive or fraudulent actions) for the Duration of a maximum of 7 days saved and then deleted. Data whose further retention is required for evidence, are excluded from the cancellation until final clarification of the incident.

Google Tag Manager

Google Tag Manager is a solution that lets us use so-called website tags via a interface manage Google Analytics and other Google marketing services include in our online offer). The Tag Manager itself (which implements the tags) does not handle any personal data of users. With regard to the processing of personal data of users will apply to the following information referenced Google services. Usage guidelines:

Google Analytics

Insofar as you consent to this pursuant to Art. 6 Abs. 1 S. 1 lit. a we are using Google Analytics – a web analytics service provided by Google LLC (« Google »). Google uses cookies. The information generated by the cookie about the users’ use of the online offer is usually sent to a Google server transferred to the US and stored there.

Google is certified under the Privacy Shield Agreement, which provides one Guarantee to comply with European data protection law (

Google will use this information on our behalf to use our online offer by the users to evaluate reports on the activities within this online offer to compile and to further, with the use of this on-line offer and the InterNet use related services to provide us. From the processed Data pseudonymous user profiles of users can be created.

We only use Google Analytics with activated IP anonymization. That means, the IP address of users will be Google within Member States of the European Union or in other Contracting States of the Agreement on the European Economic Area. Only in Exceptions will be the full IP address sent to a Google server in transferred to the US and shortened there.

The IP address transmitted by the user’s browser will not be shared with others Data merged by Google. Users can save the cookies prevent them from setting their browser software accordingly; the users In addition, the capture of the cookie generated by and on its Use of the online offer related data to Google and the processing prevent this data from Google by following the link below Download and install the available browser plugin:

More information about data usage by Google, attitude and contradictory possibilities, Find out in the privacy policy of Google ( sowie in den Einstellungen für die Darstellung von Werbeeinblendungen durch Google (

The personal data of users will be deleted or anonymized after 14 months.

Google AdWords and conversion measurement

We use on the basis of our legitimate interests (i.e., interest in analysis, optimization and economic Operation of our online offer within the meaning of Art. 6 Abs. 1 lit. f. DSGVO) the services of Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA, (« Google »).

Google ist unter dem Privacy-Shield-Abkommen zertifiziert und bietet hierdurch eine Garantie, das europäische Datenschutzrecht einzuhalten (

We use the online marketing method Google « AdWords » to display ads in the Google advertising network to place (e.g., in search results, in videos, on websites, etc.) to allow them to be users be displayed, which is a suspected interest to have the ads. This allows us ads for and within ours To display online offers more targeted to users to present only ads that potentially correspond to their interests. If a user e.g. Ads for products displayed for which he was interested in other online offers, This is called « Remarketing ». For these purposes, when calling our and other websites on which the Google advertising network is active, immediate Google executes a code from Google and it becomes so-called (re) marketing tags (invisible graphics or code, as well « Web Beacons ») incorporated into the website. With their help will be on the device of the user an individual cookie, i.e. saved a small file (instead of cookies can also be comparable Technologies are used). In this File is noted, which web pages the user visited, for which contents he is interested and what offers the User has clicked, also technical information about the browser and operating system, referring websites, visit time as well further information on the use of the online offer.

Furthermore, we receive an individual « conversion cookie ». The with the help of the cookie information collected is used by Google to Conversion statistics for us to create. However, we only learn the anonymous ones Total number of users viewing our ad clicked on a page tagged with a conversion tracking tag have been forwarded. However, we do not receive any Information that personally identifies users.

The data of the users are pseudonym processed within the Google advertising network. That Google stores and processes e.g. not the name or e-mail address of the users, but processes the relevant Data cookie-related within pseudonyms User profiles. That from the perspective of Google, the ads are not for one Managed specifically identifies and manages but for the cookie holder, regardless of who those cookie holders is. This does not apply if a user Google has explicitly allowed to process the data without this pseudonymization. The information collected about the users are transmitted to Google and stored on Google’s servers in the US.

More about data usage by Google, Setting and contradictory options, see the privacy policy of Google ( as well as in the settings for the display of advertising impressions by Google (

Social Media

We maintain online presence within social Networks and platforms to interact with customers who are active there, Interested parties and users communicate and there about our services to inform. When calling the respective networks and platforms, the terms and conditions and the Data processing guidelines respective operator.

Unless otherwise stated in our Privacy Policy, we process the data of the users if they are included communicate with us within social networks and platforms, e.g. Write posts on our online presence or send us messages.
Integration of services and contents of third parties

Within our online offer we rely on our legitimate interests (ie interest in the analysis, optimization and economic operation of our Online offer within the meaning of Art. 6 Abs. 1 lit. f. DSGVO (GDPR)) Third-party content or service offers to view their content and content Services, such as Include videos or fonts (hereinafter uniformly referred to as « content »).

This always assumes that the third party of this content, the IP address of the Users perceive as they do without the IP address could not send content to their browser. The IP address is for the Presentation of this content required. We We strive to use only such content whose respective provider uses the IP address only for the delivery of the contents use. Third party vendors can also use so-called pixel tags (invisible graphics, also called « web beacons ») for use statistical or marketing purposes. Through the « pixel tags » can Information on how visitors traffic to the Pages of this website are evaluated. The pseudonymous information can furthermore in cookies on the device of the users and technical information about the browser and others Operating system, referring websites, visit time as well as further information on the use of our online offer included, as well with such information from others Sources are connected.


We bind the videos of the platform « YouTube » of the provider Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. Privacy Declaration:, Opt-Out:

Google Fonts

We bind the fonts (« Google Fonts ») of the Provider Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. Privacy decleration:, Opt-Out:

Google Maps

We bind the maps of the service « Google Maps » of the Provider Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. To the processed data may include, in particular, users’ IP addresses and location data, but not without their consent (usually in the context of their attitudes Mobile devices completed). The data can be processed in the USA. Privacy Declaration:, Opt-Out:

Erstellt mit von RA Dr. Thomas Schwenke