Privacy policy

Privacy policy on the processing of data in accordance with Art. 13 EU General Data Protection Regulation (as of 19 December 2022)

We, Acopio Facility GmbH & Co. KG (hereinafter "Acopio", information about our company can be found here), a company within Covivio Immobilien SE, are pleased that you are visiting our website (www.coviviotoshare.de).

This privacy policy informs you about the processing of your personal data at Acopio and your existing data protection rights in this regard in accordance with the General Data Protection Regulation (GDPR) and the new Federal Data Protection Act (hereinafter referred to as "BDSG new").

If you have any questions about the content of the privacy policy, you can contact us at any time at the following address:

datenschutz@covivio.immo

As changes to the law or changes to our internal company processes may make it necessary to amend this privacy policy, we would like to draw your attention to occasional changes to this privacy policy.

§ 1 Scope of application

This privacy policy applies to the processing of your data in the context of your use of the Acopio website, which is available under the domain www.coviviotoshare.de as well as the various subdomains and individual pages (hereinafter collectively referred to as the "Website"). In addition, if you use the offers on the website as an interested party and/or tenant or have already concluded a rental agreement with us.

§ 2 Definitions

Receiver is a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular enquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.

Personal data is any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Person responsible is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

§ 3 Purposes and legal bases of data processing

In addition to the processing of your data to carry out pre-contractual measures or to fulfil a contract on the basis of Art. 6 para. 1 sentence 1 lit. b) GDPR and to fulfil a legal obligation pursuant to Art. 6 para. 1 sentence 1 lit. c) GDPR, we process your data in order to protect our legitimate interests or those of third parties, Art. 6 para. 1 sentence 1 lit. f) GDPR.

The processing of your personal data may be necessary, for example, to ensure IT security and IT operations, to obtain information on creditworthiness and to exchange data with credit agencies, for management and control by affiliated companies of the Covivio Group or the corresponding supervisory bodies or controlling bodies (e.g. for the billing of ancillary costs, for commercial administration and commissioning of third parties as vicarious agents (e.g. for repairs, maintenance, servicing, refurbishment, modernisation, emergency measures, for the collection of receivables by our receivables management and, if necessary, a debt collection or factoring company, for the assertion of legal claims

and defence in legal disputes by lawyers, for the settlement of insurance claims (e.g. building insurance, property insurance), for the prevention and investigation of criminal offences (if necessary also through video surveillance), to ensure building and plant security, to exercise information obligations in the context of requests for information from third parties (e.g. authorities), also for the verifiability of orders and other agreements, for internal evaluation to analyse the real estate market and the demand situation, for risk assessment (due diligence) in corporate transactions. The legal basis for data processing is Art. 6 para. 1

1 lit. b) and lit. c) GDPR and to protect our legitimate interests or those of third parties, Art. 6 para. 1 sentence 1 lit. f) GDPR.

We offer you various digital services The legal basis for this data processing is also the fulfilment of a contract on the basis of Art. 6 para. 1 sentence 1 lit. b) GDPR. If you contact our customer service by telephone or in writing, we will also process your personal data. The processing depends on the subject of your enquiry. In order to be able to process your enquiry as quickly as possible and to your satisfaction, we use personal data that has been stored in our systems as part of other data processing (e.g. data that you provided when arranging a viewing appointment with us or when concluding a rental agreement with us or during a previous customer contact). If you provide us with health data as part of your enquiry, we will only process this data to deal with your request. The legal basis for the processing of your personal data is, depending on the enquiry, contract initiation, execution or, if applicable, contract processing with you (Art. 6 para. 1 sentence 1 lit. b) GDPR), fulfilment of legal obligations towards you (Art. 6 para. 1 sentence 1 lit. c) GDPR) and our legitimate interest in answering your enquiry on the basis of Art. 6 para. 1 sentence 1 lit. f) GDPR.

As part of the sale of our properties, we process your personal data for the preparation, conclusion and execution of the purchase contract on the basis of 6 para. 1 sentence 1 lit. b) GDPR and on the basis of our legitimate interest in the sale of our properties on the basis of Art. 6 para. 1 sentence 1 lit. f) GDPR.

We process personal data of our advertising existing tenants and potential future tenants as part of the "Tenants recruit tenants" campaign on the basis of our legitimate interest in carrying out marketing measures and finding suitable new tenants for our properties on the basis of 6 para. 1 sentence 1 lit. f) GDPR and for the purpose of initiating a rental agreement with the interested party on the basis of Art. 6 para. 1 sentence 1 lit. b) GDPR.

We conduct customer surveys to determine and promote the satisfaction of our customers with the purpose of customising our services to your wishes and needs and to improve them. If you take part in such a customer survey, your personal data will be processed on the basis of Art. 6 para. 1 sentence 1 lit. f) GDPR.

In addition, we process your personal data to fulfil legal obligations such as regulatory requirements, age and identity checks where applicable, to prevent fraud and money laundering, to prevent, combat and investigate criminal offences, to fulfil legal, official or commercial and tax law retention or control and reporting obligations (such as, for example Legionella testing), to comply with the legally required rent review (legally compliant collection of rent, verification of occupancy of the property in accordance with legal requirements), due to official / judicial measures for the purpose of gathering evidence, criminal prosecution or the enforcement of legal claims, as well as to comply with legal obligations under the Federal Registration Act and the Housing Binding Obligations Act. In this case, the legal basis for the processing is the respective legal regulation in conjunction with Art. 6 para. 1 sentence 1 lit. c) GDPR.

In individual cases, your personal data may also be processed on the basis of your voluntarily given consent, 6 para. 1 sentence 1 lit. a) GDPR. We will inform you about the purposes and the consequences of not granting or withdrawing consent separately in the text. Withdrawal of consent is only effective for the future. Processing that took place before consent was withdrawn is not affected and remains lawful. This data is processed on the basis of our legitimate interest in finding suitable tenants for our properties on the basis of Art. 6 Para. 1 S. 1 lit. f) GDPR and for the purpose of initiating a rental agreement with the interested party on the basis of Art. 6 Para. 1 S. 1 lit. b) GDPR.

Further personal data may be processed in the context of the use of Coviviotoshare:

Meta/communication data (e.g. device IDs, IP addresses).

The data and information are stored under the data sovereignty of Acopio on the server of its external IT service provider/web hosting provider in Germany on the basis of overriding interests pursuant to Art. 6 para. 1 sentence 1 lit. f) GDPR.

Delivery address
Billing address

You can add this information after signing the tenancy agreement.

We need this data to verify your identity and to match the billing address given in the rental agreement in order to be able to send you any documents by post.

To get in touch with us, we offer you a contact form on our website

When using our contact form, the following data is requested, whereby the details marked with * are mandatory:

First name
Surname
E-mail address*
Message (as free text)

We use the data to fulfil your request to rent a furnished room and to contact you. We also use it to process your enquiry during the current tenancy.

This data is processed on the basis of Art. 6 para. 1 sentence 1 lit. b) and lit. f) GDPR for the duration of the response to the enquiry, for a maximum of three months and insofar as it is necessary for the fulfilment of statutory retention obligations (e.g. § 257 HGB or § 147 AO).

We would like to point out that you are not obliged to provide us with your personal data via our website. Every time you access our website and every time you retrieve a file, data about this process is automatically stored in a log file. These are

information on which pages were accessed, the time spent on the individual pages,
the exit page (i.e. the point at which you left the website), the search terms and the search engine that brought you to the website. coviviotoshare.com have forwarded,
the screen resolution,
the browser,
the operating system,
the country from which the access was made,
information on whether and when (date and time) downloads were made,
Date and time of the
The storage serves exclusively internal system-related and statistical purposes and is for the statistical recording of the use and optimisation of our website as well as to ensure data security and the smooth operation of the IT systems used for this purpose. The storage of data and information takes place under the data sovereignty of Acopio on the server of its external IT service provider/web hosting provider in Germany on the basis of overriding interests pursuant to Art. 6 para. 1 sentence 1 lit. f) GDPR and insofar as it is required by legal provisions (e.g. § 257 HGB or § 147 AO).

If we wish to process your personal data for a purpose not mentioned above, we will inform you in advance in accordance with the statutory provisions.

§ 4 Data protection of children

The protection of children on the Internet is a matter of course and particularly desirable for Acopio. For this reason, Acopio advises all parents and guardians to encourage their children to handle personal data on the Internet responsibly. Children should not transmit any personal data to Acopio or via the Internet without the consent of their parents or guardians.

§ 5 Use of cookies

We use so-called "cookies". Cookies are small text files that are sent to your browser by our web server during your visit to our website and stored on your device for later retrieval. We only use so-called session cookies (also known as "temporary cookies"), i.e. cookies that are only stored temporarily for the duration of your use of one of our websites.

The cookies used serve in particular to determine the frequency of use and the number of users of our websites and to continue to identify your end devices during a visit to our website or when switching from one of our websites to another of our websites and to be able to determine the end of your visit. In this way, we learn which area of our website and which other websites our users have visited.

We use the web analysis tool Matomo. This is open source software that is used to analyse access to the Acopio website. Matomo uses cookies. Your IP address is anonymised immediately after processing by masking the last two IP blocks. Only your anonymised IP address is stored. However, this usage data does not allow any conclusions to be drawn about the user. All of this anonymised usage data will not be merged with your personal data in accordance with § 2 of this privacy policy and will be deleted immediately after the end of the statistical analysis. At the end of the session, i.e. as soon as you end your browser session, the cookies on your end device are also deleted.

Most browsers are preset to accept cookies automatically. You can deactivate the storage of cookies or set your browser to notify you before cookies are stored. Users who do not accept cookies may not be able to access certain areas of our website.

You can decide here whether a unique web analysis cookie may be stored in your browser to enable Acopio, as the operator of the website, to collect and analyse various statistical data. If you wish to opt out, please click on the following link to place the Matomo deactivation cookie in your browser.

This website uses Borlabs Cookie, which sets a technically necessary cookie (borlabs-cookie) to save your cookie consent. If you wish to revoke this consent, simply delete the cookie in your browser. When you re-enter/reload the website, you will be asked for your cookie consent again. Borlabs Cookie does not process any personal data.

We use the open source map service "OpenStreetMaps" (also known as "OSM") from the OpenStreetMap Foundation, 132 Maney Hill Road, Sutton Coldfield, West Midlands, B72 1JU, United Kingdom. OSM is used to provide an interactive map on our website that shows you where our properties can be found.

This service enables us to display our website in an appealing way by loading map material from an external server. The following data is transmitted to the OSM server during the display: The pages of our website that you have visited and the IP address of your device. The legal basis for the processing of your data in relation to the "OSM" service is Art. 6 para. 1 sentence 1 letter f) GDPR (legitimate interest in data processing). The legitimate interest arises from our need for an appealing presentation of our online offer and the easy findability of the places indicated on our homepage.

You can find more information on the handling of user data in OSM's privacy policy: https://wiki.osmfoundation.org/wiki/Privacy_Policy

§ 6 Origin and categories of data that we do not receive directly from you

We process personal data that we have legitimately received from other companies or other third parties (e.g. credit agencies), insofar as this is necessary for the provision of our services. We also process personal data that we have legitimately obtained, received or acquired from publicly accessible sources (e.g. telephone directories, population registers, debtor directories, land registers, press, internet and other media) and are authorised to process. This includes, in particular, data categories such as contact data (e.g. name, address, e-mail address, telephone number), personal details (e.g. date of birth, profession/industry), registration data, information about your financial situation (creditworthiness data, such as data for assessing economic risk) and comparable data.

§ 7 Transfer of personal data to third parties

Your personal data will be passed on to third parties in accordance with the regulations, unless deviating regulations are contained elsewhere in this "Data protection" appendix. A transfer will only take place if this is necessary for the fulfilment of the purposes stated here or if you have consented to the transfer of your data.

Your personal data will be transmitted by us within the Covivio Group and to third parties commissioned by the Covivio Group as part of a process based on the division of labour within our Group for the preparation, execution and processing of your rental agreement or a purchase agreement. If you wish to sign the rental agreement including attachments using a simple digital signature, we will pass on the personal data required for this to DocuSign. You can find more information on data protection at DocuSign here: https://docusign.com/company/data-protection.

In order to fulfil our contractual and legal obligations, we make use of external property managers whose main task is the technical and commercial management of the property within which your rental property is located. This also includes third parties entrusted with advising on or maintaining our properties (e.g. craftsmen and other service providers in the context of damage repair and/or hazard prevention) or service providers commissioned to support our business processes (e.g. maintenance companies, measuring services, waste disposal service providers, financial service providers and IT service providers), banks and savings banks as well as external brokers to carry out property inspections as part of our rental process.

Specialised companies or divisions of our group of companies perform certain data processing tasks (e.g. IT services, customer service or services in connection with legal, tax and auditing) centrally for the companies affiliated in the Covivio Group. If and to the extent necessary for this purpose, these companies of the Covivio Group Germany will receive your personal data for the provision of these services within the scope of the above-mentioned purposes. The transfer of your personal data takes place on the basis of Art. 6 para. 1 sentence 1 lit. a), lit. b), lit. c) or lit. f) GDPR.

In the case of property sales, we transmit the tenant files and the current status of the rental collateral for the property in question to the buyer after the purchase agreement has been concluded. We may also transfer your personal data to estate agents and notaries. Your personal data is processed on the basis of Art. 6 para. 1 sentence 1 lit. c) GDPR so that we can fulfil our legal obligations towards buyers when selling our properties and to protect our legitimate interest in selling our rental properties and taking the measures necessary for this on the basis of Art. 6 para. 1 sentence 1 lit. f) GDPR.

In addition, your personal data may be passed on to other recipients to fulfil our legal obligations on the basis of 6 para. 1 sentence 1 lit. c) GDPR, such as to authorities to fulfil legal reporting obligations (e.g. tax authorities, social security institutions or law enforcement authorities). In addition, due to our legitimate interest in the context of a request for information to authorities, suppliers and network operators if sufficient conditions are met on the basis of Art. 6 para. 1 sentence 1 lit. f) GDPR.

In the event of breaches of duty under the tenancy agreement and resulting legal disputes, the data may be forwarded to credit agencies, possibly to external debt collection service providers and external lawyers. In addition, despite reminders having been sent to social and/or non-profit organisations and services in the event of rent arrears relevant to termination. Your personal data is processed on the basis of Art. 6 para. 1 sentence 1 lit. b) GDPR for the execution and processing of the rental agreement and on the basis of Art. 6 para. 1 sentence 1 lit. f) GDPR for the protection, defence and enforcement of our legitimate legal interests.

§ 8 Order data processing by external service providers

We sometimes use external service providers who process personal data on our behalf (e.g. IT service providers such as Immosolve GmbH as part of the letting process) as part of our housing brokerage services, our letting process and for conducting customer surveys. These service providers have been commissioned by us in writing and carefully selected. They are bound by our instructions and are regularly monitored by us with regard to compliance with data protection requirements.

All systems in which your personal data is stored and to which external service providers have access are password-protected and only accessible to those persons who need your data to process the purposes authorised by you. We ensure within the framework of the statutory provisions that the data is processed, used and transmitted to the relevant external service providers in the manner agreed here.

§ 9 Data storage abroad

We ensure the legally binding data protection in the European Union. In some cases - particularly for technical reasons - your data entrusted to us may be stored on servers outside the country (including outside the European Union) in which you originally entered the data. In this case, and in the event of a risk that countries to which your data is transferred are not subject to equally strict legal data protection as is the case in your home country or the country from which you use our services, we will ensure that your data is treated in accordance with the provisions of this privacy policy.

§ 10 Hyperlinks to external websites

Our website may contain so-called hyperlinks to websites of other providers. If you activate these hyperlinks, you will be forwarded directly from our website to the website of the other provider. You can recognise this by the change of URL, among other things.

Acopio has no influence on the design and content of third-party websites. We therefore cannot accept any responsibility for the confidential handling of your data on third-party websites, as we have no influence on whether these third parties comply with data protection regulations.

Please refer directly to the relevant websites for information on how your personal data is handled by these third parties.

§ 11 Security measures to protect the data stored by us

It is important to us to protect your privacy and to treat your personal data confidentially. We have taken extensive security precautions to prevent the loss or misuse of the data we store. We review these precautions at regular intervals and ensure that they meet the latest technical standards. Your data is stored in our

databases. The databases are only accessible to us and our employees who have been specially trained in data protection and, where applicable, to external service providers commissioned by us, with whom we agree an appropriate level of security.

We attach great importance to the standards we adhere to. However, we would like to point out that we cannot rule out the possibility that the rules of data protection and the security measures taken by us may also be observed by other persons or institutions outside our area of responsibility. For this reason, it is possible that unencrypted data disclosed via the Internet may be read by third parties. We have no technical influence over this. It is your responsibility to protect the data you provide against misuse through encryption or in any other way

§ 12 Duration of data storage

We only store your personal data for as long as this is permitted by law for the above-mentioned purposes.

Stored personal data will therefore be deleted if the storage of this data is no longer required to fulfil the purpose for which it was stored or if you have voluntarily provided us with your data with your consent and you have withdrawn this consent. Personal data may be stored for the period during which claims can be asserted against our company (statutory limitation period of three or up to thirty years). We also store your personal data insofar as we are legally obliged to do so. Corresponding proof and retention obligations arise from the German Commercial Code, the German Fiscal Code and the German Money Laundering Act, among others. The storage periods are up to ten years. Once the retention periods have expired, we will delete your data without you having to ask us to do so.

§ 13 Existence of automated decision-making in individual cases (including profiling)

We do not use purely automated decision-making processes in accordance with Article 22 GDPR or profiling.

§ 14 What rights do you have?

You have the opportunity to exercise various rights. For example, you have the right to

Information about which data we have stored about you. If, despite our endeavours to keep your data correct and up-to-date, we have stored incorrect data, we will correct it.
You also have the right to request the deletion of your data; we will comply with this request for deletion unless there is an exceptional case that justifies further processing.
In addition, you can request the restriction of processing if there is a legitimate reason for doing so.
Furthermore, you have the right to object to the data processing and the right to request a copy of the data and, if necessary, to have it transferred to another controller.
If you have given us your consent to process your data or if you have voluntarily provided us with your personal data in non-mandatory fields in the online forms on our website, you can revoke the processing of this data at any time with effect for the future.

In all of the above cases, please contact the organisation responsible for data processing:

Acopio Facility GmbH & Co. KG Essener Straße 66, 46047 Oberhausen

Phone: 0208 97064 - 0 datenschutzverantwortlicher@covivio.immo

The personally liable shareholder is Acopio GmbH, Essen (Essen Local Court HRB 26641)

If you have any questions, you can contact us and our data protection officer at any time.

datenschutzbeauftragter@covivio.immo

If you have reason to complain, you can also lodge a complaint with a supervisory authority. The supervisory authority primarily responsible for us is

State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia Kavalleriestr. 2-4

40213 Düsseldorf Phone: 0211/38424-0 Fax: 0211/38424-999

e-mail: poststelle@ldi.nrw.de

§ 15 Amendment of the privacy policy

The provisions of this privacy policy apply in the version valid at the time. The content of this privacy policy may be amended or changed. The updated data protection information applies from the time it is published on our website.

You will be given the opportunity to view, print and save the amended data protection information free of charge.