Data protection

This data protection information provides an overview of how we collect and process your data. Full details can be found in our privacy policy.

What data do we collect from you?

Upon visiting and using this website: access data (the time and date of your visit, the IP address, browser type and operating system you used, the pages you accessed and the page from which you navigated to this website), device data and location data (geographic data)
Personal and contact data (registration, contact form)
How do we collect your data?
Cookies, plug-ins, tracking
User input

For what purposes do we use your data?

To provide our products and services
To analyse how visitors use our website
For legal transactions
For customer information purposes

We also use your data for

Advertising and promotion
Information sharing with third parties (for the provision of our products and services)
Consent

What data can only be processed subject to your consent and for what purpose can it be processed?

Name
Gender
Date of birth
Address
Contact details (email addresses, phone numbers)
Shopping basket
Order and delivery data
Payment data

What are your rights?

Information and access
Erasure
Rectification
Objection

Ask our contact person

Olaf Felten
WFB Wirtschaftsförderung Bremen GmbH
Langenstrasse 2-4
28195 Bremen
Germany
Tel.: +49 (0)151 58 38 93 83
Email: datenschutz@wfb-bremen.de

Data protection

1. General information
2. Definition of terms
3. Contact person
4. Data protection information pursuant to Articles 13 and 14 EU GDPR
5. Cookies
6. Collection of general data and information
7. Legal basis for data processing
8. Use of automated decision-making
9. Rights of data subject
10. Protection of data in applications and during the application process
11. Payments and contracts

Plugins

1. General information

We are delighted that you are interested in our company. Data protection is very important to the management of Bremeninvest. The website pages of Bremeninvest can generally be used without providing any personal data. However, if a person wishes to access particular services of our company through our website, we may need to process personal data. If personal data needs to be processed and no statutory basis for this processing activity exists, we will generally ask the data subject to consent to the processing.

Personal data such as the name, address, email address or phone number of the data subject is always processed in a way that is compliant with the General Data Protection Regulation (GDPR) and with country-specific data protection rules that apply for Bremeninvest. The aim of this privacy policy is to inform the public about the way in which our company collects, processes and uses personal data and the scope and purpose of this collection, processing and use. It also serves to inform data subjects about their rights.

In its capacity as the controller of the processing and the operator of the website and its pages, Bremeninvest has implemented a variety of technical and organisational measures to ensure that personal data processed through our website is protected as seamlessly as possible. However, internet-based data transmission always involves a certain vulnerability and we are thus unable to offer any absolute guarantee in relation to the protection of data. Data subjects are therefore free to provide their personal data to us by other means of communication, for example over the phone.

2. Definition of terms

The privacy policy of Bremeninvest is based on the terminology used by EU legislators in the General Data Protection Regulation (GDPR). We want our privacy policy to be easy to read and understand for the general public, our customers and our business partners. We will therefore provide explanations of key terms used in the text below. This privacy policy includes, among others, the following terms:

2.1. Personal data

Personal data means any information relating to an identified or identifiable natural person (‘data subject’). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (IP address) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

2.2. Data subject

A data subject is any identified or identifiable natural person whose personal data is being processed by the controller.

2.3. Processing

Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

2.4. Restriction of processing

Restriction of processing means the marking of stored personal data with the aim of limiting its processing in the future during the statutory retention periods. This means that data will still be stored, but can only be used for certain processing purposes, such as audits by the tax authorities

2.5. Profiling

Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

2.6. Pseudonymisation

Pseudonymisation means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.

2.7. Controller in charge of the data processing

The controller is a natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

2.8. Joint controllers

Where several companies jointly process personal data and define the purposes and means of their data processing for joint tasks or projects, these companies may be considered ‘joint controllers’ within the meaning of Article 26 GDPR and may therefore establish joint data protection rules and joint measures to safeguard the rights of data subjects.

2.9. Processor

The processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

2.10. Recipient

The recipient is a natural or legal person, public authority, agency or another body, to which the personal data is disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.

2.11. Third party

A third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

2.12. Consent

Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

3. Contact person

The controller as defined in the General Data Protection Regulation, and the entity responsible within the meaning of other data protection legislation and provisions in relation to privacy that apply in the member states of the European Union, is:

WFB Wirtschaftsförderung Bremen GmbH
Kontorhaus am Markt
Langenstraße 2-4
(Eingang Stintbrücke 1)
28195 Bremen
Tel.: +49 (0) 421 9600-10
Email: mail@wfb-bremen.de
Website: www.wfb-bremen.de

3.1. Name and address of the data protection officer

The data protection officer of the controller is:

Olaf Felten
WFB Wirtschaftsförderung Bremen GmbH
Langenstrasse 2-4
28195 Bremen
Germany
Tel.: +49 (0)151 58 38 93 83
Email: datenschutz@wfb-bremen.de

Data subjects can contact our data protection officer directly with any questions or suggestions they may have in relation to data protection.

4. Data protection information pursuant to Articles 13 and 14 EU GDPR

As a controller, we have taken appropriate measures to ensure that all information under Articles 13 and 14 and all notices under Articles 15 to 22 and Article 34 are communicated to the data subject of a processing activity in a precise, transparent, understandable and easily accessible way using clear and simple language.

You can view this information or request a copy of it either by contacting your assigned representative at our company directly, sending an email to datenschutz@wfb-bremen.de, or downloading the information from our website.

5. Cookies

If you visit the Bremeninvest website and your browser settings are configured to accept cookies, we will assume that you are interested in using the services and offers of Bremeninvest.

5.1. What are cookies?

Cookies are small text files that are stored on your computer or other end device when you visit a website. The cookie information is subsequently retransmitted from your computer upon every visit to the website that placed the cookie.

Cookies are useful because they can help us make it easier for you to use our website. They enable us to see how users navigate our website and to analyse how our website offering is being used. In the long run, this will help us improve our online offering and make our website more user-friendly.

5.2. Cookies and their use by Bremeninvest

When you visit the website of Bremeninvest, you accept the use and storage of cookies. Most web browsers save cookies automatically. You can of course also view our website without accepting cookies.

Bremeninvest does not analyse any of your online movements, if you have:

not accepted cookies
enabled the Do Not Track function
enabled the opt-out function (see ‘Manage cookies’)
The steps for disabling the storing of cookies and enabling the Do Not Track function differ from browser to browser. You should usually be able to find instructions in the help section of your web browser.

5.3. Types of cookies used by Bremeninvest

Bremeninvest generally uses two types of cookies:

Session-Cookies

These are temporary cookies that are stored on your hard drive only for the duration of your visit to our website and will be deleted automatically when the browser is closed.

Bremeninvest uses session cookies to make sure that the user identification during visits to the Bremeninvest customer website section is uninterrupted, which ensures seamless functionality.

Using the customer section of the Bremeninvest website therefore requires the browser settings to be configured in such a way that session cookies are accepted.

Cookies with longer lifetime

Cookies with a longer lifetime are only used to analyse use of the website enabling us to continuously improve our service.
To analyse the surfing behaviour of users, WFB Wirtschaftsförderung Bremen GmbH uses the Matomo analysis tool. We have no way of associating this data with a specific person. This data is not collated with other data sources.
If a user makes use of this option, then the data entered into the input screen is transmitted to us and stored. The data required is:

Name
elephone number or
email address
Message
At the time of sending the message, the following data will also be stored: Date and time

5.4. Manage cookies (opt-out)

If you do not want Bremeninvest to store and analyse and information about your browsing behaviour, you are free to object to this at any time (opt-out).

If you choose not to accept cookies, an opt-out cookie will be deposited in your browser. This opt-out cookie does not contain any information and its sole purpose is to enable our website to recognise that you have opted out.

At this stage, you can decide whether you want to accept a unique web analysis cookie being stored in your browser in order to enable the website operator to collect and analyse a variety of statistical data.

If you decide against accepting this, you need to click on the following link in order to store the opt-out cookie in your browser.

Your visit to this website is currently being processed by Google Analytics. Please click here if you do not wish your visit to be processed.

5.5. Information on the opt-out cookie

Deleting all cookies from your hard drive will also delete the opt-out cookie. In this case, the opt-out procedure will need to be carried out again.

If you use several browsers or other end devices, you will need to complete the opt-out procedure for each individual browser on each device used to access the Bremeninvest website. We are not able to identify whether different website visits were made by the same person, end device or browser..

6. Collection of general data and information

The Bremeninvest website collects a set of general data and information upon every website access by a data subject or automated system. This general data and information is stored in the server log files. It may include (1) the browser type and version used to open the website, (2) the operating system used by the accessing system, (3) the website from which the accessing system navigated to our website (the ‘referrer’), (4) the sub-pages of our website that were visited by the accessing system, (5) the date and time of the website access, (6) an internet protocol address (IP address), (7) the internet service provider of the accessing system and (8) other comparable data and information that can be used to protect and defend our IT systems against attacks.

Bremeninvest does not trace this general data and information back to the data subject. The actual purpose of collecting this information is (1) to be able to render our website content correctly, (2) to optimise our website content and advertisements based on this information, (3) to ensure the long-term operability of our IT systems and our website technology and (4) to be able to provide criminal authorities with all information of relevance to the prosecution in the event of a cyber attack. This data and information is collected anonymously and is evaluated by Bremeninvest for statistical purposes and in order to increase data protection and data security in our company with the ultimate goal of ensuring an optimum level of protection for the personal data processed by us. The anonymous data in the server log files is stored separately from any personal data provided by a data subject..

6.1. Ways to contact us through our website

In keeping with statutory requirements, the website of Bremeninvest includes information on how to contact our company quickly by electronic means and how to communicate with us directly. This includes an email address. If a data subject contacts the controller by email or via an online contact form, the personal data submitted by the data subject will be stored automatically. Such personal data submitted voluntarily by the data subject to the controller will be stored for processing purposes or to establish contact with the data subject. This personal data will not be passed on to third parties.

6.2. Subscription to our newsletter

On the website of WFB Wirtschaftsförderung Bremen GmbH, users are given the opportunity to subscribe to the newsletter of our company. Which personal data are transmitted to the data controller when the newsletter is ordered results from the input mask used for this purpose.

The WFB Wirtschaftsförderung Bremen GmbH informs its customers and business partners at regular intervals by way of a newsletter about offers of the company. The newsletter of our company can only be received by the data subject if (1) the data subject has a valid email address and (2) the data subject registers for the newsletter. For legal reasons, a confirmation e-mail will be sent to the e-mail address entered by an affected person for the first time for newsletter mailing using the double-opt-in procedure. This confirmation email is used to check whether the owner of the e-mail address as the person concerned authorized the receipt of the newsletter.

When subscribing to the newsletter, we also store the IP address of the computer system used by the person concerned at the time of registration, as well as the date and time of registration, as assigned by the Internet Service Provider (ISP). The collection of this data is necessary in order to understand the (possible) misuse of an affected person’s e-mail address at a later date and therefore serves as legal safeguards for the controller.

The personal data collected in the context of registering for the newsletter will be used exclusively to send our newsletter. Subscribers to the newsletter may also be notified by e-mail if this is necessary for the operation of the newsletter service or registration, as might be the case in the event of changes to the newsletter or technical changes. There will be no transfer of the personal data collected as part of the newsletter service to third parties. Subscription to our newsletter may be terminated by the person concerned at any time. The consent to the storage of personal data that the data subject has given us for the newsletter dispatch can be revoked at any time. For the purpose of revoking the consent, there is a corresponding link in each newsletter. It is also possible to unsubscribe from the newsletter at any time, directly on the controller’s website, or to inform the controller in a different way.

6.3. Media-Service

On the website of WFB Wirtschaftsförderung Bremen GmbH, users are given the opportunity to register for the use of layout material (logos, photos, etc.). The personal data to be transmitted to the controller results from the input mask used for this purpose.

This offer can only be used by the data subject if (1) the data subject has a valid e-mail address and (2) the data subject registers for the offer. For legal reasons, a confirmation e-mail will be sent to the e-mail address entered by an affected person for the first time using the double-opt-in procedure. This confirmation email is used to check whether the owner of the e-mail address as the affected person has registered.

When registering, we also store the IP address assigned by the Internet Service Provider (ISP) of the computer system used by the data subject at the time of registration and the date and time of registration. The collection of this data is necessary in order to understand the (possible) misuse of an affected person’s e-mail address at a later date and therefore serves as legal safeguards for the controller.

The personal data collected as part of a registration for the Marketing Service will be used to control the lawful use of the materials stored in the Media Service. There is no transfer of the personal data collected to third parties. The registration can be terminated at any time by the data subject. The consent to the storage of personal data can be revoked at any time. For the purpose of the revocation of the consent is found in the confirmation email of the registration process, a link. It is also possible to notify the data controller directly by e-mail to internetredaktion@wfb-bremen.de or by phone on 0421 9600 0.

6.4. Customer and press information

On the website of WFB Wirtschaftsförderung Bremen GmbH, users are given the opportunity to obtain different information about our company by subscription electronically or by post. These are the newsletter, the customer magazine, the entry in the press distribution list and the press service. Which personal data are transmitted to the data controller when the newsletter is ordered results from the input mask used for this purpose.

WFB Wirtschaftsförderung Bremen GmbH informs its customers and business partners at regular intervals via electronic and postal channels about company offers. The information offered by our company can only be received by the data subject if (1) the data subject has a valid e-mail address and (2) the data subject registers for the offer. For legal reasons, a confirmation e-mail will be sent to the e-mail address registered by a data subject for the first time in a double-opt-in procedure. This confirmation email serves to check whether the owner of the e-mail address as the person concerned authorized the receipt of the information offer.

The personal data collected during the registration process for our information offers are used exclusively for the purpose of dispatch. In addition, subscribers to our offers may be informed by email, as may be required for the operation of the service or registration, as may be the case in the event of changes to the information offered or changes in the technical conditions. There is no transfer of the personal data collected in the context of the service to third parties, unless it is necessary for the fulfillment of the offer, such as in the case of sending the customer magazine. The subscription of our information offer can be terminated by the data subject at any time. The consent to the storage of personal data that the data subject has given us to send can be revoked at any time. For the purpose of revoking the consent, there is a corresponding link in every e-mail. It is also possible to notify the data controller directly by e-mail to internetredaktion@wfb-bremen.de or by phone on 0421 9600 0.

6.5. Real estate service / property finder

On the website of WFB Wirtschaftsförderung Bremen GmbH, users are given the opportunity to send property inquiries and real estate offers (entry in the property finder) via an electronic form to WFB Wirtschaftsförderung Bremen GmbH.

The transmitted personal data are automatically stored. Such personal information provided on a voluntary basis by a data subject to the controller is stored for the purposes of processing or contacting the data subject. A transfer of these personal data to third parties takes place if the data subject expressly agrees (entry in the property finder) or it is necessary for the processing of the request.

6.6. Routine erasure and blocking of personal data

The controller will process and store the personal data of data subjects only for the period of time that is required to achieve the purpose of the data storage, or in compliance with any laws or other provisions applicable to the controller that were implemented by EU legislators or by another competent legislator.

If the purpose for the data storage ceases to exist or if a data retention period determined by EU legislators or by another competent legislator expires, personal data is routinely blocked or erased in accordance with statutory provisions.

7. Legal basis for data processing

Article 6 (1) a GDPR provides the legal basis for our company’s processing activities for which we obtain the consent of the data subject for a particular processing purpose. If personal data needs to be processed to perform duties under a contract to which the data subject is a party, as for example in the case of processing activities required to deliver goods, perform a service or provide a consideration, such processing activities are based on Article 6 (1) b GDPR. The same applies for processing activities required to perform steps prior to entering into a contract, e.g. in relation to enquiries about our products or services. Where our company needs to process personal data to comply with legal obligations such as tax requirements, such processing activities are based on Article 6 (1) c GDPR. In rare cases, personal data may need to be processed to protect the vital interests of the data subject or of another natural person. This might, for example, be the case if a person visiting our company premises sustains an injury and the person’s name, age, health insurance details or other vital information need to be provided to a doctor, a hospital, or another third party. Such processing activities would be based on Article 6 (1) d GDPR. Last but not least, processing activities may also be based on Article 6 (1) f GDPR. This provision forms the legal basis for processing activities that are not covered by any of the above legal bases, provided that the processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject. Such processing activities are permitted, in particular, because European legislators have expressly provided for them. The legislators were of the opinion that a legitimate interest could be assumed to exist where the data subject is a client of the controller (recital 47 sentence 2 GDPR).

7.1. Legitimate interests in processing activities pursued by the controller or a third party

Where personal data is processed on the basis of Article 6 (1) f GDPR, our legitimate interest is to conduct our business activities for the benefit of our employees and shareholders.

7.2. Duration for which personal data is stored

The duration for which personal data will be stored is determined by the applicable statutory retention period. At the end of the prescribed retention period, standard procedure is to erase the data, provided it is no longer required for the performance of a contract or to take steps prior to entering into a contract.

7.3. Statutory or contractual requirements for the provision of personal data; data required for the formation of a contract; obligations of data subjects who provide personal data; possible consequences of a failure to provide data

We would like to clarify for you that in certain cases, the provision of personal data is required by law (e.g. tax laws) or contractual stipulations (e.g. information on the counterparty to an agreement). To form a contract, it may be necessary for a data subject to make personal data available to us that we will subsequently need to process. A data subject may, for example, be required to provide us with certain personal data if a contract is to be concluded between our company and the data subject. A failure to provide this personal data would make the conclusion of a contract with the data subject impossible. Before providing personal data, the data subject must contact our data protection officer. Based on the specifics of the individual case, our data protection officer will inform the data subject whether the provision of personal data is required by law or contract or is necessary to conclude a contract, whether the data subject is under any obligation to provide the personal data, and what the consequences of a failure to provide such personal data would be.

8. Use of automated decision-making

As a responsible business, we do not use automated decision-making processes or profiling.

9. Rights of data subjects

9.1. Right to be informed

The GDPR grants every data subject the right to be informed about the collection and use of their personal data. If a data subject wants to exercise this right to obtain information, the data subject may contact our data protection officer or any other employee of the controller at any time.

9.2. Right of access

The GDPR grants every data subject the right to access the personal data that is being stored and processed and to obtain a copy of this information from the controller free of charge. It furthermore grants every data subject the right to obtain information about:

the purposes of the processing
the categories of personal data concerned
the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations
where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing
the right to lodge a complaint with a supervisory authority
where the personal data is not collected from the data subject, any available information as to its source
the existence of automated decision-making, including profiling, referred to in Article 22 (1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject The data subject also has the right to obtain information as to whether their personal data was transferred to a third country or an international organisation. Where personal data is transferred to a third country or to an international organisation, the data subject has the right to be informed of the appropriate safeguards relating to the transfer.

If a data subject wants to exercise this right to obtain such information, he or she may contact our data protection officer or any other employee of the controller at any time.

9.3. Right to rectification

The GDPR grants every data subject the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject also has the right to have incomplete personal data completed, including by means of providing a supplementary statement.

If a data subject wishes to exercise this right to rectification, they may contact our data protection officer or any other employee of the controller at any time.

9.4. Right to erasure (‘right to be forgotten’)

The GDPR grants every data subject the right to demand that their personal data be erased without undue delay if one of the following reasons applies and if the processing is not required:

The personal data is no longer necessary for the purposes for which it was collected or otherwise processed.
The data subject withdraws the consent on which the processing is based according to Article 6 (1) a GDPR or Article 9 (2) a GDPR and there is no other lawful basis for the processing.
The data subject objects to the processing pursuant to Article 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21 (1) GDPR.
The personal data has been unlawfully processed.
The personal data has to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.
The personal data has been collected in relation to the offer of information society services referred to in Article 8 (1) GDPR.

If one of the aforementioned reasons applies and a data subject wishes to arrange for the erasure of the personal data that Bremeninvest holds about the data subject, he or she may contact our data protection officer or any other employee of the controller at any time. The data protection officer or other employee of Bremeninvest will ensure that the erasure request is executed without undue delay.

If the personal data has been published by Bremeninvest and if our company – in its capacity as the controller – is obliged to erase the personal data pursuant to Article 17 (1) GDPR, Bremeninvest will take appropriate measures, including technical measures, to inform other controllers in charge of processing the published personal data that the data subject has submitted a request for these controllers to erase any links to its personal data or copies or replicas of its personal data, unless the data is required for processing purposes; Bremeninvest will take account of available technological means and implementation costs when determining what measures are appropriate in this context. The data protection officer or other employee of Bremeninvest will initiate the necessary steps on a case-by-case basis.

9.5. Right to restrict processing

The GDPR grants every data subject the right to restrict the processing of their personal data where one of the following applies:

The accuracy of the personal data is contested by the data subject, whereby the restriction applies for a period enabling the controller to verify the accuracy of the personal data.
The processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of its use instead.
The controller no longer needs the personal data for the purposes of the processing, but it is required by the data subject for the establishment, exercise or defence of legal claims.
The data subject has objected to processing pursuant to Article 21 (1) pending verification of whether the legitimate grounds of the controller override those of the data subject.
If one of the aforementioned conditions applies and a data subject wishes to request a restriction of the processing of their personal data held by Bremeninvest, the data subject may contact our data protection officer or any other employee of the controller at any time. The data protection officer or other employee of Bremeninvest will initiate the restriction of processing accordingly.

9.6. Right to data portability

The GDPR grants every data subject the right to receive the personal data they have provided to a controller, in a structured, commonly used and machine-readable format. The data subject also has the right to transmit this data to another controller without hindrance from the controller to which the personal data has been provided, where the processing is based on consent pursuant to Article 6 (1) a GDPR or Article 9 (2) a GDPR or on a contract pursuant to Article 6 (1) b GDPR and the processing is carried out by automated means, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

In exercising his or her right to data portability pursuant to Article 20 (1) GDPR, the data subject has the right to have the personal data transmitted directly from one controller to another where technically feasible and provided the rights and freedoms of others are not adversely affected.

If a data subject wants to exercise this right to data portability, they may contact the data protection officer of Bremeninvest or any other employee of the company at any time.

9.7. Right to object

The GDPR grants every data subject the right to object at any time, on grounds relating to their own particular situation, to processing of their personal data which is based on Article 6 (1) e or f GDPR. This also applies to profiling based on those provisions.

In the event of an objection, Bremeninvest will no longer process the personal data unless it can demonstrate compelling legitimate grounds for the processing, which override the interests, rights and freedoms of the data subject, or if the processing is for the establishment, exercise or defence of legal claims.

Where personal data is processed by Bremeninvest for direct marketing purposes, the data subject shall have the right to object at any time to processing of their personal data for such marketing. This includes profiling to the extent that it is related to such direct marketing. Where the data subject objects to processing by Bremeninvest for direct marketing purposes, Bremeninvest will no longer be process personal data for such purposes.

Where personal data is processed by Bremeninvest for scientific or historical research purposes or statistical purposes pursuant to Article 89 (1) GDPR, the data subject, on grounds relating to his or her particular situation, has the right to object to processing of personal data concerning him or her, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

If a data subject wishes to exercise this right to object, he or she may approach the data protection officer of Bremeninvest directly or contact any other employee of the company. In relation to the use of information society services, the data subject may, at its free discretion, exercise its right to object by means of automated processes based on technical specifications, notwithstanding the provisions of Directive 2002/58/EC.

9.8. Automated individual decision-making, including profiling

The GDPR grants every data subject the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her, unless this decision (1) is necessary for entering into, or performance of, a contract between the data subject and a data controller, or (2) is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, or (3) is based on the data subject’s explicit consent.

If the decision is (1) necessary for entering into, or performance of, a contract between the data subject and a data controller or (2) based on the data subject’s explicit consent, Bremeninvest will implement suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision.

If the data subject wishes to exercise their rights in relation to automated decision-making, they may contact our data protection officer or any other employee of the controller at any time.

9.9. Right to withdraw consent to data processing

The GDPR grants every data subject the right to withdraw consent to the processing of their personal data at any time.

If the data subject wishes to exercise the right to withdraw consent, they may contact our data protection officer or any other employee of the controller at any time.

10. Protection of data in applications and during the application process ↑ top

The controller collects and processes personal data of applicants for the purposes of conducting the application procedure. Data may be processed using electronic methods. This applies in particular where applicants submit their application documents to the controller electronically, e.g. by email or through an online form provided on a website. If the controller and the applicant enter into an employment contract, the data submitted with the application will be stored, in accordance with statutory requirements, for the purposes of carrying out administrative tasks in relation to the employment relationship. If the controller and the applicant do not conclude an employment contract, the application documents will automatically be deleted two months after the applicant was informed that the application was unsuccessful, unless the data erasure conflicts with other legitimate interests of the controller. Other legitimate interests within the meaning of this provision include, but are not limited to, the requirement to furnish evidence in proceedings under the German General Equal Treatment Act (AGG).

11. Payments and contracts

11.1. Encrypted payments on this website

If you enter into a contract which requires you to send us your payment information (e.g. account number for direct debits), we will require this data to process your payment.

Payment transactions using common means of payment (Visa/MasterCard, direct debit) are only made via encrypted SSL connections. You can recognize an encrypted connection in your browser’s address line when it changes from “http://” to “https://” and the lock icon in your browser line is visible.

In the case of encrypted communication, any payment details you submit to us cannot be read by third parties.

Any credit card data provided to us in connection with booking requests will be transmitted in encrypted form using SSL technology and stored on external systems of a certified software service provider in accordance with the PSI-DSS security requirements of the major credit card issuers (Visa/MasterCard). Such data is not stored on our systems.

11.2. Processing of data (customer and contract data)

We collect, process, and use personal data only insofar as it is necessary to establish or modify legal relationships with us (master data). This is done based on Art. 6 (1) (b) GDPR, which allows the processing of data to fulfil a contract or for measures preliminary to a contract. We collect, process and use your personal data relating to use of our website (usage data) only to the extent required to enable you to access our service or to bill you for the same.

Collected customer data shall be deleted after completion of the order or termination of the business relationship. Legal retention periods remain unaffected.

11.3.Transmission of data in connection with contracts for services and digital content

We send personal data to third parties only if this is necessary in connection with the processing of contracts. Such third parties may include the bank that processes payments or the provider of the service you have booked, such as the hotel.

We do not transmit data for any other purpose, unless you have given your explicit consent. We will not forward your personal data to any third party, for example for marketing purposes, without your explicit consent.

Data is processed on the basis of Art. 6 (1) (b) GDPR, which permits processing that is necessary for the performance of a contract or in order to take steps prior to entering into a contract.

12. Data protection information of Bremer Aufbau-Bank GmbH according to Art. 13 and Art. 14 EU GDPR ↑ to the top

As the data controller, we have taken suitable measures to provide the data subject with all the processing-related information in accordance with Articles 13 and 14 and all processing-related notifications in accordance with Articles 15 to 22 and Article 34, in a precise, transparent, comprehensible and easily accessible manner, using simple, clear language.
You can either request this information directly from your contact in our company or view it at datenschutz@bab-bremen.de or you can download it here from our website.

Plugins

1. Analytics tools
2. Social media
3. Other plug-ins

1. Analytic tools

1.1. Data protection provisions regarding the use of Google Analytics (anonymisation feature applied)

The controller has integrated Google Analytics (anonymisation feature applied) as a component on this website. Google Analytics is a web analysis service. Web analysis refers to the collecting, aggregating and analysing of information on the behaviour of website visitors. A web analysis service collects data on the website from which a data subject navigates to the current website (the ‘referrer’), which sub-pages of the current website are accessed, and/or how often and for how long these sub-pages are accessed. Web analysis is primarily used to optimise websites and to analyse the costs and benefits of online advertising.

The Google Analytics component is operated by Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

The controller uses the code element ‘_gat._anonymizeIp’ for its web analysis activities through Google Analytics. The application of this code element means that the IP address of the internet access point used by a data subject is shortened and anonymised when our website is accessed from a location in a member state of the European Union or another signatory state to the agreement on the European Economic Area.

The purpose of the Google Analytics component is to analyse visitor flows on our website. The data and information collected is used by Google, among other purposes, to analyse traffic on our website, to prepare online reports for us that illustrate the activity on our website pages, and to provide further services in relation to the use of our website.

Google Analytics sets a cookie in the IT system of the data subject. Further details on the nature of cookies are provided in the corresponding section above. Setting cookies enables Google to analyse how visitors use our website. Every time an individual page of the controller’s website that is equipped with the Google Analytics component is accessed, the web browser of the data subject’s IT system is automatically prompted by Google Analytics to submit data for web analysis purposes. As part of this process, Google obtains knowledge of personal data such as the IP address of the data subject and this data is used by Google, among other purposes, to track the origin of visits and clicks and to calculate commission based on this information.

Cookies are used to store personal data such as the time and point of access and the frequency of visits to our website by the data subject. A transmission of this personal data, including the IP address of the data subject’s internet access point, to Google in the United States is triggered by each individual web page visit. The personal data is stored by Google in the United States. Google may pass on personal data collected by means of this method to third parties. The data subject can prevent our website from setting cookies by adjusting the internet browser settings as described above and can thereby object to the placement of cookies on a permanent basis. Configuring the internet browser settings in this way also prevents Google from placing a cookie on the data subject’s IT system. In addition, any cookies that have already been set by Google Analytics can be deleted at any time through the web browser or other software programs.

Data subjects can also object to personal data in relation to the use of this website being collected by Google Analytics and processed by Google and can prevent such data collection and processing. To do so, the data subject needs to download a browser add-on from https://tools.google.com/dlpage/gaoptout and install it on their device. This browser add-on uses JavaScript to indicate to Google Analytics that the transmission of data and information on website visits to Google Analytics has been prohibited. The installation of this browser add-on is treated by Google as an objection. If the IT system of the data subject is deleted, formatted or reinstalled at a later time, the data subject will need to install the browser add-on anew in order to disable Google Analytics. If the browser add-on is uninstalled or disabled by the data subject or another person under the control of the data subject, it is possible to reinstall or reactivate the browser add-on.

Further information and the applicable privacy policy issued by Google can be accessed at https://policies.google.com/privacy/ and at https://www.google.com/analytics/terms.Detailed information on Google Analytics can be found on https://www.google.com/intl/en_uk/analytics/.

2. Social media

2.1. Data protection provisions regarding the use of Shariff

The controller has integrated Shariff as a component on this website. The Shariff component embeds social media buttons on web pages in a manner that is compliant with data protection regulations. Shariff was developed for the German computer magazine c’t and is published by GitHub, Inc.

The developer of this component is GitHub, Inc. 88 Colin P. Kelly Junior Street, San Francisco, CA 94107, USA.

Button solutions provided by social networks typically transmit personal data to the corresponding social network as soon as a user accesses the web page on which a social media button is embedded. By using the Shariff component, personal data is transmitted to social networks only when a website user actively clicks on a social media button. Further information on the Shariff component is provided by the computer magazine c’t on http://www.heise.de/newsticker/meldung/Datenschutz-und-Social-Media-Der-c-t-Shariff-ist-im-Einsatz-2470103.html (German only). The purpose of using the Shariff component is to protect the personal data of those who visit our website, while also enabling us to embed social network buttons on our website.

Further information and the privacy policy of GitHub can be found on https://help.github.com/articles/github-privacy-policy/.

2.2. Data protection provisions regarding the use of Facebook

The controller has integrated components of Facebook on this website. Facebook is a social network.

A social network is a social platform provided on the internet, i.e. an online community that typically enables users to communicate and interact with each other in a virtual sphere. A social network can be used as a platform for sharing opinions and experiences, and it enables members of the online community to make personal or company-related information available to others. Facebook offers its social network users functionalities such as creating a personal profile, uploading photos and building a network of contacts by sending friendship requests to other users.

Facebook is operated by Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. In relation to data subjects based outside the US and Canada, the controller in charge of the data processing is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

Every time an individual page of the controller’s website that is equipped with the Facebook component (Facebook plug-in) is accessed, the web browser of the data subject’s IT system is automatically prompted by the integrated Facebook component to download a representation of the corresponding Facebook component from Facebook. An overview of all Facebook plug-ins can be accessed at facebook. As part of the aforementioned process, Facebook obtains information on which specific sub-page of our website the data subject is accessing.

If the data subject is logged into Facebook at the same time, Facebook is able to recognise the specific sub-pages of our website that the data subject is accessing every time the data subject visits our website and for the entire duration of each visit to our website. This information is collected by the Facebook component and allocated to the relevant Facebook account of the data subject. If the data subject uses one of the Facebook buttons embedded on our website – e.g. the ‘Like’ button – or posts a comment, Facebook allocates this information to the personal Facebook user account of the data subject and stores this personal data.

Facebook is notified by the Facebook component about the data subject visiting our website whenever the data subject is logged into Facebook whilst accessing our website; this happens regardless of whether or not the data subject clicks on the Facebook component. If the data subject does not wish this information to be provided to Facebook, they can prevent this data from being transmitted to Facebook by logging out of their Facebook account before visiting our website.

The privacy policy published by Facebook, which can be accessed at https://www.facebook.com/about/privacy/, provides further information on the collection, processing and use of personal data by Facebook. The policy also explains what adjustments data subjects can make to their Facebook settings in order to protect their privacy. Furthermore, there are various applications that enable data subjects to prevent data from being transmitted to Facebook, e.g. Facebook blockers. Applications of this type can be used by data subjects to suppress the transmission of data to Facebook.

2.3 Data protection provisions regarding the use of YouTube

The controller has integrated components of YouTube on this website. YouTube is an online video platform that enables video content publishers to make video clips available online for free and offers other users the possibility to view, rate and comment on these video contents for free. YouTube allows users to publish a wide range of content. Videos available on this platform therefore range from entire films and TV shows to music videos and trailers as well as videos produced by individual users.

YouTube is operated by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

Every time an individual page of the controller’s website with an embedded YouTube component (YouTube video) is accessed, the web browser of the data subject’s IT system is automatically prompted by the embedded YouTube component to download a representation of the corresponding YouTube component from YouTube. Further information about YouTube can be found at https://www.youtube.com/intl/en-GB/yt/about/. As part of the aforementioned process, YouTube and Google obtain information on which specific sub-page of our website the data subject is accessing.

If the data subject is logged into YouTube at the same time, YouTube can recognise the specific sub-page visited on our website every time the data subject accesses a sub-page that contains an embedded YouTube video. This information is collected by YouTube and Google and allocated to the relevant YouTube account of the data subject.

YouTube and Google are notified by the YouTube component about the data subject visiting our website whenever the data subject is logged into YouTube whilst accessing our website; this happens regardless of whether or not the data subject clicks on a YouTube video. If data subjects do not wish this information to be provided to YouTube and Google, they can prevent this data from being transmitted to these recipients by logging out of their YouTube account before visiting our website.

The privacy policy published by YouTube, which can be accessed at https://policies.google.com/privacy, provides further information on the collection, processing and use of personal data by YouTube and Google.

2.4. Data protection provisions regarding the use of Twitter

The controller has integrated components of Twitter on this website. Twitter is a multilingual, publicly accessible microblogging service that offers users the possibility to publish and distribute tweets, i.e. short messages limited to a lengths of 140 characters. These short messages can be accessed by anyone, including persons who do not have a Twitter account. Tweets are also displayed to the followers of a user. Followers are other Twitter users who follow the tweets of a particular user. In addition, Twitter also enables users to address a wider audience by using hashtags, links and retweets.

Twitter is operated by Twitter, Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA.

Every time an individual page of the controller’s website with an embedded Twitter component (Twitter button) is accessed, the web browser of the data subject’s IT system is automatically prompted by the embedded Twitter component to download a representation of the corresponding Twitter component from Twitter. Further information on Twitter buttons is available from https://about.twitter.com/de/resources/buttons. As part of the aforementioned process, Twitter obtains information on which specific sub-page of our website the data subject is accessing. The purpose of integrating a Twitter component is to enable users to share our website content, to promote our website in the digital sphere and to increase the number of visitors on our website as a result.

If the data subject is logged into Twitter at the same time, Twitter is able to recognise the specific sub-pages of our website that the data subject is accessing every time the data subject visits our website and for the entire duration of each visit to our website. This information is collected by the Twitter component and allocated to the relevant Twitter account of the data subject. If the data subject uses an embedded Twitter button on our website, the data and information transmitted by this action is allocated to the data subject’s personal Twitter user account and is stored and processed by Twitter.

Twitter is notified by the Twitter component about the data subject visiting our website whenever the data subject is logged into Twitter whilst accessing our website; this happens regardless of whether or not the data subject clicks on the Twitter component. If the data subject does not wish this information to be provided to Twitter, they can prevent this data from being transmitted to Twitter by logging out of their Twitter account before visiting our website. The privacy policy of Twitter can be accessed at https://twitter.com/en/privacy.

2.5. Data protection provisions regarding the use of LinkedIn

The controller has integrated components of the LinkedIn Corporation on this website. LinkedIn is a web-based social network that enables users to connect with existing business contacts and establish new business contacts. LinkedIn currently has more than 400 million registered users from more than 200 countries. It is therefore currently the largest platform for business contacts and one of the most visited websites in the world.

LinkedIn is operated by the LinkedIn Corporation, 2029 Stierlin Court Mountain View, CA 94043, USA. Matters of data protection outside the US fall within the scope of responsibility of LinkedIn Ireland, Privacy Policy Issues, Wilton Plaza, Wilton Place, Dublin 2, Ireland.

Every time an individual page of our website with an embedded LinkedIn component (LinkedIn plug-in) is accessed, the web browser used by the data subject is prompted by the embedded component to download a representation of the corresponding LinkedIn component from LinkedIn. Further information about LinkedIn plug-ins can be found at https://developer.linkedin.com/plugins. As part of the aforementioned process, LinkedIn obtains information on which specific sub-page of our website the data subject is accessing.

If the data subject is logged into LinkedIn at the same time, LinkedIn is able to recognise the specific sub-pages of our website that the data subject is accessing every time the data subject visits our website and for the entire duration of each visit to our website. This information is collected by the LinkedIn component and allocated to the relevant LinkedIn account of the data subject. If the data subject uses an embedded LinkedIn button on our website, LinkedIn allocates the information transmitted by this action to the data subject’s personal LinkedIn user account and stores and processes this personal data.

LinkedIn is notified by the LinkedIn component about the data subject visiting our website whenever the data subject is logged into LinkedIn whilst accessing our website; this happens regardless of whether or not the data subject clicks on the LinkedIn component. If the data subject does not wish this information to be provided to LinkedIn, they can prevent this data from being transmitted to LinkedIn by logging out of their LinkedIn account before visiting our website.

The LinkedIn web page https://www.linkedin.com/psettings/guest-controls offers users a range of options for managing email and text message notifications, unsubscribing from targeted advertising and adjusting their display settings. LinkedIn also uses partners such as Quantcast, Google Analytics, BlueKai, DoubleClick, Nielsen, Comscore, Eloqua and Lotame, all of which use cookie placement methods. Users can opt out of these cookies at https://www.linkedin.com/legal/cookie-policy. The privacy policy of LinkedIn can be accessed at https://www.linkedin.com/legal/privacy-policy. The cookie policy of LinkedIn can be accessed at https://www.linkedin.com/legal/cookie-policy.

3. Other plug-ins

3.1 Google Maps

This site uses the mapping service Google Maps via an API.

Provider is Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA.

To use the features of Google Maps, it is necessary to save your IP address. This information is usually transmitted to and stored on a Google server in the United States. The provider of this site has no influence on this data transfer. The use of Google Maps is in the interest of an attractive presentation of our online offers and an easy findability of the places we have indicated on the website. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f DSGVO. More information on handling user data can be found at privacy policy of Google. There you can also change your settings in the privacy center, so that you can manage and protect your data.

3.2 Property finder

Bremeninvest’s property finder is a search tool for commercial real estate in Bremen that is embedded on our website. The processor for this service offering is the company regio gmbh in Oldenburg. Users of this service should be aware of the following aspects in relation to data protection.

Statistical analysis using Matomo
The property finder service uses the open-source software Matomo (https://matomo.org/) to conduct statistical analyses of user access data. Cookies, i.e. small text files that are stored on your computer, are used for this purpose. The usage data obtained through these cookies is communicated to the server of the processor and stored there for the purpose of conducting usage analyses, which help us optimise our website. Your IP address is anonymised immediately in this process, i.e. users remain anonymous. The physical location of the processor’s server is in Germany. If you do not want this data about your visit of our website to be stored and analysed, you can object to the storage and use of your data at any time by clicking below. If you object to your data being stored and analysed, an opt-out cookie will be deposited on your computer, which will ensure that Matomo cannot collect any session data. Please note: Deleting all cookies from your hard drive will also delete the opt-out cookie, so you will subsequently need to re-enable it.

Objection
Use of Google reCaptcha and Google Maps The reCAPTCHA service of Google Inc. is used as a security feature for contact forms on property profile pages. The Google Maps service of the same company is used to provide map views. These features are subject to the data protection rules that apply to the website in which the service is embedded. These rules are set out in a different section of this privacy policy.