privacy policy

Data protection


This privacy policy informs you about the types of personal data (referred to in the following as “data”) we process, why we do so and to what extent. The privacy policy applies to all processing of personal data carried out by us, both in the context of providing our services and, in particular, on our websites, in mobile applications and within external online presences such as our social media profiles (referred to collectively in the following as the “online presence”).

Status: September 3, 2019

Table of contents

von Saldern Immobilien GmbH
An den Pferdekoppeln 34
15806 Zossen

Authorised representatives: Axel von Saldern

Email address:

Phone: +49 176 100 200 48

Site Notice:

Overview of the processing operations

The following table summarises the types of data processed and the purposes of processing in relation to data subjects.

Types of data processed
  • Content data (e.g. text entries, photographs, videos).

  • Meta/communication data (e.g. device information, IP addresses).

  • Usage data (e.g. websites visited, interest in content, access times).

Categories of data subjects
  • Users (e.g. website visitors, users of online services).

Purpose of processing

  • Provision of our online presence and ease of use.

  • Contractual performance and service.


Relevant legal bases

The following section defines the legal bases as set out in the General Data Protection Regulation (GDPR) that entitle us to process personal data. Please be aware that in addition to the provisions of the GDPR, national data protection regulations may apply in your or our country of residence and domicile.

  • Consent (Art. 6 para. 1 sentence 1 point a) GDPR – The data subject has provided consent to the processing of personal data concerning them for one or more specific purposes.

  • Legitimate interests (Art. 6 para. 1 sentence 1 point f) GDPR) – The processing is necessary to protect the legitimate interests of the controller or of a third party, unless the interests or fundamental rights and freedoms of the data subject which require the protection of personal data outweigh the processing.

National data protection regulations in Switzerland: National regulations on data protection apply in Switzerland in addition to the provisions as set out in the General Data Protection Regulation. These include, in particular, the Federal Law on Data Protection (DSG). The DSG applies in particular if no EU/EEC citizens are affected and, for example, only data concerning Swiss citizens is processed.

Security measures

We implement appropriate technical and organisational measures in accordance with the legal requirements, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing, as well as the different probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons, in order to ensure a level of protection commensurate with the risk.

These measures include in particular the safeguarding of confidentiality, integrity and availability of data by controlling physical and electronic access to data as well as input, disclosure, safeguarding of availability and segregation of data relating thereto. Furthermore, we have established procedures to ensure that data subjects’ rights are exercised, data is erased, and responses are made to any threats to the data. In addition, we take the protection of personal data into account as early as the development or selection of hardware, software and processes in accordance with the principle of data protection, by designing technology and by using data protection-friendly default settings.

SSL encryption (https): We use SSL encryption to protect your data transferred via our online presence. You can recognise encrypted connections by the prefix https:// in the address bar of your browser.

Transfer and disclosure of personal data

It is possible that during processing of personal data, data may be transferred or disclosed to other bodies, companies, legally independent organisational units or persons. The recipients of this data may include, for example, payment institutions in the context of payment transactions, service providers commissioned with IT tasks or providers of services and content that are integrated into a website. In such cases we observe the legal requirements and in particular conclude appropriate contracts or agreements with the recipients of your data which are intended to protect your data.

Transfer of information within the organisationWe may transfer or grant access to personal information to other entities within our organisation. If this transfer is for administrative purposes, the transfer of the data is based on our legitimate business and commercial interests; it may also occur if it is necessary for performance of our contractual obligations, if the consent of the data subject has been obtained or such operations are permitted by law.

Use of cookies

Cookies are small files that are stored on the user’s device. Cookies are used to store a variety of information. The information may include, for example, the language settings on a website, the login status, a shopping cart or the location where a video was watched.

As a rule, cookies are also used when the interests of a user or their behaviour (e.g. viewing certain contents, using functions etc.) are stored on individual web pages in a user profile. Such profiles are used to show users content and for other purposes that correspond to their potential interests. This procedure is also known as “tracking”, i.e. monitoring the potential interests of users. The term “cookies” also covers other technologies that perform the same functions as cookies (e.g. when user information is stored using pseudonymous online identifiers, also known as “user IDs”).

If we use cookies or tracking technologies, we will inform you separately in our privacy policy.

Information on legal bases: The legal basis on which we process your personal data using cookies depends on whether we ask for your consent. If this is the case and you consent to the use of cookies, the legal basis for processing your data is the declared consent. Otherwise, the data processed with the assistance of cookies will be processed on the basis of our legitimate interests (e.g. in the efficient operation of our online presence and its improvement) or if the use of cookies is necessary for compliance with our contractual obligations.

Withdrawal and objection (opt-out): Regardless of whether processing is based on consent or legal permission, you have the right at any time to withdraw your given consent or to object to the processing of your data by cookie technologies (collectively referred to as “opt-out").

You can initially declare your objection by adjusting your browser settings, e.g. by disabling the use of cookies (please note that doing so may limit the available functions on our online presence).

A variety of services are also available to object to the use of cookies for online marketing purposes, especially in the case of tracking; they can be accessed on the US site or the EU site or generally on

Processing of cookie data based on consent: Before we process or commission the processing of data within the framework of using cookies, we ask users for their consent, which can be withdrawn at any time. Prior to obtaining consent, we will only use cookies where this is necessary for the operation of our online presence. Their use is based on our interest and the interest of our users in the expected functionality of the online presence.

  • Types of processed data: Usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).

  • Data subjects: Users (e.g. website visitors, users of online services).

  • Legal basis: Consent (Art. 6 para. 1 sentence 1 point a) GDPR), legitimate interests (Art. 6 para. 1 sentence 1 point f) GDPR).

Provision of the online presence and web hosting

We use the services of one or more web hosting providers in order to provide our online presence securely and efficiently. The online presence can be accessed on the servers of these providers (or on servers managed by them). In this regard, we may use infrastructure and platform services, computing capacity, storage space and database services, as well as security and technical maintenance services.

The data processed during delivery of the hosting services may include all data relating to the users of our online presence, which is generated during usage and communication. This ordinarily includes the IP address, which is necessary to be able to deliver the contents of online presences to browsers, and all data entered in our online presence or made by websites.

Email dispatch and hosting: The web hosting services we use also include the dispatch, receipt and storage of emails. For these purposes, processing includes the addresses of the recipients and senders, as well as other information concerning the email dispatch (e.g. the providers involved) and the contents of the respective emails. The aforementioned data may also be processed for the purpose of SPAM detection. Please note that emails on the Internet are not sent in an encrypted form in general. As a rule, emails are encrypted in transit, but (unless a so-called end-to-end encryption method is used) not on the servers from which they are sent and on which they are received. We are therefore unable to accept any responsibility for the transmission route of these emails between the sender and their receipt on our server.

Collection of access data and log files: We (or our web hosting provider) collect data concerning each access to the server (known as server log files). Server log files may include the address and name of the web pages and files accessed, date and time of access, data volume transferred, notification of successful access, browser type and version, the user’s operating system, referrer URL (the most recently visited page) and, as a rule, IP addresses and the requesting provider.

The server log files can be used for security purposes, e.g. to avoid overloading the servers (especially in the case of abusive attacks, known as DDoS attacks) and to ensure efficient utilisation of the servers and their stability.

  • Types of processed data: Content data (e.g. text entries, photographs, videos), usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).

  • Data subjects: Users (e.g. website visitors, users of online services).

  • Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 point f) GDPR).

Plugins and embedded functions and content

We include in our online presence functional and content elements that are obtained from the servers of their individual providers (referred to in the following as “third-party providers”). This may include artwork, videos or social media buttons and contributions (collectively referred to in the following as “content”).

Where these elements are integrated, it is necessary for the third-party content providers to process the IP address of users, as they would not be able to send content to the users’ browsers without the IP address. The IP address is therefore required to display these contents or functions. We make every effort to only include content if the individual providers use the IP address exclusively to deliver the content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. The pixel tags can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user’s device and cam contain technical information about the browser and operating system, the linked websites, the time of visit and other details about the use of our online offer. The data may also be associated with information from other sources.

Information on legal bases: If we ask users for their consent to use the third-party providers, the basis for processing data is consent. Otherwise, the users’ data will be processed on the basis of our legitimate interests (i.e. interest in efficient, economic and user-friendly services). Kindly refer to the information on the use of cookies in this privacy policy.

  • Types of processed data: Usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).

  • Data subjects: Users (e.g. website visitors, users of online services).

  • Purposes of processing: Provision of our online presence and user-friendliness, contractual performance and service.

  • Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 point f) GDPR).

Used services and service providers:

Erasure of data

The data processed by us is erased in compliance with the legal requirements as soon as the consent to their processing is withdrawn or other permissions cease to apply (e.g. if the purpose for which the data were processed is no longer applicable or if the data is not necessary for the intended purpose).

Where data is not erased as it is needed for other lawful purposes, its processing will be restricted to these purposes. This means that the data is blocked and not processed for other purposes. This applies, for example, to data that must be stored for longer periods for compliance with commercial or tax law or that must be stored for the purpose of establishing, exercising or defending legal claims or protecting the rights of other natural or legal persons.

For more information on the erasure of personal data, please refer to the individual provisions on data protection in this privacy policy.

Changes and additions to the privacy policy

We kindly request that you read our privacy policy on a regular basis. We will amend privacy policy as soon as this is necessary to reflect changes in the data processing carried out by us. We will notify you without delay when the changes require you to take action (e.g. to give your consent) or whenever separate notification is necessary.

Definitions of terms

This section provides an overview of the terms that are used in this privacy policy. Many of the terms are taken from the law and are defined above all in Art. 4 GDPR. The legal definitions are binding. The following explanations, on the other hand, are primarily intended to help you understand them. The terms are sorted alphabetically.

  • Personal data: 'Personal data' means any information relating to an identified or identifiable natural person (hereinafter referred to as 'data subject'); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. a cookie) or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person
  • Controller: 'Controller' means the natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data
  • Processing: 'Processing' means any operation or set of operations which is performed upon personal data, whether or not by automatic means. The term is broad and covers practically all handling of data, whether it is collection, analysis, storage, transfer or erasure.

Created using
by Dr. jur. Thomas Schwenke

Any questions?

+49 176 100 200 48

+49 176 100 200 94