THE
FLAG

THE FLAG
Privacy Policy

We value your privacy

The purpose of this privacy policy is to inform you about the scope of the processing of your personal data (hereinafter referred to as "data").

1. Contact details of our data protection officer

Matthias Rosa, RMPrivacy GmbH, Große Langgasse 1a, 55116 Mainz, Germany
E-mail: datenschutz@the-flag.de

2. General information on data processing

We process data within the scope of our business and website operations.

Data may also be disclosed by transferring it to third parties and, where applicable, to so-called third countries outside the European Union ("EU") and the European Economic Area ("EEA"). Any data transferred outside the EU or the EEA has been marked accordingly below.

The relevant data, processing purposes, legal bases, recipients and, where applicable, transfers to third countries are also listed below:

3. Joint data processing in THE FLAG group

We process personal data jointly within the group in order to effectively manage personal data and group systems within the group. To do so, we transfer your data to affiliated companies in accordance with Section 18 of the German Stock Corporation Act (AktG), and process the data in systems that are operated jointly with our affiliated companies.

Please click here to view the parties involved in our group:
THE FLAG group
.

The legal basis for processing data jointly is our overriding legitimate interest in an effective administration and IT infrastructure pursuant to Art. 6(1)(f) GDPR.

We share responsibility with our affiliated companies for the processes that are subject to joint data processing pursuant to Art. 26 GDPR. We have defined the internal competencies and responsibilities accordingly in a binding contract.

The GDPR's information requirements shall be fulfilled by the company you initially contacted.

We designated Holding GmbH to safeguard the rights of data subjects. Please click here datenschutz@the-flag.de for contact. If you have any queries or wish to assert your data subject rights, you can also contact us at any time using the contact details provided in section 1. We shall then forward your request for processing.

Processes specifically tied to joint processing are marked accordingly below.

4. THE FLAG – Website

a) Data processing responsibility

Data processing responsibility when operating the website pursuant to the provisions of the General Data Protection Regulation (GDPR) lies with:

THE FLAG Holding GmbH
Listertalstraße 73
57439 Attendorn
Germany

Web: the-flag.de
E-mail: datenschutz@the-flag.de

If you have concluded a supplementary contract on the rental of furnishings

The Flag Service Frankfurt GmbH
Listertalstrasse 73
57439 Attendorn, Germany

is the exclusive data controller for the data regarding the fulfilment of this additional contract, and it may be contacted at the same e-mail address.

b) Log files for website visits

We log your website visit. This involves processing:

  • the name(s) of our website(s) you visit,
  • the date and time of visit,
  • the transmitted data volume,
  • the browser type and version,
  • your operating system,
  • the referrer URL (previously visited web page),
  • your IP address,
  • the requesting provider.

The legal basis for processing data is our overriding legitimate interest in the ongoing provision and security of our website pursuant to Art. 6(1)(f) GDPR.

The log file is deleted after seven days, unless it is needed to prove or clarify specific legal violations that have become known within the retention period.

c) Hosting

We use the services of web hosting providers that process the aforementioned data and all data to be processed regarding the operation of this website (log file when visiting the website) on our behalf in order to maintain our online presence.

Data processing is legally based on our overriding legitimate interest in maintaining our website pursuant to Art. 6(1)(f) GDPR.

d) Newsletter

We send out an e-mail newsletter to keep subscribers regularly informed about our company and products. After subscribing, we will process the data you have entered (e-mail address and other voluntary information). To prevent misuse, we will send you an e-mail requesting confirmation of your registration (double opt-in procedure). To verify legal compliance, we will log your registration, which includes time of registration and confirmation, as well as your IP address.

The legal basis for sending the newsletter by subscription is your consent pursuant to Art. 6(1)(a) GDPR. Data processed for the purpose of sending the confirmation e-mail for your registration and the associated logging of your data is pursuant to Art. 6(1)(f) GDPR on the basis of our legitimate interest in verifying your proper registration.

By granting your consent, we will not only evaluate whether you have opened the newsletter but your scrolling and clicking behaviour in the newsletter as well. This is done in order to optimally tailor our newsletter to your interests and improve our newsletter content. The legal basis for analysing the newsletter is your consent pursuant to Art. 6(1)(a) GDPR.

To send the newsletter, we use a service provider that processes the aforementioned data on our behalf.

This data is processed under joint responsibility pursuant to section 3 of this Privacy Policy.

e) Buyer profile

If you are interested in offering us a property for sale, we will process your contact details for pre-contractual correspondence and/or contract processing purposes.

The legal basis for processing the data is our obligation to fulfil the contract and/or to fulfil our pre-contractual obligations pursuant to Art. 6(1)(b) GDPR.

f) Use of cookies

We use so-called cookies on our website. Cookies are small text files that are stored on your end device (PC, smartphone, tablet, etc.) and saved by your browser.

Please refer to our Consent banner for information about the specific cookies we use, their providers and purposes. This is where you can grant your consent to the respective services as required under Section 25 (1) of the New German Telecommunications-Telemedia Data Protection Act (TTDSG), revoke this consent or adjust your settings at a later date.

We use a consent banner to document your selection of certain data processing procedures and to fulfil our data protection obligations. When you visit our website, your cookie preferences will be queried using a banner. We then place a cookie that stores data on any consent granted or revoked. Data is processed in order to fulfil our legal obligations pursuant to Art. 6(1)(c) GDPR.

g) Analysis / Marketing

aa) Google Services

Our website relies on various services provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter referred to as "Google"). Data may also be transferred to Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 in the USA.

Google is certified under the EU-U.S. Data Privacy Framework (DPF) and is covered by the EU-U.S. adequacy decision.

Google Analytics

Our website relies on the Google Analytics tracking tool from Google. We use Google Analytics to evaluate your use of the website, to compile reports on the activities on this website and to provide other services associated with website use in order to improve user-friendliness.

When Google Analytics is used, the interactions of website visitors are primarily recorded and systematically analysed with the help of cookies.

We use Google Analytics with the extension "anonymizeIP()". This truncates IP addresses within the member states of the EU or EEA. When data is transmitted to Google servers in the USA, the full IP address is only transmitted in exceptional cases and truncated there. A direct personal reference is therefore generally excluded. In particular, it is no longer possible to identify the computer or device used by the website visitor.

Google Analytics is used to process the following data:

  • 3 bytes of the IP address from the system accessed by the website visitor
    (anonymised IP address),
  • the visited website,
  • the website that directed the user to the page accessed on our website (referrer),
  • the subpages visited on the website,
  • the time spent on the website,
  • the frequency of website visits.

According to its own stated policy, Google will never associate your IP address with other Google data.

Legal basis and revocation

The legal basis for processing data in terms of the aforementioned Google services is your prior consent pursuant to Art. 6(1)(a) GDPR.

You can withdraw your consent at any time with effect for the future by adjusting your preferences in our Consent banner.

bb) Facebook Custom Audiences

We use a tracking pixel from Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, a subsidiary of Meta Platforms Inc. 1601, Willow Road, Menlo Park, CA 94025, USA, on our website. We use this pixel to track the effectiveness of our own Facebook advertising campaigns and to optimize the delivery of Facebook advertising campaigns to interested target groups.

Whenever you click on a Facebook ad or visit our website, the tracking pixel on our website will store a cookie on your device. This cookie can determine if you used a Facebook ad to visit our website, and helps us analyse your user behaviour until the point of purchase. This lets us track the success rate of our Facebook ad campaigns. Moreover, the tracking pixel processes data about your visit to our website and helps us tailor Facebook ads to your interests.

The tracking pixel embedded in our website will connect directly to Facebook’s servers whenever you visit our website. The information generated by the cookie about your use of this website (including your IP address) is transmitted to Facebook in the USA.

The collected data is anonymous and cannot be traced back to the user. If you are registered with Facebook, Facebook can then assign the collected information to your account. Even if you do not have a Facebook account or are not logged in when you visit our website, your IP address and other identification data may still be processed and stored by Facebook.

Cookies or comparable technologies are used with your consent on the basis of Section 25 (1) sentence 1 TTDSG. Data processing is legally based on your consent pursuant to Art. 6(1)(a) GDPR.

You can revoke your consent to the processing of data by Facebook Pixel for our web domain at any time with effect for the future by adjusting your preferences in our Consent banner.

Meta is certified under the EU-US Data Privacy Framework and is therefore covered by the EU-US adequacy decision.

h) Third-party content

We use dynamic content from third parties to optimize the presentation as well as the products and services offered on our website. Whenever you visit the website, a request is automatically sent to the server of the respective content provider via an interface, thereby transmitting certain log data (e.g. the user's IP address). This dynamic content is then transmitted to our website and displayed there.

We use third-party content in conjunction with the following functionalities:

aa) Integration of YouTube videos

We integrated videos from the "YouTube" portal of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google") on our website. Google does not store any cookies in your browser.

The legal basis for processing data is your prior consent pursuant to Art. 6(1)(a) GDPR.

Data transmission to Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, cannot be ruled out.

Google is certified under the EU-US Data Privacy Framework and is therefore covered by the EU-US adequacy decision.

bb) Google Fonts

We use external fonts from Google Fonts to enhance the user experience on our website. These fonts are loaded by the servers of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google") whenever you visit the site. Google does not store any cookies in your browser. However, according to our information, the IP address of the user's device is transmitted to Google and stored. Data is processed based on our overriding legitimate interest in the optimal marketing of our website pursuant to Art. 6(1)(f) GDPR.

Data transmission to Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, cannot be ruled out.

Google is certified under the EU-US Data Privacy Framework and is therefore covered by the EU-US adequacy decision.

cc) Yellow Maps

We use the map service "Yellow Maps" from Yellow Map AG, CAS-Weg 1-5, 76131 Karlsruhe, Germany, on our website to provide you with an interactive map. Your IP address is transmitted to Yellow Map servers whenever the map is displayed. Data is processed based on our overriding legitimate interest in the optimal marketing of our products and services pursuant to Art. 6(1)(f) GDPR.

6. Contact

When you contact us, we will process the following data from you for the purpose of processing and handling your enquiry: name, contact details (if provided by you) and your message.

The legal basis for processing your data is our obligation to fulfil the-contractual obligations and/or our pre-contractual obligations pursuant to Art. 6(1)(b) GDPR and/or our overriding legitimate interest in processing your enquiry pursuant to Art. 6(1)(f) GDPR.

This data is processed under joint responsibility pursuant to section 3 of this Privacy Policy.

7. Contact when applying

When you contact us to send us your application as an employee, e.g. by e-mail or via a contact form, the data you provide (e.g. name, e-mail address, desired work location, etc.), your message and the submitted application documents will be processed solely for the purpose of processing and handling your application enquiry.

The legal basis for processing your data is predominantly Section 26 of the German Federal Data Protection Act (BDSG). Accordingly, any data may be processed if this data is required regarding the decision to establish an employment relationship.

Should the data be required for legal prosecution after completion of the application process, this data may then be processed to safeguard our legitimate interests pursuant to Art. 6(1)(f) GDPR, namely to assert and/or defend against claims.

8. Inclusion in our applicant pool

If you wish, we will include your applicant profile in our applicant pool in order to consider and invite you to matching job descriptions.

The legal basis for your inclusion in our applicant pool is your consent pursuant to Art. 6(1)(a) GDPR.

9. Video surveillance in our buildings

From time to time, we make use of video surveillance in our properties. The monitored areas are marked with the following pictogram and notices:

We use video surveillance to protect against burglary and vandalism. The legal basis for this is our legitimate interest pursuant to Art. 6(1)(f) GDPR to protect property and prevent vandalism. All persons entering the demarcated area will be recorded. All recordings will be automatically deleted after 72 hours.

10. Data retention period

We only store personal data just as long as it is necessary for processing purposes or as long as your consent has been withdrawn. Where statutory retention obligations must be observed, the storage period for certain data may be up to 10 years, regardless of the processing purposes.

11. Your rights as a data subject

a) Right to information

You can request information about all the personal data we have stored about you free of charge at any time.

b) Right to rectification, erasure, blocking, objection

If you no longer agree to the storage of your personal data or if this data has become incorrect, we will then have your data erased or blocked, or make the necessary corrections (insofar as this is possible under the applicable law) if instructed to do so. The same applies if we are to restrict any future processing of your data. You have the right to object particularly in cases where your data is required for the fulfilment of a task that is in the public interest or in our legitimate interest, as well as in cases based on profiling. You also have the right to object in case we process data for direct marketing purposes.

c) Right to withdraw consent with effect for the future

You can revoke your consent at any time with effect for the future. Revocation of consent does not affect the lawfulness of data processed up to the time of revocation.

d) Right to data portability

You have the right to data portability if data is processed based on a contract, pre-contractual negotiations, consent or with the aid of automated processes. If requested, we will prepare your data in a commonly used, structured and machine-readable format so that you can transmit the data to another controller.

e) Right to restriction of processing

Data that does not enable us to identify the data subject, e.g. if it has been anonymised for analysis purposes, is not covered by the above rights. This data may be accessed, erased, blocked, corrected or transferred to another company if you provide us with additional information that allows us to identify you.

f) Rights of data subjects and Right to lodge a complaint

If you have any questions about how your personal data is processed, or if you wish to request information, rectification, blocking, objection or erasure of data, or if you wish to transfer your data to another company, please contact: datenschutz@the-flag.de.

You also have the right to lodge a complaint with a supervisory authority if you feel that your rights as a data subject have been breached.