Data Privacy Policy

We’re delighted to have you visit our website, and we appreciate your interest in our company. Safeguarding your personal data is a matter of trust, and the trust you place in us is something we take very seriously. That’s why we are committed to handling your personal information responsibly and protecting it from misuse in line with legal requirements. We adhere to all relevant regulations for data protection and security.

This privacy notice explains when and how we collect your data, what we store, and how we use it. Our data protection practices meet European standards, specifically in compliance with the General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG), and the Telecommunications-Telemedia Data Protection Act (TTDSG).

 

Name and contact details of the data controller (Art. 4 No. 7 GDPR):

You can generally visit our websites without telling us who you are. Our web servers will automatically store information of a general nature, including the type of web browser, the operating system used, the domain name of your Internet service provider, the website from which you are visiting us, which of our websites you visit, and the date and length of each visit. None of the information we collect allows any inference as to your identity. We analyze these data only for statistical purposes and only in anonymous form.

However, in some cases we will need such personal data from you, specifically:

• if you sign up for our newsletter in order to receive free information, or

• when you contact us.

In that case we will use your personal data to inform you of services and offers. We will not transfer your data to any third parties except with your consent. To be able to contact you more easily and quickly than would be possible by mail, we ask that you provide us with your e-mail address. Of course, we will not use your e-mail address for advertising purposes except with your express consent. Provided that we have received your consent, we may also use your personal data for market research performed on behalf of GP Con GmbH and for the purposes stated below.

 

Data Protection Officer

The GP Con GmbH has appointed an external Data Protection Officer.
You can reach them at the following address:

GP Con GmbH
Data Protection Officer
Senckenberganlage 21
60325 Frankfurt am Main
E-Mail: datenschutz@gross-partner.de

 

Collection and Processing of Personal Data When Using the Website

You can browse our website without having to provide any personal information. However, our web servers automatically collect technical data during your visit. This includes your web browser type, operating system, IP address, internet service provider, the website that referred you to us, the pages you visit on our site, as well as the date and duration of your visit. Processing this data, especially your IP address, is essential to ensure the website functions properly, as your IP address must be stored for the duration of your session. We do not combine this data with other sources. The legal basis for processing this data to enable website use is Article 6(1)(f) GDPR, based on our legitimate interest in providing our services.

Additionally, we store and analyze this data solely for statistical purposes, using anonymized information to assess how our website is used and to improve and optimize our services. This is also done based on Article 6(1)(f) GDPR, with our legitimate interest focused on continuously enhancing our offerings to provide you with the best possible user experience.

 

Type and Scope of Additional Data Collection and Processing

In certain situations, we may need to collect your personal data, including:

• when providing our services, such as managing a real estate development company and handling related transactions;
• when you get in touch with us;
• when you subscribe to our newsletter to receive free updates or participate in surveys.

 

Provision of Services and Contact Inquiries

We only collect or process personal data when you provide it voluntarily, such as when making an inquiry. In this case, your details, including your contact information, will be stored and used to fulfill the purpose of your request, such as processing your inquiry and addressing any follow-up questions. The legal basis for storing and using this data is Article 6(1)(b) GDPR, as long as your personal data is provided to initiate a potential contract with us. In such instances, providing your personal information is necessary to proceed with a contract, as outlined in Article 13(2)(e) GDPR.

If your data is not needed for a contract, we store and use it based on Article 6(1)(f) GDPR, with our legitimate interest being to carefully handle your request.

If you hire us to provide a service or if we use your services, we only collect, store, and use your personal data to the extent necessary to deliver the service or fulfill the contract. The legal basis for this data processing is Article 6(1)(b) GDPR. In some cases, we may need to share your personal data with companies involved in providing the service or executing the contract, such as transportation companies or other service providers. This data sharing is also conducted under Article 6(1)(b) GDPR.

Whenever data processing is necessary for fulfilling a contract, providing your personal information is required (see Article 13(2)(e) GDPR). Without it, we cannot proceed with the contract.

 

Data Processing During the Application Process

The personal data you provide as part of your application (typically including contact information, your cover letter, and supporting documents such as certificates, collectively referred to as “application data”) will be stored and used solely for the purpose of managing the application process. Your data will not be shared with third parties outside GP Con GmbH without your explicit consent. Only HR staff and the relevant hiring manager will have access to your information. If you are invited for a second interview, where you meet future colleagues, they may receive your resume to help prepare for the discussion. Everyone involved is bound by strict confidentiality and will treat your application with the utmost discretion.

The collection and processing of your data in connection with an open position at GP Con GmbH is in accordance with Article 88 GDPR and Section 26(1) and (3) of the Federal Data Protection Act (BDSG). If we wish to retain your personal data in our applicant management system for up to one year following the application process, this will be based on your voluntary consent, which we may request separately during the process in line with Article 6(1)(a) GDPR. Otherwise, your data (application details and interview notes) will be permanently deleted from our system no later than six months after the application process concludes, unless there are legitimate reasons to retain it.

We use the applicant management tool provided by Personio SE & Co. KG, Seidlstraße 3, 80335 Munich, Germany (“Personio”) to facilitate the application process. This tool helps us streamline the process for both our team and applicants by allowing us to manage all relevant information in one place, communicate with candidates, and schedule interviews easily. Personio processes application data and interview results exclusively on our behalf and under our instructions, and never for its own purposes. We have signed a data processing agreement with Personio in compliance with Article 28 GDPR.

 

Use of Cookies

We use cookies and similar technologies in certain areas of our website (referred to collectively as “cookies”). Cookies are small text files that are stored on your device by a website. They do not harm your computer or contain viruses. The cookies on our website do not collect any personal data. We use the information in cookies to make your experience on our site more convenient and tailored to your preferences.

Most of the cookies we use are deleted automatically when you leave the site (“session cookies”). Some cookies, known as “persistent cookies,” remain on your device after your visit. These allow us to recognize your browser the next time you visit. Persistent cookies used on this site are stored for a maximum of 2 years and are then automatically deleted. You can delete stored cookies at any time in your browser’s settings.

Cookies can be grouped by function:

Necessary cookies: These cookies are essential for navigating the site, using basic features, and ensuring the website’s security. They do not collect marketing information or track other websites you visit. The legal basis for using these cookies is Section 25(2)(2) TTDSG, as they are technically required for the secure operation of the website. Data processing for necessary cookies is based on Article 6(1)(f) GDPR, as our legitimate interest is to provide a fully functional and secure website.

With your consent, we may also use statistical and marketing cookies. These non-essential cookies will only be used with your explicit, active, and revocable consent, in accordance with Section 25(1) TTDSG. Any further processing of the data collected through these cookies is based on your consent under Article 6(1)(a) GDPR. You can find more information on the functionality of these cookies in our cookie banner (where you can manage your consent) and in this privacy policy under the relevant sections.

You have the right to withdraw your consent at any time. The data processing carried out before your withdrawal remains lawful. You can also adjust your cookie settings at any time.

You can, of course, use our website without cookies. If you prefer not to have cookies stored on your device, you can disable them in your browser settings. However, disabling cookies may limit the functionality of some features of our online services.

 

Google Analytics

With your consent, we use Google Analytics on our website (with anonymization enabled). Google Analytics is a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin, Ireland (“Google Ltd.”), a subsidiary of Google LLC, based in Mountain View, California, USA (“Google”). To simplify management, we also use Google Tag Manager (for more on this, refer to the “Google Tag Manager” section later in this privacy policy).

Google Analytics helps us track and analyze visitor traffic and behavior on our website. This includes gathering data such as the referring website, access times, visit frequency, location, and details about which parts of our website are being accessed and for how long. The insights we gain help us optimize our website and make it more engaging for users.

Google Analytics uses cookies to analyze your interactions with our website. These cookies are stored on your device for up to two years and are then automatically deleted. The information generated by these cookies about your use of the website is usually transmitted to and stored on Google’s servers in the USA. Additionally, Google Analytics records your device’s IP address to ensure service security and help us understand from which country, region, or city users are accessing our website (“IP location tracking”). We use Google Analytics with the IP anonymization feature (“IP masking”), meaning that your IP address is shortened before being sent to Google servers if you are in the EU or another European Economic Area member state. Google uses this information on our behalf to evaluate website usage, generate reports on website activity, and provide other services related to website and internet usage.

Google may also use the data collected by Google Analytics for its own purposes, as outlined in Google’s privacy policy. This data could be stored in user profiles and used to improve products, develop new services, measure ad effectiveness, conduct market research, and personalize content and ads. If you’re logged into your Google account, your data may be linked directly to your account. If you don’t want this, you must log out of your Google account before using Google Analytics. We have no control over how Google further processes your data. You can find more information in Google’s privacy policy: https://policies.google.com/privacy.

For more details about how data is processed by Google Analytics, visit http://google.com/analytics/terms/de.html or support.google.com/analytics/answer/6004245?hl=de.

It’s possible that personal data collected through Google Analytics could be transferred to Google’s servers in the USA. For such transfers, the EU-U.S. Data Privacy Framework provides an adequacy decision from the European Commission, ensuring that companies certified under this framework meet GDPR standards for data protection. Google is certified under this framework and is listed in the U.S. Department of Commerce’s Data Privacy Framework List, ensuring a high level of data protection when transferring data to Google’s servers in the USA. Any such transfers are conducted under Article 45(1) of the GDPR.

We only use Google Analytics on our website with your explicit consent. The legal basis for using Google Analytics cookies and accessing the data stored in them is Section 25(1) of the TTDSG. The legal basis for further data processing by Google Analytics is Article 6(1)(a) of the GDPR. You have the right to withdraw your consent at any time, with future effect. The legality of data processing carried out prior to your withdrawal remains unaffected.

 

Google Tag Manager

Our website uses Google Tag Manager, a service from Google Ltd., a subsidiary of Google. This tool enables us to manage website tags through a single platform. Google Tag Manager itself does not use cookies and does not collect any personal data. It simply triggers other tags, which may collect data. However, Google Tag Manager does not have access to this data. If you have disabled tracking at the domain or cookie level, this will apply to all tracking tags managed through Google Tag Manager.

Further information on data protection can be found on the following Google websites:

 

Cookiebot

We use Cookiebot, a consent management tool from Usercentrics A/S, Havnegade 39, 1058 Copenhagen, Denmark (“Usercentrics”), to display a cookie banner on our website. This banner informs visitors about optional cookies, allows them to configure or manage their preferences, and documents any consent they provide.

When you visit our website, Cookiebot displays information about the optional cookies in use and offers settings options. During this process, a server connection is established with the tool provider, and technical information about your device (such as operating system, browser version, language, and IP address), the URL of the page you visited, your approximate location, and details about your chosen cookie preferences (such as categories, date, and time) are transmitted to Usercentrics. Usercentrics only stores this data to the extent necessary for documenting your consent.

The preferences you set are stored in a cookie containing a unique consent ID, saved in your browser. This ensures that your settings are retained across sessions, so you won’t need to update your cookie preferences on every visit. The stored cookie has a maximum lifespan of two years and is automatically deleted after that.

Usercentrics stores the data on servers within the European Union. However, since some service providers supporting Cookiebot are located outside the EU or EEA (e.g., in the USA), there’s a possibility that data may occasionally be transferred to a third country. To ensure an adequate level of data protection, Usercentrics only transfers data to countries with an adequacy decision from the European Commission (such as the EU-U.S. Data Privacy Framework, which certifies service providers) or to recipients with whom the European Commission’s standard contractual clauses have been agreed. These transfers are based on Article 45 GDPR or Article 46(2)(c) GDPR.

We have a data processing agreement with Usercentrics to manage the use of Cookiebot. The information collected by Usercentrics is processed under our instructions. The transmission of data to Usercentrics and the subsequent processing is done on our behalf, following Article 28 GDPR.

The legal basis for setting the Cookiebot cookie is Section 25(2)(2) TTDSG, and the subsequent data processing is based on Article 6(1)(f) GDPR. Our legitimate interest is to ensure that we provide you with a legally compliant website where you can efficiently and securely manage your consent for cookie use and related data processing. Therefore, setting the Cookiebot cookie is essential.

 

Automated Decision-Making in Individual Cases

We do not engage in any automated decision-making, including profiling, as outlined in Article 22(1) and (4) of the GDPR.

 

No Obligation to Provide Personal Data

You are not legally or contractually required to provide us with your personal data. However, please note that certain services (such as fulfilling contractual obligations) may be limited or unavailable if the necessary data is not provided.

 

Security

We use appropriate technical and organizational security measures in accordance with Article 32 of the GDPR to ensure that your data is properly protected from accidental or intentional manipulation, loss, destruction, or unauthorized access. Our security protocols are continuously updated to keep pace with technological developments. All privacy-related data is stored on secure systems in Germany. Access to this data is restricted to a select group of authorized personnel who are bound by confidentiality and are responsible for the technical, administrative, or editorial handling of the data.

 

General Data Retention and Deletion

We retain your personal data only as long as it is necessary to fulfill its intended purpose (e.g., completing a contract, responding to your inquiry) or if legitimate reasons under Article 17(3) of the GDPR, such as legal retention requirements, mandate that it be stored. If legal obligations, like tax or commercial laws, prevent the immediate deletion of your data, we will restrict its processing until these obligations are met. Once the required retention period has passed, your data will be deleted in accordance with applicable laws.

Applicant data will be deleted within six months after the application process concludes unless you have given consent for extended retention or if legitimate reasons, such as defending against legal claims, prevent its deletion.

 

Are personal data shared with third parties?

We only share your personal data with third parties when we have your explicit consent, as required by Article 6(1)(a) GDPR. The only exceptions are transfers to service providers that we rely on to deliver our services or online offerings (such as newsletter providers, technical service providers, and payment processors). These providers process data strictly according to our instructions, and we have data processing agreements in place with them as required by Article 28 GDPR. In all such cases, we, along with our partners, fully comply with GDPR regulations. We also ensure that our service providers implement the necessary technical and organizational measures to maintain an adequate level of data protection. The amount of data shared is limited to what is absolutely necessary.

In certain instances, data may also be shared with the following recipients:

• Our partners or third parties when necessary to initiate or fulfill a contract with you, in accordance with Article 6(1)(b) GDPR.

• Government institutions or authorities when we are legally required to disclose data due to statutory obligations or a court order. In these cases, the data transfer is carried out to meet a legal obligation, based on Article 6(1)(c) GDPR.

• Attorneys and/or external consultants when necessary to assert, exercise, or defend legal claims, and provided there is no overriding reason to protect the individual’s data from disclosure. In such cases, the data transfer is based on Article 6(1)(f) GDPR, as it is in our legitimate interest to assert or defend legal claims.

Your data will never be sold, rented, or otherwise made available to third parties.

 

Your rights

You have the right to request information at any time about the personal data we have stored about you, including the purposes of processing, the source of the data, details of any data sharing with recipients or categories of recipients, the retention period, and the rights available to you. This information will be provided to you free of charge, either in written or electronic form.

Additionally, you can request that we correct any inaccurate data, delete your personal data (unless we are required to retain it for legitimate reasons), or restrict its processing. If the personal data is needed to provide you with services, deletion or restriction of processing can only happen once you are no longer using our services or offerings.

You also have the right to object, at any time and for reasons related to your specific situation, to the processing of your data under Article 6(1)(f) GDPR, unless we can show compelling legitimate grounds that outweigh your interests, or if the processing is necessary to assert, exercise, or defend legal claims. You can object to the use of your data for direct marketing at any time without needing to provide any reason.

If we are processing your data based on your consent or to fulfill a contract, you have the right to receive that data in a structured, commonly used, and machine-readable format, or to request that it be transferred to another data controller, where technically feasible (the “right to data portability”).

You can withdraw any consent you have given for the use of your personal data at any time, with effect for the future.

If you believe our data processing violates the law, you also have the right to lodge a complaint with a supervisory authority.

To exercise any of your rights, please contact us at the address provided or send an email to us or our Data Protection Officer at datenschutz@gross-partner.de.

 

Scope of this Privacy Policy

This privacy policy applies only to our services and the data processing that occurs on our servers. It does not cover third-party content or websites linked from our offerings. This includes social networks like Facebook and Twitter, where the processing of your personal data is managed by the respective platform operator, over which we have no control. This also applies to any personal data you share with us via these platforms, such as when you message our profile. For details on how your personal data is handled and protected on these platforms, please refer to their respective privacy policies.

However, if we store personal data you have shared with us through a social network on our own servers — such as to address your inquiry or request, or for other purposes — the terms of this privacy policy will apply.

 

Revisions to this Privacy Policy

We may update this privacy policy periodically, especially when required due to technological advancements, changes in legal regulations, or modifications in our business practices. We encourage you to review this policy from time to time to ensure you remain informed about how we collect, process, and use your personal data.