This Privacy Policy informs you about the nature, scope, and purpose of the collection and use of your data on the website www.elevon-apartments.de by talyo.Property Services.

General Information on Data Processing

We only collect, process, and use personal data of users in compliance with applicable data protection regulations. This means that user data is only processed if there is a legal basis for doing so. We implement organizational, contractual, and technical security measures according to the state of the art to ensure compliance with data protection laws, and to protect the data we manage against accidental or intentional manipulation, loss, destruction, or unauthorized access.

Privacy Policy according to the GDPR

Name and Address of the Data Controller The data controller within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws of the member states, as well as other data protection regulations, is:

talyo. Property Services GmbH
Karl-Heinrich-Ulrichs-Straße 24
10785 Berlin Germany
Email: info@talyo.de
Website: www.elevon-apartments.de

II. Name and Address of the Data Protection Officer The data protection officer of talyo. Property Services GmbH can be reached at datenschutz@talyo.de.

III. Processing of Personal Data on our Website

1 Providing the Website

1.1 Description and Scope of Data Processing When accessing our website www.elevon-apartments.de, your browser automatically transmits information to our server. This information is temporarily stored in a log file. The following information is collected without your input:
• IP address of the requesting computer,
• Date and time of access,
• Name and URL of the accessed file,
• Referrer URL,
• Browser and operating system used,
• Name of your access provider.

1.2 Legal Basis for Processing Personal Data The legal basis for data processing is Article 6(1)(f) of the GDPR (legitimate interests of the website operator).

1.3 Purpose of Data Processing The log files are processed by us for the following purposes: • Ensuring a smooth connection to the website, • Ensuring comfortable use of our website, • Ensuring system security and stability. No data evaluation for marketing purposes takes place in this context.

1.4 Storage Duration The aforementioned data is deleted as soon as it is no longer necessary for achieving the purpose of its collection. In the case of collecting data to ensure a smooth connection setup, this is the case when the respective session is terminated. The log files are deleted after seven days. Extended storage is possible, where the user’s IP address is either deleted or anonymized, so that assignment to the calling client is no longer possible.

1.5 Right to Object and Removal Option The collection of data for providing the website and storing data in log files is mandatory for the operation of the website. Therefore, there is no option to object on the part of the user.

1.6 Notice Regarding Data Transfer to the USA Our website includes tools from companies based in the USA. When these tools are active, your personal data may be transferred to the US servers of the respective companies. Please note that the USA is not considered a safe third country under EU data protection law. US companies are obligated to disclose personal data to security authorities without you being able to take legal action against it. Consequently, it cannot be ruled out that US authorities (e.g., intelligence agencies) process, evaluate, and permanently store your data located on US servers for surveillance purposes. We have no influence on these processing activities.

1.7 Revocation of Your Consent to Data Processing Many data processing operations are only possible with your explicit consent. You can revoke consent you have already given at any time. The legality of data processing carried out prior to revocation remains unaffected.

Right to Object in Special Cases and to Direct Marketing (Art. 21 GDPR) IF DATA PROCESSING IS BASED ON ART. 6(1)(E) OR (F) GDPR, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION, INCLUDING PROFILING BASED ON THESE PROVISIONS. THE RESPECTIVE LEGAL BASIS ON WHICH PROCESSING IS BASED CAN BE FOUND IN THIS PRIVACY POLICY. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR AFFECTED PERSONAL DATA UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING THAT OVERRIDE YOUR INTERESTS, RIGHTS, AND FREEDOMS, OR THE PROCESSING SERVES THE PURPOSE OF ASSERTING, EXERCISING, OR DEFENDING LEGAL CLAIMS (OBJECTION PURSUANT TO ARTICLE 21(1) GDPR). IF YOUR PERSONAL DATA IS PROCESSED FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR AFFECTED PERSONAL DATA FOR THE PURPOSES OF SUCH ADVERTISING, INCLUDING PROFILING TO THE EXTENT THAT IT IS RELATED TO SUCH DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL SUBSEQUENTLY NO LONGER BE USED FOR DIRECT MARKETING PURPOSES (OBJECTION PURSUANT TO ARTICLE 21(2) GDPR).

1.8 Right to Lodge a Complaint with a Supervisory Authority In the event of breaches of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, in particular in the member state of their habitual residence, place of work, or the place of the alleged infringement. This right exists without prejudice to other administrative or judicial remedies.

1.9 Right to Data Portability You have the right to have data that we process automatically on the basis of your consent or in fulfillment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of data to another data controller, this will only be done to the extent technically feasible.

1.10 SSL or TLS Encryption For security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the site operator, this site uses SSL or TLS encryption. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line. If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

1.11 Information, Deletion, and Correction You have the right to obtain free information about your stored personal data, its origin and recipients, and the purpose of data processing and, if necessary, a right to correct or delete this data. For further questions regarding personal data, please contact us at the address provided in the imprint.

1.12 Right to Restriction of Processing You have the right to request the restriction of the processing of your personal data. To do so, please contact us at the address provided in the imprint. The right to restrict processing exists in the following cases:

• If you contest the accuracy of your personal data stored by us, we usually need time to verify this. For the duration of the examination, you have the right to request the restriction of the processing of your personal data.

• If the processing of your personal data was/is unlawful, you can request the restriction of data processing instead of erasure.

• If we no longer need your personal data, but you need it to exercise, defend, or assert legal claims, you have the right to request the restriction of the processing of your personal data instead of erasure.

• If you have lodged an objection pursuant to Article 21(1) GDPR, a balancing of your interests and ours needs to be carried out. As long as it is not yet clear whose interests prevail, you have the right to request the restriction of the processing of your personal data.

• If you have restricted the processing of your personal data, such data may – with the exception of storage – only be processed with your consent or for the purpose of asserting, exercising, or defending legal claims or protecting the rights of another natural or legal person or for reasons of important public interest of the European Union or a member state.

2 Email Contact

2.1 Description and Scope of Data Processing For questions of any kind, we offer the opportunity to contact us via an email form embedded on the website. The usual data is requested, including:
• Email address,
• Subject,
• Message and its content,
• Date and time of your request.

2.2 Legal Basis for Processing Personal Data The data processing for the purpose of contacting us is based on Article 6(1)(b) GDPR (contract initiation with the user).

2.3 Purpose of Data Processing The data processing serves to handle the contact request and its processing. The information provided by users can be stored in a Customer Relationship Management (CRM) system or a similar inquiry database for this purpose.

2.4 Storage Duration The data will be deleted as soon as it is no longer necessary for processing the contact request and its processing. If the customer inquiry leads to the conclusion of a contract, the transmitted data can be used for contract processing. In this case, the data will be deleted as soon as it is no longer necessary for contract processing. Mandatory legal retention periods remain unaffected.

3 Chatbot

3.1 Description and Scope of Data Processing On our website, we use a “chatbot” provided by Bots4You GmbH, Kölner Straße 46, 57555 Mudersbach. The chatbot is a software programmed to automatically and standardizedly answer your questions. The chatbot assists tenants and prospective tenants in addressing various tenant-related issues. For this purpose, the chatbot processes connection data (including your anonymized IP address) and generates a Universally Unique Identifier (UUID) from it. This pseudonym is used to associate your inquiries for a duration of one month and to transfer your inquiries to the live chat if needed. Depending on the type of inquiry and use of the chatbot, content and usage data, such as your text inputs, information about viewing and consultation appointments, the use of specific content and access times, possibly master and contact data (name, phone number, email address), and possibly contract data may also be processed.

3.2 Legal Basis for Processing Personal Data We process your personal data based on your consent, which you can provide in the chat window of the chatbot. If you do not consent to the data processing by the chatbot, you cannot use its functions. Instead of using the chatbot, you can reach us by email or phone.

You can revoke your consent at any time without providing reasons and with effect for the future. The chatbot is currently configured so that you have to give your consent to data processing before each contact.

3.3 Purpose of Data Processing The use of the chatbot and the associated data processing serve the user-friendly and customer-oriented design of our website. The data processing is necessary to process your inquiries.

3.4 Storage Duration The personal data will be deleted as soon as the purpose of the processing is no longer applicable, or a statutory retention period expires, unless further storage of the personal data is necessary for contract initiation or fulfillment. Mandatory legal retention periods remain unaffected. You are not obligated to provide this personal data; however, using the chatbot is not possible without it. Cookies are stored and kept for a duration of one month for using the chatbot. The cookies are technically necessary for providing the service as they enable the continuation of inquiries and the allocation of your information.

3.5 Service Provider To ensure data protection-compliant processing of your personal data, we have concluded a data processing agreement with Bots4You GmbH. The personal data is processed exclusively in the EU or EEA. Data transfer to third countries does not occur.

4 Google Tag Manager

4.1 Description and Scope of Data Processing We use the “Google Tag Manager” provided by Google Ireland Limited. The Google Tag Manager controls and manages the scripts on our website. Scripts are, in simple terms, conditions of tools. The Google Tag Manager allows us to control scripts within the chatbot interface, such as the arrangement of buttons.

Please note that the Google Tag Manager is a cookie-less application that does not access personal data.

4.2 Further Information on Data Processing For more information on data processing through the Google Tag Manager, refer to the Privacy Policy: https://support.google.com/tagmanager/answer/9323295?hl=en&ref_topic=3441532 as well as the general description: https://support.google.com/tagmanager/answer/6102821?hl=en

The use of the Google Tag Manager is based on Article 6(1)(f) GDPR. The website operator has a legitimate interest in quickly and uncomplicatedly integrating and managing various tools on its website. If consent has been requested, the processing is based exclusively on Article 6(1)(a) GDPR and Section 25(1) of the German Telemedia Act (TTDSG) if the consent includes the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) within the meaning of the TTDSG. The consent can be revoked at any time.

5 Cookie Banner

5.1 Description and Scope of Data Processing We integrate the cookie banner provided by Borlabs. The cookie banner allows us to obtain and document your consent for the use of tools in a privacy-compliant manner. Furthermore, the cookie banner prevents the collection of personal data by tools until you have given your individual consent.

5.2 Legal Basis for Processing Personal Data We process the data collected from you exclusively for the purpose of documenting and proving your consent. The privacy-compliant use of our tools requires legally required consents for the use of cookies. The legal basis for this is Article 6(1)(c) GDPR. You have the option to revoke and/or adjust your consent given in the cookie banner at any time.

5.3 Storage Duration Your consent will be stored in a cookie in your browser for up to 12 months. This way, we can recognize whether and how you have given your consent for future page visits.

6 Newsletter

On our website, you have the opportunity to subscribe to a free newsletter. The data from the input mask is transmitted to us when you subscribe to the newsletter.

• Email address
• First name

There is no disclosure of the data to third parties in connection with data processing for sending newsletters. The data is used exclusively for sending the newsletter.

6.2 Purpose of Data Processing

The collection of the user’s email address serves to deliver the newsletter.

The collection of other personal data as part of the registration process serves to prevent misuse of the services or the email address used.

6.3 Legal Basis for Data Processing

The legal basis for processing the data following registration for the newsletter by the user is Article 6(1)(a) GDPR.

6.4 Duration of Storage

The data will be deleted as soon as it is no longer necessary for achieving the purpose of its collection. The user’s email address will therefore be stored as long as the subscription to the newsletter is active.

The other personal data collected during the registration process is usually deleted after a period of seven days.

6.5 Possibility of Revocation

The subscription to the newsletter may be terminated by the user concerned at any time. For this purpose, there is a corresponding link in each newsletter.

This also enables revocation of the consent to store the personal data collected during the registration process.

7 Reporting Information Security Incidents

For reporting information security or data protection incidents, please send an email to ism@talyo.de, providing details of the specific situation – we will contact you unsolicited.

This address is not intended for contacting us regarding other matters; such inquiries will not be responded to. Please consider this accordingly.

For exercising your rights, please contact us using the contact information provided above or via email at datenschutz@talyo.de.

* Square metre measurements are approximate and photographs may differ in detail from the original.