Data privacy statement

Thank you very much for visiting our website. For aik Immobilien-Investmentgesellschaft mbH and its subsidiaries aik Management GmbH and Paik GmbH, the protection and confidentiality of your data is of great importance.

We wish to inform you in this statement about the processing of personal data in connection with the services we offer at www.aik-invest.de or other websites which incorporate the statement and in the context of our operations as an investment management company and through the services of our subsidiaries.

Personal data here means all the information relating to an identified or identifiable natural person (article 4 no. 1 of the EU General Data Protection Regulation, "GDPR"). This includes information such as your name, your email address, your postal address or your telephone number. It does not include information which cannot be directly connected with you individually, such as the number of users of an internet presence or website.

1. Who is responsible for the processing of your personal data?

The responsible entity within the meaning of the General Data Protection Regulation, other national data protection laws of the EU member states and other provisions of data protection law (referred to below as "aik" or "we") is:

aik Immobilien-Investmentgesellschaft mbH
Richard-Oskar-Mattern Str. 8
40545 Düsseldorf
Germany
Tel: +49 211 5374200
Email: This email address is being protected from spambots. You need JavaScript enabled to view it.

2. Data protection officer's contact data

You can use the following data to contact our data protection officer:

aik Immobilien-Investmentgesellschaft mbH
Richard-Oskar-Mattern Str. 8
40545 Düsseldorf
Tel.: +49 211 5374200
Email: This email address is being protected from spambots. You need JavaScript enabled to view it.

3. Purposes and legal basis of our processing; duration of data storage

In this section we provide information about the various purposes for which we process personal data, the legal basis for such processing and the length of time we store the data.

In cases where we obtain consent for processing activities from the person affected (the data subject), article 6 (1) a) GDPR serves as the legal basis for the processing of personal data. In the case of processing personal data necessary for the performance of a contract to which the data subject is the natural person, the legal basis is provided by article 6 (1) b) GDPR. This also applies to processing activities that are necessary in order to take steps prior to entering into a contract. If the processing of personal data is necessary for compliance with a legal obligation to which our company is subject, the legal basis is provided by article 6 (1) c) GDPR. If the processing is necessary in order to uphold a legitimate interest of our company or a third party and such interests not outweigh the fundamental rights and basic freedoms of the data subject, article 6  (1) f) GDPR serves as the legal basis for the processing.

We comply with the principles of data avoidance and data minimisation. We therefore store your personal data only as long as is necessary to achieve the purposes stated above or as long as is specified by the various data retention periods laid down in statute law. When the particular purpose has ceased to exist or the data retention period has ended, the corresponding data question are routinely blocked or deleted in accordance with the relevant statutory provisions.

I. Data processing related to general use of our websites and in the context of our activities as an investment management company

1. General access to our website

Every time one of our websites is accessed we automatically collect data and information from the accessing device and store the said data and information in the server's log files. The data that can be collected are (1) browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system has reached our website (the so-called referrer), (4) the sub-websites which are directed to our website via an accessing system, (5) the data and time of an access to the website, (6) an internet protocol address (IP address), (7) the internet service provider of the accessing system and (8) other similar data and information which serve the purpose of security against risks in the event of attacks on our information technology systems. For security purposes, that is, in order to identify such an attack in case of attacks on our platforms, we store these data, including the IP addresses, for a period of 14 days, and then we anonymise the IP addresses or delete the data. During the connection, the IP address is needed in order to transfer the contents of our platform to your browser. The legal basis for the processing and subsequent storage of the IP address is a legitimate interest under article 6 (1) f) GDPR. The legitimate interest with regard to the transmission of the IP address is that the address is necessary for a display of the contents of the platform; without a transfer of the IP address it is not possible to display the website. The legitimate interest in the temporary storage is our security interests.

2. Newsletter

If you register for a newsletter, we use your email address or your postal address to dispatch the newsletter, which provides you with regular information on subjects of interest and our latest acquisitions. In order to ensure that your registration for the newsletter is proper and correct, that is, to prevent unauthorised registrations in the name of third parties, we will send you, after your first-time registration for the newsletter, a confirmation email as part of our double opt-in procedure, with a request for your confirmation of the registration. The legal basis is your consent under the terms of article 6 (1) a) GDPR. The legal basis for the storage of the data is a legitimate interest within the meaning of article 6 (1) f) GDPR, the legitimate interest being the possibility of providing evidence of registration. We store your email address or your postal address so as to send you the newsletter until such time as you deregister or we decide to stop sending it.

You can at any time object to any kind of newsletter without thereby incurring any other than transmission costs according to the basic rates (i.e., for example, the costs charged by your internet provider).

3. Objections to advertising

If we receive an objection from you to the use of advertising, we can add your personal contact data (name, address, telephone number, fax number, email address) to a blocking list with the help of which we ensure that we no longer transmit to you any unwanted advertising. The legal basis is a legitimate interest within the meaning of article 6 (1) f) GDPR, the legitimate interest consisting in the fact that we can fulfil our obligations arising from your objection to advertising. The data will be stored for this purpose until such time as you expressly withdraw the objection in writing.

4. Contact form and email contact

Our websites make contact forms available which can be used for the purpose of electronic establishment of contact. By clicking on the "send" button you agree to the transmission to us of the data entered in the input mask. We also store the date and time you made contact. An alternative possibility for making contact is to use the email address provided. In this case what is stored is the user's personal data transmitted with the email and our reply. The personal data voluntarily transmitted to us in this connection enables us to process your enquiry and make contact with you. The legal basis for the transmission of the data is article 6 (1) a) GDPR. We use the data for this purpose until this particular email correspondence with you has ended. It is considered to be ended when the circumstances of the case make it evident that the matter in question has been finally clarified.

5. Processing of data about business operators and company staff

In the context of our operations as an investment management company we conduct a large number of different transactions across the fields of real estate and capital investment. In doing so we process the personal data of companies (the data referring to business operators are only personal data in the legal sense if the business operator is a natural person) and the staff of companies. The particular companies or business operators may be in a contractual or pre-contractual relationship with us, but in individual cases we can also process the data of companies and their staff if there is no such pre-contractual relationship. In the following sections we inform you about the purposes, the particular legal basis and the storage duration of the processing of business operators or company staff, and also about the data categories in cases where we do not obtain the personal data from the data subject. The data are deleted as soon as they are no longer necessary to achieve the purpose concerned; that is to say, when there is no longer a contract with the business partners or customers and we also no longer intend to enter into a contract with the business partners or customers in question, a legitimate interest no longer exists, and we are also no longer legally obliged in other respects to retain documents which could contain personal data

6. Data processing for the purpose of contract management and preparation

We process personal data for the purpose of contract management, that is, to enable us to render the contractually specified services for our business partners or customers and for the purpose of making the necessary contract preparations. If the business partner or customer is a natural person, the legal basis is that the processing is necessary for the performance of a contract or for taking steps prior to entering into a contract, as stated in article 6 (1) b) GDPR. If we process the personal data of staff of the business partner or customer, the legal basis is a legitimate interest within the meaning of article 6 (1) f) GDPR. The legitimate interest consists in conducting our business activities and those of our business partner or customer. A conflicting interest of the data subject concerned does not exist because, from the perspective of our business partner or customer, processing by us is necessary in the context of the existing employment relationship with the data subject (section 26 BDSG, German data protection act, new version). For this purpose we store personal data for the term of the contract.

Furthermore, we store accounting records for a period of ten years, and business letters – that is, every communication which is concerned with the preparation, execution or cancellation of a business transaction – for a period of six years, in order to fulfil our statutory data retention obligations under section 257 (1) no. 2 HGB (German Commercial Code) and section 147 AO (German Fiscal Code).The said periods commencing at the end of the calendar year in which the business letter was received or dispatched or alternatively the accounting record was made. The legal basis is article 6 (1) c) GDPR.

7. Business and customer account management

Acting as a point of contact, we process the personal data of our business partners or customers, prospective customers or their staff which we receive in connection with our operations as an investment management company in the context of the preparation, conclusion and execution of a contract, and also after the contract has ended. Alternatively, if no contract has been concluded, the processing is for the purpose of business and customer account management and, in the event of a new enquiry by the business partner or customer or prospective customer, in order to be able, on the basis of previously concluded contracts and the offers or enquiries received, ourselves to utilise or render appropriate services. The legal basis is a legitimate interest within the meaning of article 6 (1) f) GDPR. The legitimate interest consists in conducting our business activities. For this purpose we store personal data for as long as we can assume that the particular customer may at a future date conclude another or a first-time contract with us, which will be the case until such time as the business partner or customer concerned informs us that it will in no circumstances ever enter into a contract with us.

8. Data processing for general advertising purposes

We process personal data of our business partners or customers and customers and other business operators and companies with which we do not have a business relationship and in this connection, where appropriate, also data from the contact persons there for the purpose of providing direct advertising, insofar as legally permissible. In cases where we have not obtained these data direct from the particular data subject, we can also obtain contact data for the data subject from sources accessible to the public, such as, in particular, the website of the company concerned and classified directories. In connection with these direct advertising purposes we can also make use of the contracts concluded in the past with our business partners or customers and specific company-related information such as the size of the particular company or business operator and the sector it belongs to, in order to target the advertising as accurately as possible. The legal basis is a legitimate interest within the meaning of article 6 (1) f) GDPR. The legitimate interest consists in the processing of personal data for the purpose of direct advertising itself (see recital 47 GDPR). The data subjects have the right to object at any time to the processing of personal data affecting them for the purpose of such advertising. This objection can be lodged at any time, using the contact data specified in section 1. We store the data for this purpose for as long as we are interested in concluding a contract with the company concerned or until an objection has been entered.

9. Data processing for online meetings, conference calls and chats via "zoom”

We use various tools including "Zoom", "Webex" and "Microsoft Teams" to conduct telephone conferences, online meetings, video conferences and/or chats (hereinafter: "online meetings"). "Zoom" is a service of Zoom Video Communications, Inc. which has its registered office in the USA. Insofar as you call up the Internet page of the respective programme, the provider in question is responsible for data processing. However, calling up the website is only necessary to download the software for using "Zoom".

When using online meeting, various types of data are processed. The scope of the data also depends on the data you provide before or during participation in an "online meeting".

The following personal data are subject of the processing:

User information: first name, last name, telephone (optional), e-mail address, password (if "Single-Sign-On" is not used), profile picture (optional), department (optional)

Meeting metadata: Subject, Description (optional), Attendee IP addresses, Device/Hardware information.

For recordings (optional): MP4 file of all video, audio and presentation recordings, M4A file of all audio recordings, text file of online meeting chat.

When dialling in by phone: information on incoming and outgoing phone number, country name, start and end time. If necessary, further connection data such as the IP address of the device can be saved.

Text, audio and video data: You may be able to use the chat, question or survey functions in an "online meeting". To this extent, your text entries are processed in order to display and, if necessary, log them in the "online meeting". In order to enable the display of video and the playback of audio, the data from the microphone of your terminal device and from any video camera of the terminal device will be processed for the duration of the meeting. You can switch off or mute the camera or microphone yourself at any time using the "Zoom" applications.

In order to participate in an "online meeting" or to enter the "meeting room", you must at least provide information about your name.

If we want to record "online meetings", we will inform you of this transparently in advance and - if necessary - ask for your consent. The fact of the recording will also be displayed in the respective app.

If it is necessary for the purpose of recording the results of an online meeting, we will log the chat content. However, this will usually not be the case. If you are registered as a user on "Zoom", "Webex" or "Microsoft Teams" then reports on "online meetings" (meeting metadata, phone dial-up data, questions and answers in webinars, survey function in webinars) can be stored for up to one month with the respective provider. The possibility of software-based "attention tracking" in "online meeting" tools such as "Zoom" is deactivated.

Automated decision making as defined by Art. 22 DSGVO is not used.

If personal data of employees of aik Immobilien-Investmentgesellschaft mbH are processed, § 26 BDSG is the legal basis for data processing. If, in connection with the use of "Zoom", personal data are not required for the establishment, execution or termination of the employment relationship, but are nevertheless an elementary component in the use of "Zoom", Art. 6 para. 1 lit. f)DSGVO is the legal basis for data processing. In these cases, we are interested in the effective conduct of "online meetings" for the purpose of conducting, for example job interviews. In other respects, the legal basis for data processing when conducting "online meetings" is Art. 6 para. 1 lit. b) DSGVO, insofar as the meetings are conducted within the framework of contractual relationships. If no contractual relationship exists, the legal basis is Art. 6 para. 1 lit. f) DSGVO. Here too, we are interested in the effective implementation of "online meetings".

Recipient / passing on of data

Personal data processed in connection with participation in "online meetings" will generally not provided to third parties, unless it is specifically intended to be passed on. Please note that contents from "online meetings" as well as personal meetings are often used to communicate information with customers, interested parties or third parties and are therefore intended to be passed on. Othter recipients: The respective provider of the online meeting tool necessarily receives knowledge of the above-mentioned data, insofar as this is provided for the context of our order processing contract with the provider.

Data processing outside the European Union

"Zoom", "Webex" and "Microsoft Teams" are services provided by providers from the USA. Processing of personal data therefore also takes place in a third country. We have concluded an order-processing contract with the respective provider which meets the requirements of Art. 28 DSGVO. The use of Zoom takes place on the basis of a commissioned data processing contract. Insofar as Zoom transfers personal data to third countries outside the EU / EEA, this shall be done in compliance with the provisions of Art. 44 et seq. DSGVO. In order to ensure a sufficient level of data protection in third countries, standard data protection clauses approved by the EU Commission have been agreed with Zoom and the respective additional recipients / sub-processors. A complete list of sub-processors used by Zoom who may access and process customer data can be found at: https://zoom.us/de-de/subprocessors.html.

II. External references and links

1. Links

Cross-references (links or linkages) to contents provided by external providers must be kept distinct from our own content. By installing a link to third-party websites (hyperlinks) we do not adopt the website or its content as our own, as we cannot keep a continuous check on the content of such websites. Furthermore, the company is not responsible for the availability of these websites or their content. Use of the hyperlinks to these contents is at the user's own risk.

aik is not liable for direct or indirect damage or loss suffered by the user through the use and the existence of the information on these websites. aik also has no liability for the information accessed by the user being free of viruses.

2. Integrated YouTube videos

We integrate YouTube videos in some of our websites. The operator of the plugins needed for the purpose is YouTube, LLC., 901 Cherry Ave., San Bruno, CA 94066, USA. If you visit a page of our website that is fitted with a YouTube plugin, you are connected to YouTube servers, so that YouTube is informed which pages you visit. Should you be logged in on your YouTube account, YouTube can attribute your surfing activity to you personally. You can prevent such attribution if you log out of your YouTube account before you visit our website.

If and when a YouTube video is started, the provider installs cookies which collect information on user behaviour.

If you have deactivated the storage of cookies for the Google-Ad program, you will not need to expect such cookies when you watch a YouTube video. However, YouTube also enters in other cookies information on use that does not refer to individual users. If you wish to prevent this, you need to block the storage of cookies in your browser.

Further information on data protection at YouTube can be found in the provider's data protection statement at: https://www.google.de/intl/de/policies/privacy.

III. Rights of data subjects

If personal data of yours is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the responsible entity (called "controller" in the GDPR):

1. Right to information

You can require confirmation from us as to whether personal data concerning you are processed by us.

If such processing is being or has been done, you can require information from us on the following:

1. the purposes for which the personal data are processed;
2. the categories of personal data that are processed;
3. the recipients or categories of recipient to whom the personal data concerning you have been or have yet to be disclosed;
4. the period for which the personal data affecting you are planned to be stored or, if it is not possible to give exact information on this, the criteria used to determine the period;
5. the existence of a right to correct or delete the personal data concerning you, of a right to have the processing restricted by the responsible entity, or of a right to object to the processing;
6. the existence of a right to lodge a complaint with a supervisory authority;
7. all available information about the source of the data if the data have not been obtained from the data subject (you).

You have the right to require information as to whether the personal data concerning you are transferred to a third country or an international organisation. In this connection you can require to be informed about the appropriate safeguards laid down in article 46 GDPR in connection with the said transfer.

This right to information may be restricted to the extent that it is likely to render impossible or seriously impair the achievement of the statistical purposes and the restriction is necessary for the achievement of the statistical purposes.

2. Right to correction

You have the right to obtain from the controller (aik) the correction and/or completion of the processed personal data concerning you in cases where these data are incorrect and/or incomplete. The controller must carry out the correction without undue delay.

Your right to correction may be restricted to the extent that it is likely to render impossible or seriously impair the achievement of the statistical purposes and the restriction is necessary for the achievement of the statistical purposes.

3. Right to restriction of processing

You can require the restriction of the processing of the personal data concerning you subject to the following conditions:

1. If you contest the accuracy of the personal data concerning you for a specific period enabling us to verify the accuracy of the personal data;
2. if the processing is unlawful and you oppose the deletion of the personal data and require the restriction of their use instead;
3. if we no longer need the personal data for the purposes of the processing, but you require the data for the establishment, exercise or defence of legal claims, or
4. if you have objected to processing pursuant to article 21 (1) GDPR pending verification of whether our legitimate grounds override your grounds.

Where processing of the personal data concerning you has been restricted, these data will – with the exception of storage – only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or of a Member State.

If processing has been restricted subject to the above-stated conditions, you will be informed by us before the restriction of processing is lifted.
Your right to restriction of processing may be restricted to the extent that it is likely to render impossible or seriously impair the achievement of the statistical purposes, and our restriction is necessary for the achievement of the statistical purposes.

4. Right to deletion

4.1 Obligation to delete

You can require us to delete the personal data concerning you, and we will be obliged to delete these data without undue delay if one of the following grounds applies:

1. The personal data concerning you are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
2. You withdraw the consent on which the processing was based under article 6 (1) a) or article 9 (2) a) GDPR and there is no other legal ground for the processing.
3. You object to the processing pursuant to article 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to article 21 (2) GDPR.
4. The personal data concerning you have been unlawfully processed.
5. The personal data concerning you have to be deleted for compliance with a legal obligation in Union or Member State law to which we are subject.
6. The personal data concerning you have been collected in relation to the offer of information society services referred to in article 8 (1) GDPR.

4.2 Information to third parties

Where we have made the personal data concerning you public and are obliged pursuant to article 17 (1) GDPR to delete the said data, we will, taking account of available technology and the cost of implementation, take reasonable steps, including technical measures, to inform the entities responsible for the processing of the personal data (the controllers) that you, as the data subject, have requested the deletion by the controllers of any links to, or copy or replication of, the personal data in question.

4.3 Exceptions

The right to deletion does not exist in cases where the processing is necessary

3.1 for exercising the right of freedom of expression and information;
3.2 for compliance with a legal obligation which requires processing by Union or Member State law to which the controller (aik) is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
3.3 for reasons of public interest in the area of public health in accordance with article 9 (2), h) and i), GDPR and article 9 (3) GDPR;
3.4 for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with article 89 (1) GDPR in so far as the right referred to in subsection (1), above, is likely to render impossible or seriously impair the achievement of the objectives of the processing; or
3.5 for the establishment, exercise or defence of legal claims.

5. Right to data portability

You have the right to receive the personal data concerning you, with which you have provided us, in a structured, commonly used and machine-readable format. You also have the right to transmit the said data to another controller without hindrance from us, where

1. the processing is based on consent pursuant to article 6 (1) a) GDPR or article 9 (2) a) GDPR or on a contract pursuant to article 6 (1) b) GDPR; and
2. the processing is carried out by automated means.

In exercising this right, you also have the right to have the personal data concerning you transmitted directly from one controller to another, where technically feasible. The latter right must not adversely affect the rights and freedoms of others.

The right to data portability does not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.

6. Right to object

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on article 6 (1) e) or f) GDPR; this shall also apply to profiling based on those provisions.

We will then no longer process the personal data concerning you unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or unless the processing serves the establishment, exercise or defence of legal claims.

Where the personal data concerning you are processed for direct marketing purposes you have the right to object at any time to the processing of personal data concerning you for such marketing; this shall also apply to profiling to the extent that it is related to such direct marketing.

Where you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for such purposes

In the context of the use of information society services – and notwithstanding Directive 2002/58/EC – you may exercise your right to object by automated means using technical specifications.

You also have the right, on grounds relating to your particular situation, to object to the processing of personal data concerning you, where the data are processed for statistical purposes pursuant to article 89 (1) GDPR.

Your right to object may be restricted to the extent that it is likely to render impossible or seriously impair the achievement of the statistical purposes and the restriction is necessary for the achievement of the statistical purposes.

7. Right to withdraw declaration of consent under data protection law

You have the right to withdraw your declaration of consent under data protection law at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

8. Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.

The supervisory authority with which the complaint has been lodged will inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to article 78 GDPR.

9. Amendment to data protection statement; change of purpose

We reserve the right to amend this data protection statement subject to the provisions of data protection law. You can always find the most recently amended version here or in another easily accessible place on our website. Should we intend to process your data for other purposes than those for which they were collected, we will, in compliance with the relevant statutory provisions, inform you in advance.