Privacy Policy

Privacy Policy

September 2024

We (i.e., the company providing you with this privacy policy or the one named in the imprint as the operator of this site) take the protection of your personal data seriously. This privacy policy describes how we collect, gather, use, disclose, transmit, and store (“process”) your personal data. The personal data collected depends on the context of your interactions with us, the products, services, and features you use, your location and headquarters, as well as applicable law.

1. Processing of personal data in connection with your use of our websites, applications, and online services

Data categories and purpose of processing

In the context of your use of our external and internal websites, applications, or online services (each an “Online Offering”), we process the following categories of personal data:

- Your contact details, such as first and last name, business address, business phone number, business mobile number, and business email address,

- Organizational information, including position and company name,

- Other personal data that you provide yourself in contact and other forms of an Online Offering,

- Information you provide in the context of a support request, survey, comment, or forum post,

- Information that is automatically collected in the context of using an Online Offering, such as your device and user ID, information about your operating system, pages and services you have visited and used during your visit, as well as date and time of a user request.

We process your personal data for the following purposes:

- To enable you to utilize the services and functions of the Online Offerings, including creating and managing your online account, within updates, security, and error correction measures,

- To provide customer support and improve and further develop our Online Offerings,

- To bill the use of an Online Offering, to establish your identity and enable user authentication,

- To process your request or instruction,

- To process your order and provide you with related information and offers,

- To contact you with information and offers about our products and services and to send you further marketing information or to contact you in the context of customer satisfaction surveys as described in section 3,

- To enforce our terms of use, assert legal claims or defend against them, and to prevent and deter fraudulent and similar actions, including attacks on our IT infrastructure.

Online offerings provided by your company

In some cases, our online offerings are provided to you by the company you are employed at. When you use an online offering provided by your company, the processing of personal data that you or your company has uploaded is performed on behalf of and according to your company's instructions under a data processing agreement between your company and us. In this case, your company bears responsibility for data protection. If you have questions about personal data we process as a data processor for your company, please contact your company.

2. Processing of personal data related to your use of our marketplaces

Data categories and purpose of processing

In the context of your use of our marketplaces (each a “Marketplace”), we process the following categories of personal data:

- Your contact details, such as first and last name, business address, business phone number, business mobile number, and business email address,

Organizational information, including position and company name,

Payment information, such as information required for processing payments or fraud prevention,

including credit card information and card verification numbers,

Other personal data that you provide yourself in contact and other forms of a Marketplace,

Information you provide in the context of a support request, survey, comment, or forum post;

Information that is legally required in the context of compliance and export control screenings, such as date of birth,

citizenship, residency, identification numbers, information on relevant legal proceedings, and other legal disputes and

Information that is automatically collected in the context of the use of a Marketplace, such as your device and user ID,

information about your operating system, pages and services you have visited and used during your visit, and

the date and time of a user request.

We process your personal data for the following purposes:

- Communicating with you about our services and products, e.g., to process your inquiries or provide technical information

on products,

- Planning, executing, and managing the (contractual) business relationship, e.g., to process orders for products and

services, collect payments, for accounting and invoicing purposes, and to conduct deliveries,

maintenance activities or repairs,

- Contacting for information and offers concerning our products and services and conducting further

marketing activities and customer satisfaction surveys as detailed in section 4,

- Maintaining and ensuring the security of our products and services and our websites, preventing and detecting

security risks, fraudulent activity, or other criminal or harmful actions,

- Complying with legal requirements (e.g. tax and commercial record-keeping obligations), existing obligations for

conducting compliance screenings (to prevent economic crime or money laundering) along with our policies and

industry standards and

- Settling legal disputes, enforcing existing contracts, and claiming, exercising, and defending legal claims.

3. Processing of Personal Data of Business Partners

Data categories and purpose of processing

In the course of working with business partners, we process personal data of end consumers and contact persons

at customers, prospects, sales partners, suppliers, and partners (each a “Business Partner”):

- Contact information, such as first and last name, business address, business phone number, business mobile number

and business email address,

- Organizational information, including position and company name,

- Payment data, such as information needed for processing payments or fraud prevention, including

credit card information and verification codes,

- Other information required to process a project or fulfill a contractual relationship with us or that is voluntarily

provided by business partners, e.g., in the context of placed orders, inquiries, or project details,

- Personal data from publicly accessible sources (including company- or profession-related social networks

and websites), information databases, or from credit agencies and

- Information legally required in the context of compliance and export control screenings, such as date of birth,

citizenship, residency, identification numbers, information on relevant legal proceedings, and other legal disputes,

involving business partners.

We process the personal data for the following purposes:

- Communication with business partners about products, services, and projects, e.g., to process inquiries from the business partner

or provide technical information on products,

- Planning, executing, and managing the (contractual) business relationship between the business partner and us,

e.g., to process orders for products and services, collect payments, for accounting

and invoicing purposes, and to conduct deliveries, maintenance activities, or repairs,

- Creating a personal profile with business-related information about interactions between you and us with the aim of

offering you and the company you work for relevant information and appropriate offers of services and products

and to improve our personal communication with you,

- Conducting market analysis, competitions, sweepstakes, or similar actions and events,

- Contacting for information and offers on our products and services and conducting further

marketing activities and customer satisfaction surveys as detailed in section 4,

- Maintaining and ensuring the security of our products and services as well as our websites, preventing and detecting

security risks, fraudulent activity, or other criminal or harmful actions,

- Complying with legal requirements (e.g. tax and commercial record-keeping obligations), current obligations

for conducting compliance screenings (to prevent economic crime or money laundering) along with our policies

and industry standards and

- Settling legal disputes, enforcing existing contracts, and claiming, exercising, and defending

legal claims.

4. Processing of personal data for customer satisfaction surveys and direct marketing

Within the framework of applicable laws, we may use your contact details for the purposes of direct marketing (e.g. trade fair invitations,

newsletters with information and offers about our products and services) and for conducting

customer satisfaction surveys, each also by email. You have the right to object to the use of your

contact details for these purposes at any time by sending an email to info@auctoa.de or by using the

means of objection provided in the message you received.

5. Processing of personal data in connection with your application

If you apply for an open position with us, we process your personal data as described in the

privacy policy of the auctoa Recruiting Portal or the application platform you used.

6. Transmission and sharing of personal data

We only transmit your personal data as described below:

Companies and sales partners

To the extent necessary for the conduct of our business relationship with you, we transmit

your personal data to our companies and other third parties (e.g. sales partners and agents).

We distribute certain products and services, for example, only through local business relationships, and in this

case, we transmit your personal data to our respective local companies or other sales partners,

who handle the business relationship with you.

Transactions on our marketplaces

Through our marketplaces, we also provide products, services, and offers from our companies and other

third parties. We transmit our customers' personal data in connection with these transactions to the respective company and/or other third parties.

Service providers

We engage companies and other entities to perform tasks on our behalf,

e.g. manufacturers, service providers, IT services, or payment processing. These companies and other entities

process personal data solely for the purpose of the commissioned products and services.

Other third parties

We transmit personal data in connection with fulfilling legal obligations or establishing, exercising, or defending rights or claims to other third parties (e.g. for court and arbitration proceedings, to regulatory, law enforcement, and government agencies, to attorneys, and advisors).

Recipients of your personal data may be located outside the country where you reside.

Personal data you publish via online offers (e.g. in chat rooms or forums) may be

accessible worldwide to other registered users of the respective online offer.

7. Retention periods

Unless an explicit retention period is specified at the time of collection (e.g. as part of a consent declaration),

your personal data will be deleted insofar as it is no longer required for fulfilling the purpose of storage,

unless legal retention obligations (e.g. commercial and tax retention obligations) prevent deletion.

8. Your rights

Under applicable data protection law, you may have the right:

- To request confirmation as to whether we process personal data about you and access the personal data we

process about you,

- To request the correction of incorrect personal data,

- To request the deletion of the personal data we process about you,

- To request the restriction of processing of personal data,

- To request the transfer of personal data you have actively provided to us,

- To object to the processing of personal data, for reasons arising from your particular situation, or

- To withdraw a declared consent.

9. Data Security

We take appropriate technical and organizational measures to protect personal data against accidental

or unlawful destruction, use, or alteration and against unauthorized disclosure or unauthorized access.

10. Contact

Our data protection organization assists with all questions regarding data protection. Complaints can also

be addressed to our data protection organization, and the rights named in this privacy policy can be asserted.

Our data protection organization can be contacted at datenschutz@auctoa.de.

Our data protection organization is always striving to address your inquiries and complaints and to remedy them.

Besides contacting the data protection organization, you always have the possibility to contact the competent

data protection supervisory authority.

11. Processing of personal data within the scope of the EU General Data Protection Regulation

This section applies if your personal data is processed by one of our companies based in

the European Economic Area.

Data controller for data processing

Online offers

The controller under the General Data Protection Regulation for the processing operations described in this

privacy policy is the company named in the imprint of the online offering.

Marketplaces

The company designated as the operator of the marketplace is the data controller.

Personal data of business partners in our customer relationship systems

We may share contact information of business partners in the context of your business relationship with us with other companies.

We and these companies are jointly responsible for protecting your personal data

(Art. 26 of the General Data Protection Regulation). To ensure that you can easily and reliably exercise your data protection rights under this

joint responsibility, we have agreed with these companies that you can exercise your data protection rights described in section 6 not only against the respective company but also centrally against SCAILE Technologies GmbH. Contact us at: datenschutz@auctoa.de.

Legal grounds for processing

The General Data Protection Regulation requires auctoa to inform you about the legal basis for data processing.

Unless otherwise expressly stated at the time of collection, the legal basis for data processing is:

- The performance and fulfillment of a contract with you (Article 6 (1) (b) of the General Data Protection Regulation)

(“Contract fulfillment”),

- The fulfillment of legal obligations to which we are subject (Article 6 (1) (c) of the General Data Protection Regulation)

(“Fulfilling legal obligations”), or

- Safeguarding our legitimate interests (Article 6 (1) (f) of the General Data Protection Regulation)

(“Legitimate interest in processing”).

Our legitimate interest lies in processing your personal data for the purpose:

(i) of offering and operating the online offers and

(ii) establishing, executing, and processing our business relationship.

Insofar as our Legitimate Interest in processing is specified as the legal basis for processing your personal data according to the table below, we believe that your rights, fundamental freedoms, and interests are adequately considered because:

(i) We regularly review the processing operations and the underlying processes described in this privacy policy,

(ii) We account for the protection of your personal data in our processes, including binding corporate rules

on the protection of personal data (auctoa Binding Corporate Rules),

(iii) We ensure the transparency of our processing activities and

(iv) You have the aforementioned rights relating to our processing activities.

If you would like more information on the described balancing of interests, please contact our

data protection organization at datenschutz@auctoa.de.

If you have expressly given your consent to the processing of your personal data in individual cases, this

consent is the legal basis for processing (Article 6 (1) (a) of the General Data Protection Regulation) (“Consent”).

Processing of personal data in the context of using our online offers - Purpose and legal basis

- Enabling the use of the services and functions of the online offers, including for creating and

administering your online account, within updates, security, and bug-fix measures, providing customer support

and improving and further developing our online offers

- Contract fulfillment (Article 6 (1) (b) of the General Data Protection Regulation)

- Legitimate interest in processing (Article 6 (1) (f) of the General Data Protection Regulation)

- Billing for the use of an online offering

- Contract fulfillment (Article 6 (1) (b) of the General Data Protection Regulation)

- Legitimate interest in processing (Article 6 (1) (f) of the General Data Protection Regulation)

- Establishing identity and user authentication

- Contract fulfillment (Article 6 (1) (b) of the General Data Protection Regulation)

- Legitimate interest in processing (Article 6 (1) (f) of the General Data Protection Regulation)

- Processing your request or instruction

- Contract fulfillment (Article 6 (1) (b) of the General Data Protection Regulation)

- Legitimate interest in processing (Article 6 (1) (f) of the General Data Protection Regulation)

- Processing your order and offering you related information and offers

- Contract fulfillment (Article 6 (1) (b) of the General Data Protection Regulation)

- Legitimate interest in processing (Article 6 (1) (f) of the General Data Protection Regulation)

Sending marketing information or contacting as part of customer satisfaction surveys, as described in section 3

- Consent, if voluntarily given (Article 6 (1) (a) of the General Data Protection Regulation)

- Legitimate interest in processing (Article 6 (1) (f) of the General Data Protection Regulation)

Enforcing our terms of use, asserting and defending legal claims, deterring and preventing

fraudulent and similar actions, including attacks on our IT infrastructure

- Fulfilling legal obligations (Article 6 (1) (c) of the General Data Protection Regulation)

- Legitimate interest in processing (Article 6 (1) (f) of the General Data Protection Regulation)

Processing of Personal Data Related to Your Use of Our Marketplaces and of Business Partners

Communication about products, services, and projects, e.g., to process inquiries from the business partner or

provide technical information on products

- Contract fulfillment (Article 6 (1) (b) of the General Data Protection Regulation)

- Legitimate interest in processing (Article 6 (1) (f) of the General Data Protection Regulation)

Planning, executing, and managing the (contractual) business relationship between us, e.g., to process orders for products

and services, collect payments, for accounting and invoicing purposes, and conduct deliveries,

maintenance activities, or repairs

- Contract fulfillment (Article 6 (1) (b) of the General Data Protection Regulation)

- Fulfilling legal obligations (Article 6 (1) (c) of the General Data Protection Regulation)

Creating a personal profile with business-related information about interactions between you and us with the aim of

offering you and the company you work for relevant information and appropriate offers for services and products

and improving our personal communication with you

- Legitimate interest in processing (Article 6 (1) (f) of the General Data Protection Regulation)

Conducting market analyses, competitions, sweepstakes, or similar actions and events

- Consent, if voluntarily given (Article 6 (1) (a) of the General Data Protection Regulation)

- Legitimate interest in processing (Article 6 (1) (f) of the General Data Protection Regulation)

Conducting of customer satisfaction surveys and direct marketing as described in section 4

- Consent, if voluntarily given (Article 6 (1) (a) of the General Data Protection Regulation)

- Legitimate interest in processing (Article 6 (1) (f) of the General Data Protection Regulation)

Maintaining and ensuring the security of our products and services as well as our websites, preventing and

detecting security risks, fraudulent behavior, or other criminal or harmful actions

- Legitimate interest in processing (Article 6 (1) (f) of the General Data Protection Regulation)

Complying with legal requirements (e.g. tax and commercial record-keeping obligations), current

obligations for conducting compliance screenings (to prevent economic crime or money laundering) as well as our

policies and industry standards

- Fulfilling legal obligations (Article 6 (1) (c) of the General Data Protection Regulation)

- Legitimate interest in processing (Article 6 (1) (f) of the General Data Protection Regulation)

Settling legal disputes, enforcing existing contracts, and claiming, exercising, and defending

legal claims

- Fulfilling legal obligations (Article 6 (1) (c) of the General Data Protection Regulation)

- Legitimate interest in processing (Article 6 (1) (f) of the General Data Protection Regulation)

Processing of personal data for customer satisfaction surveys and direct marketing

Processing your contact data for direct marketing purposes (e.g. trade show invitations, newsletters with further information

and offers about our products and services) and conducting customer satisfaction surveys

- Consent, if voluntarily given (Article 6 (1) (a) of the General Data Protection Regulation)

- Legitimate interest in processing (Article 6 (1) (f) of the General Data Protection Regulation)

International data transfers

If we transfer your personal data to a recipient located outside the European

Economic Area, we ensure that your data is adequately protected in accordance with the General Data Protection Regulation.

In this context, we take the following measures if required by law:

- We only transfer your personal data to affiliated companies in such countries if they have implemented the Binding

Corporate Rules for the protection of personal data (“BCR”).

- Personal data is only transmitted to non-affiliated recipients in such countries if they

(i) have concluded EU Standard Contractual Clauses with us or

(ii) have implemented Binding Corporate Rules.

For more information and a copy of the implemented measures, contact datenschutz@auctoa.de.

The competent data protection authority

Our data protection organization assists with all questions regarding data protection. Besides contacting the

data protection organization, you always have the possibility to contact the competent data protection supervisory authority.

An overview of national and international data protection authorities is available here.

12. Processing of personal data under Swiss data protection law

Every data subject has the right to enforce their rights in court or file a complaint with the

competent data protection authority. The competent data protection authority for Switzerland is the Federal

Data Protection and Information Commissioner (http://www.edoeb.admin.ch).

13. Further information for users of online offers and business partners in the USA

Additional information applies to US citizens as follows:

**Do Not Track**

Our online offers do not recognize so-called “Do Not Track” settings of your web browser.

For further information on “Do Not Track” functionality, please refer to your web browser’s help pages.

**Use by Children**

Our online offerings are not directed at children under the age of 13. Where legally required, we do not

knowingly collect personal data from children under the age of 13 without the consent of their legal guardians.

We only collect and transmit personal data from children when legally permissible, in order to obtain

the consent of their legal guardians or to protect the child.

**Your rights in specific US states**

Under the laws of some US states, residents of these states have additional rights concerning their

personal data. For more information on that, please click here.

auctoa – Your partner for precise valuations and certified appraisals. Real estate and land valuation. With digital expertise, expert knowledge, artificial intelligence, personalized advice, and comprehensive market insights.

auctoa – Your partner for precise valuations and certified appraisals. Real estate and land valuation. With digital expertise, expert knowledge, artificial intelligence, personalized advice, and comprehensive market insights.

auctoa – Your partner for precise valuations and certified appraisals. Real estate and land valuation. With digital expertise, expert knowledge, artificial intelligence, personalized advice, and comprehensive market insights.