Our privacy policy

As an independent investment and asset manager, we value the protection of your data and the security of your privacy. To ensure that you are fully aware of how we collect and use personal data, we ask you to familiarise yourself with the following information. To make it easier to find the information that is relevant to you, we have divided the information into the following sections:

A. Scope of application

B. Website visitors

C. Job applicants

D. Tenants

E. Investors

F. Your rights

A. Scope of application

This data protection declaration applies to all websites and services or offers for which KGAL GmbH & Co. KG and its subsidiaries (hereinafter also referred to as ‘KGAL’) are responsible, unless the overall context indicates otherwise. The declaration also applies in the above sense to the companies managed by KGAL. Which data is processed in detail and how it is used depends largely on the services requested by you or agreed with you.

What does data protection cover? Essentially, it is about the protection of natural persons with regard to the processing of personal data. What is personal data? This is any information relating to an identified or identifiable natural person (hereinafter referred to as ‘data subject’). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identification such as a name or an identification number (including an online identifier).

If you have any questions that are not answered by this data protection notice or if you would like more detailed information on any point, please feel free to contact our data protection officer at any time. We will, of course, also honour your right to information in this context. The contact details of our data protection officer:

Data protection officer of the KGAL Group

Tölzer Straße 15

82031 Grünwald

Telephone +49 89 64143-0

E-mail: datenschutz(>@<)kgal.de

Our privacy policy does not apply to services offered by other companies or persons or to other websites linked to our services. Our privacy policy does not cover the process of information by other companies or organisations that advertise our services and may use cookies, pixel tags and other technologies to provide and offer relevant ads.

If you access an external website from our site (external link), the external provider may receive information from your browser about which of our web pages you came to. The external provider is responsible for this data. Like any other website provider, we are unable to influence this process.

B. Website visitors

KGAL is delighted that you have chosen to visit our website and thanks you for your interest in our company, products and services. We want you to be aware of what personal data we collect, when we collect it and how we use it.

1. General

No prior confirmation is required to use our website – except for the nationality query in the institutional login area. When you visit our website, we therefore process the personal data that you provide to us automatically through technical means and/or by way of making contact. In addition, data is transmitted to our partners for analysis and marketing.

2. Who is responsible for processing your data and who is the data protection officer?

KGAL GmbH & Co. KG

Tölzer Straße 15

82031 Grünwald

Telephone +49 89 64143-0

Fax +49 89 64143-150

Email kgal(>@<)kgal.de

and its subsidiaries.

You can contact our company data protection officer at:

Data protection officer of the KGAL Group

Tölzer Straße 15

82031 Grünwald

Telephone +49 89 64143-0

Email: datenschutz(>@<)kgal.de

3. What data do we process about you and for what purpose?

3.1.1. Server log files

When you visit our website or use our services, the device you are using and the internet browser you are using to access our website automatically transmit log data to our server. This log data includes, in particular, the name of the file accessed (website), the amount of data transferred, the type and version of the web browser used, the operating system used (type and version), the date and time the page was accessed, the referrer URL (website from which you accessed our website via a link) and the IP address of the requesting device. Once the IP address is no longer technically required for accessing the website, it is only stored in abbreviated (anonymised) form for statistical evaluation.
The data transmitted automatically as described above is collected and evaluated solely for the purpose of ensuring the proper and optimal presentation of the information offered and for the purpose of statistical evaluations. The legal basis for the processing of personal data is Art. 6 (1) (1) (f) GDPR. It is not possible for us to assign the data automatically transmitted to the server to specific natural persons, i.e. it is not possible to identify you directly on the basis of the automatically transmitted data. However, we would like to point out that, with the assistance of your internet access provider, it is theoretically possible over a certain period of time to determine the owner of the internet connection through which you access our site, on the basis of the transmitted IP address. Your Internet access provider will be able to tell you how long IP addresses used and assigned are stored by the Internet access provider.
We process personal data such as names, addresses, telephone numbers or e-mail addresses on this website only for the purpose of safeguarding our own legitimate business interests with regard to the support of our investors, interested parties and/or other business partners. Otherwise, we use the data you provide voluntarily solely for the purpose for which you have given it to us. We will only use your data for other purposes if you have given us your consent to do so for other offers or marketing purposes.

3.1.2. Press mailing list | Newsletter

If you register for our e-mail newsletter, we will regularly send you information about our offers. The only information required to receive the newsletter is your email address. Any other information you provide is voluntary and will be used to address you personally. We use the double opt-in procedure to send the newsletter. This means that we will not send you an email newsletter until you have expressly confirmed to us that you consent to the sending of newsletters. We will then send you a confirmation e-mail asking you to confirm that you wish to receive future newsletters by clicking on a corresponding link.
By activating the confirmation link, you give us your consent to use your personal data in accordance with Art. 6 (1) 1 lit. a GDPR. When you register for the newsletter, we store your IP address entered by the Internet Service Provider (ISP) as well as the date and time of registration in order to be able to trace any possible misuse of your e-mail address at a later point in time. The data collected by us when registering for the newsletter is used exclusively for the purpose of advertising by means of the newsletter.
You can unsubscribe from the newsletter at any time using the link provided in the newsletter or by sending a message to the controller named at the beginning. After you have unsubscribed, your email address will be immediately deleted from our newsletter distribution list, unless you have expressly consented to further use of your data or we reserve the right to use the data in a manner that goes beyond the scope permitted by law and about which we inform you in this statement.
If you use our contact form in the press mailing list to contact us, the data you enter will also be encrypted (SSL) to protect you against misuse by third parties. You can recognise an encrypted connection by the fact that the address line of the browser changes from ‘http://’ to ‘https://’ and by the lock symbol in your browser line. If SSL encryption is activated, the data you transmit to us cannot be read by third parties.

3.1.3. Handling of e-mails

If you can send a message to KGAL from our website, the transmission is encrypted. We use the e-mail address you provide to reply to you by e-mail with the requested information.
If the content of your message relates to a contractual relationship, we will store the email. The legal basis for the processing of personal data is Art. 6 (1) (b) GDPR. Before you send us an unencrypted e-mail via your internet provider, please bear in mind that the content of the e-mail is not necessarily protected against unauthorised access, tampering, etc. on the internet. Please be aware that external service providers who filter incoming e-mails for us for spam and malware may gain access to your e-mail.

3.1.4 Downloads

Every time you request a file from our download area, access data is stored. Each data set consists of: the page from which the file was requested, the name of the file, the date and time of the request, the amount of data transferred, the access status (file transferred, file not found, etc.), a description of the type of web browser used and the IP address.

4. Who receives your data?

Your enquiries are forwarded to the relevant department at KGAL. We use selected service providers for the technical and organisational implementation of our website. The amount of data transferred is kept to a minimum. These so-called contract processors are contractually obliged to process the data they receive exclusively in accordance with our instructions. The requirements of the General Data Protection Regulation are adhered to. This applies, for example, to data storage. Our certified contract processor stores the data in secure data centres based in the European Union.

5. Cookies | general

We use cookies on various pages to make visiting our website more attractive and to enable you to use certain functions. These are small text files that are stored on your end device (e.g. laptop, tablet, smartphone) when you visit our site. Information is stored in the cookie that results in each case in connection with the specific end device used.
Some of the cookies we use are deleted after the end of the browser session, i.e. after you close your browser (so-called session cookies). Other cookies remain on your end device and enable us or our partner companies (third-party cookies) to recognise your browser the next time you visit (persistent cookies). This means that you do not have to re-enter any information or settings you have already entered.
If cookies are set, they collect and process certain user information such as browser and location data as well as IP address values to an individual extent. Persistent cookies are automatically deleted after a specified period, which may differ depending on the cookie.
If personal data is also processed by individual cookies implemented by us, the processing is carried out in accordance with Art. 6 (1) (b) GDPR either to execute the contract or in accordance with Art. 6 (1) (f) GDPR to safeguard our legitimate interests in the best possible functionality of the website and a customer-friendly and effective design of the site visit.
We may work together with advertising partners who help us to make our website more interesting for you. For this purpose, cookies from partner companies are also stored on your hard drive when you visit our website (third-party cookies). If we work together with the aforementioned advertising partners, you will be individually and separately informed about the use of such cookies and the scope of the information collected in each case in section 6 below.
Please note that you can adjust your browser settings so that you are informed when cookies are set and can decide whether to accept them on a case-by-case basis, or to exclude the acceptance of cookies in certain cases or in general. Each browser differs in the way it manages cookie settings. This is described in the help menu of each browser, which explains how you can change your cookie settings. You can find these for the respective browser at the following links:

Internet Explorer: http://windows.microsoft.com/de-DE/windows-vista/Block-or-allow-cookies

Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen

Chrome: https://support.google.com/chrome/answer/95647?hl=de&hlrm=en

Safari: https://support.apple.com/de-de/guide/deployment/depf7d5714d4/web

Opera: https://help.opera.com/de/latest/web-preferences/#cookies

Please note that if you do not accept cookies, the functionality of our website may be limited. In section 6, you will find explanations, among other things, about the statistics and tracking services used on this website.

6. What services do we use?

6.1.1. Google Analytics

This website uses functions of the web analysis service Google Analytics. The provider of this service is Google Ireland Limited (‘Google’), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Analytics enables the website operator to analyse the behaviour of website visitors.
In doing so, the website operator receives various usage data, such as page views, length of stay, operating systems used and origin of the user. These data are assigned to the respective end device of the user. An assignment to a user ID does not take place.
Furthermore, we can use Google Analytics to record your mouse and scroll movements and clicks, among other things. Furthermore, Google Analytics uses various modelling approaches to supplement the collected data sets and uses machine learning technologies for data analysis. Google Analytics uses technologies that enable the recognition of the user for the purpose of analysing user behaviour (e.g. cookies or device fingerprinting). The information collected by Google regarding the use of this website is usually transferred to a Google server in the USA and stored there.
This service is used on the basis of your consent in accordance with Art. 6 (1) a GDPR and Section 25 (1) TDDDG. This consent may be withdrawn at any time.
Data transmission to the US is based on the standard contractual clauses of the EU Commission.
Details can be found here:

https://privacy.google.com/businesses/controllerterms/mccs/.

The company is certified according to the ‘EU-US Data Privacy Framework’ (DPF). The DPF is an agreement between the European Union and the United States to ensure compliance with European data protection standards for data processing in the United States. Every DPF-certified company is committed to complying with these data protection standards. For more information, please contact the provider at the following link:

https://www.dataprivacyframework.gov/participant/5780.

Defender Pro (Incsub, LLC)
This site uses the third-party WPMU DEV cloud storage to store backups of its audit logs where personal information is collected. An activity log is created and stored that records the IP address, username and e-mail address and records user activity (e.g. when a user posts a comment). The information is stored locally for 30 days and externally for 1 year. Information on remote logs cannot be deleted for security reasons. WP Smush / Smush Image Compression and Optimisation The ‘WP Smush / Smush Image Compression and Optimisation’ plug-in is a service for automatically adjusting the resolution and size of images/photos and graphics. The plug-in is operated by WPMU DEV, Incsub, LLC, PO Box 548 #88100, Birmingham, AL 35201, USA. This involves a multi-stage process as follows: All images/photos and graphics uploaded to this website – exclusively by the website administrator – are uploaded to the WPMU DEV, Incsub LLC server by ‘WP Smush / Smush Image Compression and Optimisation’; optimised on the WPMU DEV, Incsub LLC server; and delivered back to this server.
After optimisation, the data on the servers of WPMU DEV, Incsub LLC are deleted immediately. https://wordpress.org/support/topic/does-wp-smush-track-or-collect-data/ Personal data are not collected by ‘WP Smush / Smush Image Compression and Optimisation’. For more information, see: https://premium.wpmudev.org/project/wp-smush-pro/Hummingbird Hummingbird uses the Stackpath Content Delivery Network (CDN). Stackpath may store website visitor weblog information, including website visitor IPs, UA, referrer, location and ISP information for 7 days. Files and images served from the CDN may be stored and served from countries other than your own. Stackpath’s privacy policy can be found at https://www.stackpath.com/legal/privacy-statement.

6.1.2. Social media | share buttons

Our websites contain forwarding buttons that you can click to share content from our website on social media such as Facebook, Twitter, Linkedin and Xing. We do not use these buttons to share your personal data with social media providers. These are simple links. If you click on a forwarding button, the social media provider collects personal data from you directly. However, we cannot rule out the possibility that the social network operators may see that you were redirected from our site, viewed our company page on the network and possibly interacted with it, and that the operators may use this information for their own advertising purposes. Please read the privacy policy of the social media provider with which you wish to share content before clicking the corresponding redirect button.

7. What data protection rights do you have?

You can revoke your consent to the storage of data, e-mail address and its use for sending the newsletter at any time, for example by using the ‘unsubscribe’ link in the newsletter. You can request information about the data stored about you at the above address. In addition, you can request the correction or deletion of your data. Furthermore, you may have the right to restrict the processing of your data and the right to have the data you have provided published in a structured, common and machine-readable format. You also have the right to lodge a complaint with a data protection supervisory authority.
The data protection supervisory authority responsible for us is:

Bavarian Data Protection Authority (BayLDA)

Promenade 18

D-91522 Ansbach

Germany

E-mail: poststelle(>@<)lda.bayern.de

Alternatively, you can of course contact the KGAL Group Data Protection Officer at any time.

8. What right of objection do you have?

Please refer to Section F. of this data protection notice for more information about your rights.

9. How long will your data be stored?

The duration of the storage of personal data is determined on the basis of the respective legal retention period (e.g. commercial and tax retention periods). After the deadline has passed, the corresponding data is routinely deleted if it is no longer required for the fulfilment or initiation of the contract and/or if we no longer have a legitimate interest in further storage.

10. Is your data transferred to a third country?

Your personal data may be transferred to third countries by our partners for analysis and marketing.

11. Competitions

We occasionally offer competitions on our website. We process the personal data that you provide when entering a competition in order to run the competition. The respective terms and conditions and privacy policy of the competition apply.

12. Profiling measures

The stored data is evaluated for statistical purposes only.

13. Data security

The processing of personal data provided to us is carried out in accordance with legal requirements. KGAL employees will treat as confidential the personal information you provide when you visit our website. All KGAL employees are bound by written data secrecy. The data protection officer and internal auditors regularly check that data protection regulations are being adhered to.
We have implemented the necessary technical and organisational measures to ensure a high level of protection for your personal data: KGAL’s data processing network is protected from the outside world by a state-of-the-art firewall system. KGAL internal applications are only accessible to authorised persons via a registration procedure with an individual user key and password. Within the applications, user rights are restricted according to business needs via legitimation systems.

C. Applicants

We are pleased that you are interested in us and that you are applying or have applied for a position in our company. We would like to take this opportunity to inform you about how your personal data is processed in connection with your application.

1. Who is responsible for processing your data and who is the data protection officer?

The company advertising the position is responsible for data processing. Depending on the position for which you are applying or have applied, this is

KGAL GmbH & Co. KG

Tölzer Straße 15

82031 Grünwald

Telephone +49 89 64143-0

Fax +49 89 64143-150

Email kgal(>@<)kgal.de

or one of its subsidiaries.

You can find more information about our company, details of the authorised representatives and further contact options in the imprint of our website.
You can contact our data protection officer at:

Data protection officer of the KGAL Group

Tölzer Straße 15

82031 Grünwald

Telephone +49 89 64143-0

E-mail: datenschutz(>@<)kgal.de

2. What data relating to you do we process?

The categories of personal data processed include, in particular, your master data (such as first name, last name, name affixes, nationality), contact data (such as private address, telephone number, e-mail address) as well as the data from the entire application process (cover letter, certificates, questionnaires, interviews, qualifications and previous activities). If you have voluntarily provided special categories of personal data (such as health data, religious affiliation, degree of disability) in the application letter or in the course of the application process, processing will only take place if you have consented to this or if a legal authorisation justifies it.

3. For what purposes will your data be processed?

The data processing is used to carry out and process the application procedure and to assess the extent to which you are suitable for the intended activity. The processing of your data is necessary to decide on the establishment of a contractual relationship.

4. What is the legal basis?

The legal basis for the processing of your personal data in this application procedure is Art. 6 (1) sentence 1 lit. b GDPR in conjunction with Section 26 (1) of the German Federal Data Protection Act (BDSG). Accordingly, the processing of data required in connection with the decision to establish an employment relationship is permissible. Processing may also be based on other laws (e.g. BetrVG, AGG) and other legal regulations such as money laundering, tax and social security laws, etc. If the legal basis for data processing is a declaration of consent, you have the right at any time to revoke the consent with effect for the future.
In individual cases, we process your data to protect our legitimate interests or those of third parties (e.g. authorities). This applies in particular to the investigation of criminal offences (legal basis Art. 6 para. 1, sentence 1, lit. f GDPR, in the case of employment relationships in conjunction with § 26 para. 1 sentence 2 BDSG) or the exchange of data within the group for administrative purposes. The processing of special categories of personal data (e.g. health data) is based on your consent in accordance with Art. 9 (2) point a GDPR, in the case of employment relationships in conjunction with § 26 (2) BDSG, unless legal authorisation such as Art. 9 (2) point b, in the case of employment relationships in conjunction with § 26 (3) BDSG, is relevant.

5. Where does your data come from?

As a rule, your personal data is collected directly from you as part of the application process. In addition, we may have received data from third parties (e.g. employment agencies) to whom you have provided your data for forwarding.

6. Who receives your data?

Within our company, your personal data is only received by the individuals and departments (e.g. specialist department and works council) that require it to make decisions regarding the conclusion of a contract and to fulfil our pre-contractual/contractual and legal obligations. The application process is mainly carried out by KGAL GmbH & Co. KG itself, which is why your data is also processed there.

7. What data protection rights can you assert?

You can request information about the data stored about you at the above address. In addition, under certain conditions, you can request the correction or deletion of your data. You may also have the right to restrict the processing of your data and the right to have the data you have provided published in a structured, common and machine-readable format. You also have the right to complain to a data protection supervisory authority.
The data protection supervisory authority responsible for us is:

Bavarian Data Protection Authority (BayLDA)

Promenade 18

91522 Ansbach

E-mail: datenschutz(>@<)kgal.de

Alternatively, you can also contact the data protection officer responsible for you at any time. Please refer to Section F. of this data protection notice for more information about your rights.

8. What right of objection do you have?

If we process your data to protect legitimate interests, you can object to this processing for reasons arising from your particular situation. We will then no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that outweigh your interests, rights and freedoms, or the processing is for the purpose of enforcing, pursuing or defending legal claims.

9. How long do we store your data?

We delete your personal data six months after the application process has been completed if no contractual relationship is established. This does not apply if statutory provisions prevent the deletion or if further storage is required for the purpose of providing evidence or if you have consented to a longer storage period.

10. Do we transfer your data to a third country?

Your personal data will not be transferred to a third country. Third countries are countries outside the European Economic Area.

11. To what extent do automated individual case decisions or profiling measures take place?

We do not use automated processing to bring about a decision. This includes profiling.

D. Tenant

1. Who is responsible for processing your data and who is the data protection officer?

General information: Your landlady is responsible for data processing. She is a party to the rental contract concluded with you, to which we refer at this point. Please use the landlady’s company name, stating the postal address known to you. Would you like to contact one of our management companies known to you? This is the

KGAL GmbH & Co.

Tölzer Straße 15

82031 Grünwald

Telephone +49 89 64143-0

Fax +49 89 64143-150

Email kgal(>@<)kgal.de

or one of its subsidiaries.

You can contact our company data protection officer at:

Data protection officer of the KGAL Group

Tölzer Straße 15

82031 Grünwald

Telephone +49 89 64143-0

Email: datenschutz(>@<)kgal.de

2. What data relating to you do we process?

Relevant personal data includes personal details (name, address and other contact details, date of birth, name and place of birth, occupation, marital status and nationality) and legitimisation data (e.g. ID data) and authentication data (e.g. signature sample) and other master and contract data (e.g. information about existing contracts, payment data, roles of the person concerned (e.g. tenant). In addition, this may also include order data (e.g. payment orders), data from the fulfilment of our contractual obligations (e.g. sales data in payment transactions, information about your financial situation (e.g. salary and creditworthiness data), data on tenant contacts and transaction processing, as well as other data comparable with the categories mentioned.

3. For what purposes is your data processed?

Your personal data is processed for the purpose of providing rental services in response to requests and for the purpose of executing your orders, as well as for all activities necessary for the operation and management of real estate. The purposes of data processing include, among other things, the billing of operating costs, maintenance/repairs and the execution of transactions. Please refer to the respective contract documents for further details on the purpose of data processing.

4. What is the legal basis for the processing?

The processing is carried out in fulfilment of the rental contract and thus in accordance with Art. 6 (1) (b) GDPR. If necessary, we process your data beyond the actual fulfilment of the contract to protect our legitimate interests or those of third parties in accordance with Art. 6 (1) (f) GDPR. This may include consulting and exchanging data with credit reference agencies to determine creditworthiness and default risks, asserting legal claims and defending legal disputes, ensuring IT security and IT operations, preventing and investigating criminal offences, video surveillance to collect evidence in the event of criminal offences and thus protecting tenants and employees, as well as exercising domiciliary rights and building and facility security.
If you have given us your consent to process personal data for specific purposes, the lawfulness of this processing is based on your consent in accordance with Art. 6 (1) sentence 1 point (a) GDPR. Consent that has been given can be withdrawn at any time. Please note that the withdrawal of consent is only effective for the future.
In addition, we are subject to various legal obligations, i.e. legal requirements under Art. 6 (1) sentence 1 lit. c GDPR (e.g. Money Laundering Act, tax laws) as well as regulatory requirements. The purposes of processing include, among other things, credit checks, identity and age verification, fraud and money laundering prevention, the fulfilment of tax control and reporting obligations, the assessment and management of risks, and the provision of information to authorities.

5. where does your data come from?

We process personal data that we receive from you in the course of our business relationship, e.g. via the rental agreement. In addition, we process – to the extent necessary for the provision of our services – personal data that we have legitimately received from partners responsible for you or from other third parties (e.g. SCHUFA) (e.g. based on your consent) and will receive in the future (e.g. to execute orders, to fulfil contracts or based on your consent). On the other hand, we process personal data that we have legitimately obtained from publicly accessible sources (e.g. land registers, commercial and association registers, press, internet, media) and are allowed to process.

6. Who receives your data?

Within KGAL, access to your data is restricted to those individuals who require it to fulfil contractual and legal obligations. Service providers, vicarious agents and processors (Art. 28 GDPR) employed by us may also receive data for the purposes mentioned, provided that they maintain data protection. These include, among others, companies in the categories of real estate management, IT services, telecommunications, debt collection, advice and consulting, and address research.
We may only pass on information about you if this is permitted or required by law, if you have given your consent or if we are authorised to provide information. Under these conditions, recipients of personal data may be, for example: public bodies and institutions (e.g. tax authorities, law enforcement authorities) if there is a legal or official obligation, credit and financial services institutions or comparable institutions to which we transfer personal data in order to carry out the business relationship with you (e.g. guarantors, credit agencies), as well as other companies within the KGAL Group insofar as it is necessary to fulfil the services.

7. What data protection rights can you assert?

Every data subject has the right of access under Article 15 of the GDPR, the right to rectification under Article 16 of the GDPR, the right to erasure under Article 17 of the GDPR, the right to restriction of processing under Article 18 of the GDPR and the right to data portability under Article 20 of the GDPR. The restrictions according to §§ 34 and 35 BDSG apply to the right of access and the right of cancellation. In addition, there is a right of appeal to a competent data protection supervisory authority (Art. 77 DSGVO in conjunction with § 19 BDSG). You can revoke your consent to the processing of personal data at any time. This also applies to the revocation of declarations of consent issued to us before the General Data Protection Regulation came into force, i.e. before 25 May 2018. Please note that the revocation is only effective for the future. You have the option of lodging a complaint with the above-mentioned data protection officer
of the KGAL Group or with a data protection supervisory authority.
The data protection supervisory authority responsible for companies based in Bavaria is:

Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)

Promenade 18

91522 Ansbach

E-Mail: poststelle(>@<)lda.bayern.de

8. What right of objection do you have?

If we process your data to protect legitimate interests, you can object to this processing for reasons arising from your particular situation. We will then no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

9. How long do we store your data?

We process and store your personal data for as long as is necessary to fulfil our contractual and legal obligations. It should be noted that our business relationship is a continuing obligation that is intended to last for years. In addition, we are subject to various storage and documentation obligations arising from the German Commercial Code (HGB) and the German Fiscal Code (AO), among other things. The periods for retention and documentation specified there are up to ten years beyond the end of the business relationship or the pre-contractual legal relationship. Finally, the storage period is also assessed according to the statutory limitation periods, which, for example, according to §§ 195 ff. of the German Civil Code (BGB), are generally three years, but in certain cases can also be up to thirty years.
We delete your personal data as soon as it is no longer required for the above-mentioned purposes. It may be that personal data is stored for the period during which claims can be asserted against our company. We also store your personal data if we are legally obliged to do so. Corresponding obligations to provide evidence and to store data arise, among other things, from the German Commercial Code, the German Fiscal Code and the German Money Laundering Act. Accordingly, the storage periods are up to ten years.

10. Is your data transferred to a third country?

Personal data is only transferred to locations in countries outside the European Union (EU) or the European Economic Area (EEA) (so-called third countries) if it is necessary for the execution of your orders (e.g. a payment order to a third country). Otherwise, no personal data is transferred to third countries.
In the context of remote maintenance of standard IT components, it cannot be ruled out that in isolated cases an IT service provider from a third country (e.g. the US) may in rare cases be given controlled and limited access to personal data for troubleshooting purposes. We will inform you separately of the details, if required by law.
Should it be necessary for us to transfer personal data to service providers in third countries, this will only take place if the EU Commission has confirmed an adequate level of data protection or if other appropriate data protection safeguards (e.g. binding internal company data protection rules or EU standard contractual clauses) are in place.

11. Are you obliged to provide data?

As part of the rental relationship, you are only required to provide the personal data that is necessary for the establishment, execution and termination of the business relationship or that we are legally obliged to collect. Without this data, we will generally have to refuse the conclusion of the contract or the execution of the order or will no longer be able to execute an existing contract and may have to terminate it.

12. To what extent is there automated decision-making in individual cases?

In principle, we do not use any fully automated decision-making processes to establish and implement the business relationship in accordance with Art. 22 GDPR. Should we use these procedures in individual cases, we will inform you of this separately, provided that this is required by law.

13. To what extent is your data used for profiling?

We do not process your data with the aim of evaluating certain personal aspects in an automated manner.

E. Investors

1. Who is responsible for processing your data and who is the data protection officer?

KGAL GmbH & Co. KG

Tölzer Straße 15

82031 Grünwald

Telephone +49 89 64143-0

Fax +49 89 64143-150

Email kgal(>@<)kgal.de

or one of its subsidiaries.

You can contact our data protection officer at:

Data protection officer of the KGAL Group

Tölzer Straße 15

82031 Grünwald

Telephone +49 89 64143-0

Email: datenschutz(>@<)kgal.de

2. What data concerning you do we process?

The categories of personal data processed include, in particular, your master data (such as first name, last name, name affixes, nationality), contact data (such as private address, telephone number, email address) as well as data concerning your participation in one of our products (limited liability capital, amount of liability, capital calls, distributions, etc.) and for payment and other processing (bank details, tax number, responsible tax office, etc.).

3. For what purposes will your data be processed?

The data processing is used to implement the investment offer.

4. What is the legal basis?

The legal basis for the processing of your personal data is Art. 6 (1) sentence 1 lit. b GDPR. This allows the processing of data that is necessary in the performance of a contract. Processing may also be based on other laws and other legal regulations such as money laundering and tax laws. If the legal basis for data processing is a declaration of consent, you have the right at any time to revoke the consent with effect for the future.
In individual cases, we process your data to protect our legitimate interests or those of third parties (e.g. authorities). This applies in particular to the investigation of criminal offences (legal basis Art. 6 (1) sentence 1 lit. f GDPR) or the exchange of data within the group for administrative purposes.

5. Where does your data come from?

As a rule, your personal data is collected directly from you. In addition, we may have received data from third parties (e.g. intermediaries) to whom you have provided your data for forwarding.

6. Who receives your data?

Within our company, only those persons and departments (e.g. specialist department) receive your personal data that they need to decide on the conclusion of the contract and to fulfil our pre-/contractual and legal obligations. Other recipients of your data are those entrusted with the execution and administration of the participation, in particular administrators, tax advisors, auditors and domestic and foreign tax authorities.

7. What data protection rights can you assert?

You can request information about the data stored about you at the above address. In addition, under certain conditions, you can request the correction or deletion of your data. You may also have the right to restrict the processing of your data and the right to have the data you have provided published in a structured, common and machine-readable format. You also have the right to complain to a data protection supervisory authority.
The data protection supervisory authority responsible for us is:

Bavarian Data Protection Authority (BayLDA)

Promenade 18

91522 Ansbach

Email: poststelle(>@<)lda.bayern.de

Alternatively, you can also contact the data protection officer responsible for you at any time. Please refer to Section F. of this data protection notice for more information about your rights.

8. What right of objection do you have?

If we process your data to protect legitimate interests, you can object to this processing for reasons arising from your particular situation. We will then no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that outweigh your interests, rights and freedoms, or the processing is for the purpose of enforcing, pursuing or defending legal claims.

9. How long will your data be stored?

We process and store your personal data for as long as is necessary to fulfil our contractual and legal obligations. It should be noted that our business relationship is a continuing obligation that is intended to last for years. In addition, we are subject to various storage and documentation obligations, which arise, among other things, from the German Commercial Code (HGB) and the German Fiscal Code (AO). The periods for retention and documentation specified there are up to ten years beyond the end of the business relationship or the pre-contractual legal relationship. Finally, the storage period is also assessed according to the statutory limitation periods, which, for example, according to §§ 195 ff. of the German Civil Code (BGB), are generally three years, but in certain cases can also be up to thirty years.
We delete your personal data as soon as it is no longer required for the above-mentioned purposes. It may be the case that personal data is stored for the period during which claims can be asserted against our company. We also store your personal data if we are legally obliged to do so. Corresponding obligations to provide evidence and to retain data arise, among other things, from the German Commercial Code, the German Fiscal Code and the German Money Laundering Act. The storage periods are therefore up to ten years.

10. Is your data transferred to a third country?

Your personal data will not be transferred to a third country. Third countries are countries outside the European Economic Area.

11. Are you obliged to provide data?

As part of the participation relationship, you are only required to provide the personal data that is necessary for the establishment, execution and termination of the participation or that we are legally obliged to collect. Without this data, we will generally have to refuse to conclude the participation or execute the order or will no longer be able to execute an existing contract and may have to terminate it.

12. To what extent do automated individual case decisions or profiling measures take place?

We do not use automated processing to bring about a decision. This includes profiling.

F. YOUR rights

The applicable data protection law grants you comprehensive rights of data subjects (rights of information and intervention) vis-à-vis the data controller with regard to the processing of your personal data, about which we will inform you below:

1. Right of access according to Art. 15 GDPR

In particular, you have the right to request information about your personal data processed by us, the purposes of the processing, the categories of personal data processed, the recipients or categories of recipients to whom your data has been or will be disclosed, the planned storage period or the criteria for determining the storage period, the existence of a right to rectification, erasure, restriction of processing, objection to processing, complaint to a supervisory authority, the origin of your data if it was not collected by us from you, the existence of automated decision-making including profiling and, where applicable, meaningful information about the logic involved and the scope and intended impact of such processing on you, as well as your right to be informed of the guarantees in accordance with Art. 46 GDPR that exist when your data is forwarded to third countries.

2. Right to rectification in accordance with Art. 16 GDPR

You have the right to demand the immediate correction of incorrect data concerning you and/or the completion of incomplete data concerning you that we have stored.

3. Right to erasure in accordance with Art. 17 GDPR

You have the right to request the deletion of your personal data if the requirements of Art. 17 para. 1 GDPR are met. However, this right does not apply in particular if the processing is necessary to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;

4. right to restriction of processing in accordance with Art. 18 GDPR

You have the right to request the restriction of the processing of your personal data as long as the correctness of your data, which you dispute, is being verified, if you refuse to delete your data due to unauthorised data processing and instead request the restriction of the processing of your data, if you require your data for the establishment, exercise or defence of legal claims, after we no longer need this data for the purpose for which it was collected, or if you have objected to processing on grounds relating to your particular situation, pending the verification of whether our legitimate grounds override yours.

5. Right to be informed pursuant to Art. 19 GDPR

If you have asserted the right to rectification, erasure or restriction of processing against the controller, the controller is obliged to communicate any rectification or erasure of personal data or restriction of processing to each recipient to whom the personal data concerning you have been disclosed, unless this proves impossible or involves disproportionate effort. You have the right to be informed about those recipients.
Right to data portability in accordance with Art. 20 GDPR: You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller, where technically feasible;

6. Right to revoke consent granted pursuant to Art. 7 (3) GDPR

You have the right to revoke consent to the processing of data at any time with effect for the future. In the event of revocation, we will delete the data concerned immediately, unless further processing can be based on a legal basis for processing without consent. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation;

7. Right to lodge a complaint in accordance with Article 77 of the GDPR

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.

8. RIGHT TO OBJECT

IF, IN THE CONTEXT OF A BALANCING OF INTERESTS, WE PROCESS YOUR PERSONAL DATA ON THE BASIS OF OUR PREDOMINANT LEGITIMATE INTEREST, YOU HAVE THE RIGHT AT ANY ANY TIME, FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION, TO FILE AN OBJECTION TO THIS PROCESSING WITH EFFECT FOR THE FUTURE.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED. HOWEVER, WE RESERVE THE RIGHT TO CONTINUE PROCESSING IF WE CAN PROVE THAT THERE ARE COMPELLING REASONS FOR PROCESSING WHICH ARE WORTHY OF PROTECTION AND WHICH OUTWEIGH YOUR INTERESTS, fundamental rights and freedoms, or for the establishment, exercise or defence of legal claims.
IF WE PROCESS YOUR PERSONAL DATA FOR THE PURPOSE OF DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR THE PURPOSE OF SUCH MARKETING. YOU MAY EXERCISE YOUR RIGHT TO OBJECT AS DESCRIBED ABOVE.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED FOR DIRECT MARKETING PURPOSES.
September 2024