Last Updated: June 28, 2018

I. General Information

The website www.glorius.com ("website") is a service of GLORIUS GmbH (limited liability), hereinafter also referred to as "GLORIUS" or "we"/"us".

In the following we inform you about the handling of your personal data. If you use our website and GLORIUS’ services, your personal data will be processed.

Because the protection of your privacy is important to us, we would like to inform you of the extent to which your personal data gets processed by us and in what way.

You can access this data protection declaration at any time under the section "Privacy Policy" at https://www.glorius.com/privacy-policy on our website.

We observe the legal provisions of the General Data Protection Regulation ("GDPR"), the Federal Data Protection Act ("BDSG") as well as other data protection regulations.

II. Name and Address of the Controller

GLORIUS, as operator of the website, is responsible for personal data that gets processed when using our website.

GLORIUS GmbH (limited liability)
Represented by CEO Ms. Kirsten Paul
Würzburger Str. 152
D-63743 Aschaffenburg
Phone: +49 (0) 69-6971 4515
E-Mail: info@glorius.com

III. Processing Personal Data

1. Providing the website and creation of log files

a) Description and scope of data processing

Every time you visit our website, your browser transmits the following data which gets automatically saved for technical reasons:

  • information about your browser type and version
  • the operating system you are using
  • the previous website from where you are accessing us (referrer URL) your IP address
  • the date and time when accessing our website

Our system stores your personal data in log files. This data is not stored with other personal data in relation to you.

b) Legal basis for data processing

We process your data temporarily pursuant to Art. 6 Sec. 1 phrase 1 lit. f GDPR.

c) Data processing purpose

It is necessary for us to process your IP address temporarily to enable the website to be made available on your terminal device. Furthermore, we use your personal data to optimize our website and guarantee the security of our IT systems. Your data will not be processed for marketing purposes.

These reasons also reflect our legitimate interest in processing your personal data.

d) Storage period

The aforementioned personal data will be deleted as soon as it is not necessary anymore for achieving the processing purpose. This is the case when the respective session has been ended by you.

IP addresses that are processed in log files will be deleted after seven days. A longer storage period is only appropriate if your IP address is deleted or alienated. In this case it would be impossible for us to draw any conclusions from the IP address to your person.

e) Possibility to object according to Article 21 GDPR

It is not possible to object the processing of this data since it is necessary for the website ́s functioning.

2. Registration to sign up as lender/borrower/partner

a) Description and scope of data processing

On our website, we offer the opportunity to choose your account type and sign up as lender, borrower, or partner. When becoming a lender, borrower, or partner you must enter the following personal data in the online registration form:

  • First and last name
  • E-mail addres
  • Telephone number
  • Correct salutation
  • Nationality
  • Time zone

Personal data collected during the registration process is only processed to provide you with complimentary and/or paid services and information that is available on our website including, but not limited to, providing information about certain real estate markets in the United States.

If you sign up as lender, our website gives you the opportunity to find a borrower. When a deal has been secured, we share some of your personal data with the borrower. When you decide to sign up as borrower, our website gives you the opportunity to find a lender. In this case, we will share some of your personal data with potential lenders. We share your personal data only to the extent that is needed to facilitate a closing of any loan obtained through our website. If you sign up as an affiliated partner, we process your data in order to meet the requirements of the GLORIUS Affiliate Partner Program (GAPP). We share your personal data within ourcorporate group, with companies located in the U.S.A., and listed as participants of the EU-US Privacy Shield to ensure an appropriate level of data protection.

When you register on our website, your IP address, the date, and time of your registration is logged into our server logs and will not be transmitted to third parties.

b) Legal basis of data processing

The personal data we gain through the online registration form is collected based on your consent, therefore, the legal basis for processing your personal data is Article 6 Sec. 1 phrase 1 lit. a GDPR.

Your personal data will be processed according to Article 6 Sec. 1 phrase 1 lit. b GDPR when you are using a paid service we offer on our Website.

The legal basis for collecting and storing your IP address is Art. 6 Sec. 1 phrase 1 lit. f GDPR.

c) Data processing purpose

The personal data we collect with your consent is processed to give you the opportunity to find a lender or borrower.

When you purchase a service offered through our website, we process your personal data to perform the concluded service agreement. If you have registered as partner, we process your data for the purpose of performing the concluded “GAPP” Partner Agreement.

Your IP address, the date, and time of your registration which is collected during the transmission of the online registration form is carried out for our protection, to prevent the misuse of our contact possibilities abused or to prevent an impairment of our IT systems. This purpose constitutes our legitimate interest in processing your personal data.

d) Storage period

Your personal data will be deleted immediately once it is not necessary for achieving the processing purpose.

This is the case, when you cancel your registration on our website and your personal data is not necessary anymore for the performance of a contract you have concluded with us through our website.

If you purchased a service, we store your personal data for the duration of the service agreement and after the limitation period has been expired, beginning with the end of the year in which registration has been terminated. Since we are subject to statutory retention obligations, we are obliged to keep your data stored, even beyond the expiration of the limitation period. In this case we do not delete your data, but we will restrict it. The deletion takes place after the statutory retention obligation has been expired, beginning with the end of the calendar year in which your registration has been cancelled.

Your IP address will be deleted after a period of seven days. However, the date and time of your registration is stored indefinitely.

e) Possibility to withdraw according to Article 7 GDPR

You can cancel your registration at any time. By cancelling, you are withdrawing your consent regarding the processing of your personal data. To execute the withdrawal, there is a button within your registration profile that enables you to close your account. The withdrawal does not affect the legality of the processing of your personal data that has been carried out up to the date of your withdrawal.

f) Possibility to object according to Article 21 GDPR

It is not possible to object to the processing of your IP address, the date, and/or time of registration since this data is necessary for the prevention and prosecution of abuse.

g) Consequences of not providing your personal data

You are not obliged to provide your data for the aforementioned purposes. However, in the event that you do not provide the required data, we cannot guarantee you the benefits of the registration in the desired form.

3. Cookies

a) Description and scope of data processing

We use so-called “cookies” on our website. They serve us to recognize you as a user and to facilitate the usage of our website. Cookies are small text files which get installed on your terminal equipment by your web browser. Mostly so-called "session cookies" are used, they are deleted automatically after your session has been completed.

Other cookies, called "persistent cookies", remain installed on your terminal equipment until they get removed by you. These cookies allow us to identify your web browser when you visit our website the next time.

You can check in your web browser settings to see what cookies are installed on your terminal equipment. You can choose within the predefined scope of your web browser whether cookies should be permitted in individual cases, not be accepted in general, or be deleted automatically after your web browser has been closed. Nevertheless, disabling cookies may limit the usability of our website.

We use cookies to make our website more user-friendly for you. Therefore, some elements of our Website require the possibility to identify the calling browser after a page change has occurred. We store in and request from cookies log-in information for input masks.

b) Legal basis for data processing

We process your personal data according to Art. 6 Sec. 1 phrase 1 lit. f GDPR.

c) Data processing purpose

We use technical cookies that are necessary to optimize the usage of our website. Otherwise we would not be able to offer certain functions on our website. It is essential for these functions that your web browser gets recognized after a page change has occurred. The purpose of this is also for representing our legitimate interest in processing your personal data.

The use of cookies is required for the following applications:

We do not use personal data which is collected by technically necessary cookies to create user profiles.

d) Storage period, possibility to object, and removal according to Article 21 GDPR

Cookies that are installed on your terminal equipment transfer the stored information to our website. Therefore, you have full control of how long cookies are able to store your personal data. You can deactivate or restrict the transmission of cookies by changing the settings in your web browser. Cookies that have already been stored can be deleted at any time. This also can be done automatically. Be aware that when you deactivate these cookies, all the functions we offer through our website may not be available to you anymore.

4. Google Analytics with anonymization function

a) Description and scope of data processing

Our website uses Google Analytics, a web analytics service offered by Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA, hereinafter "Google". By using Google Analytics, cookies will be installed on your terminal equipment that enable Google to analyse your behaviour when you visit our website. These cookies generate information regarding your usage behaviour and transmit the generated information to Google which stores it on servers located in the USA.

Since data protection is very important to us, we allow you to use our website anonymously. Therefore, we use Google Analytics exclusively with the extension "_gat._anonymizeIp". This extension ensures the reduction of your IP address within the territory of the European Economic Area (hereinafter “EEA”), which means, your IP address gets anonymized before leaving the EEA. Only when extraordinary circumstances occur will your IP address be transmitted without reduction to a Google server. In this case the reduction process will be carried out in the USA. According to Google ́s own statement, your IP address will not be merged with other data collected by Google.

Google is listed as participant of the EU-US Privacy Shield and ensures an appropriate level of data protection, see https://www.privacyshield.gov/EU-US-Framework. Further information of how and to what extend your personal data gets processed by Google Analytics can be found in Google ́s Privacy Policy under https://www.google.com/analytics/terms/us.html.

b) Legal basis for data processing

We process your personal data according to Art. 6 Sec. 1 phrase 1 lit. f GDPR.

c) Data Processing purpose

Google uses the collected data to analyse how you have used the website, to prepare and send us a summary of the activity on our website and to offer other services thatare related to the usage of the internet in general or our website in particular. These purposes also represent our legitimate interest in the processing your personal data.

When obliged by law or where Google commissions third parties to process data, it may transfer the collected information to third parties.

d) Storage period

The storage period for cookies used by Google Analytics is restricted to 2 years. You can independently uninstall cookies that got installed by Google Analytics and delete the stored data with it. We will explain how this deletion can be carried out by using your web browser ́s settings in the following section.

e) Possibility to object and removal according to Article 21 GDPR

You are free to prevent the installation of cookies by adjusting your web browser settings accordingly. Google offers for the most popular web browsers a deactivation add-on to enable you to control the collection of data on websites which use Google Analytics. The add-on informs Google Analytics' JavaScript (ga.js) that no information about the visitors of the respective website should be transmitted to Google. However, the deactivation of add-on only prevents the transmission of information that got collected by Google Analytic cookies, information generated by other web analytics services we use will still be transmitted. For more information on installing the respective browser add-on, please visit https://tools.google.com/dlpage/gaoptout.

5. Possibility of contacting via Live-Chat supported by Drift

a) Description and scope of data processing

Our website offers you the opportunity to Live-Chat as a way of direct communication to us. For this we use the service of Drift.com, Inc., 222 Berkeley Street, Suite 600 Boston, MA 02116 (U.S.), hereinafter “Drift”.

When starting a conversation through the Live-Chat on our Website, Drift installs a cookie on your terminal equipment so we can carry out a real time conversation through our website with you. By contacting us through the Live-Chat, your IP address, the date, and time of the request and all the information provided by you during the chat will be transmitted to and stored by Drift on our behalf for processing your inquiry.

Drift is listed as participant of the EU-US Privacy Shield and ensures an appropriate level of data protection, see https://www.privacyshield.gov/EU-US-Framework.

b) Legal basis of data processing

We process your personal data pursuant to Art. 6 Sec. 1 phrase 1 lit. f GDPR.

c) Data processing purpose

The purpose for processing your personal data is to deal with your inquiry and answer your questions. Your request and questions also represent our legitimate interest in the processing your personal data.

d) Storage period

Your personal data gets deleted when it is not necessary anymore to achieve the processing purpose.

Therefore, we delete personal data you sent through the Live-Chat, when the conversation has been ended. The conversation has been ended when the circumstances indicate the relevant matter has been resolved.

We are not aware for how long your personal data will be stored by Drift, neither can we influence it. For more information how and to what extend Drift processes your personal data, see https://www.drift.com/privacy-policy/.

e) Possibility to object according to Article 21 GDPR

You have the possibility to object to the processing of your personal data at any time, however, the conversation cannot be continued. In this case, the personal data stored by us during the communication will be deleted. Please address your objection to info@glorius.com. For the deletion of your personal data stored by Drift, please contact privacy@drift.com.

6. Dispatching e-mail notifications via MailChimp

a) Description and scope of data processing

After completing your registration, you will receive pre-set notifications regarding GLORIUS which are related to your status as a lender, a borrower or an affiliate partner. You can change the notification settings at any time in your GLORIUS account and receive the notifications as system message. For sending the notifications, we use the e-mail address provided by you in the online registration form.

For dispatching our notifications, we use the e-mail dispatching tool MailChimp that is operated by The Rocket Science Group LLC d/b/a MailChimp, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308 USA (hereinafter “MailChimp”) and acts as processor on our behalf. Thus, your name and e-mail address provided during the online registration process will be transmitted to and stored on a server operated by MailChimp. The data you have provided through the online registration (e-mail address, name) will exclusively be used for dispatching the newsletter you have subscribed to and will not be transferred to third parties. The collected data will not be synchronised with to other data we collected through other components of our website.

E-mail notifications sent via MailChimp contain web-beacons (pixel tags). A web-beacon is a pixel-sized image file that collects certain data when the e-mail is opened, for example; the time of retrieval, your IP address, information about the e-mail program you are using, when you open a link that is integrated in the e-mail. This data is sent to a server operated by MailChimp. The name of the image file is individualized for each recipient of the notification e-mail by a unique ID. This enables us to register which ID belongs to which e-mail address. Based on this data MailChimp summarizes a report for us, through which we can recognize if and when you have opened our newsletter and which link contained in the e-mail you have followed.

MailChimp is listed as participant of the EU-US Privacy Shield and ensures an appropriate level of data protection, see https://www.privacyshield.gov/EU-US-Framework.

b) Legal basis for data processing

We process your personal data pursuant to Art. 6 Sec. 1 phrase 1 lit. f GDPR.

c) Data processing purpose

Your e-mail address is processed for sending you notifications via e-mail. We check the e-mail address you have provided to ensure that you are in fact the actual owner of the e-mail address.

We use the information we gain through the web-beacons to continuously improve our notifications and to adapt it to your personal interests. According to its own statements, MailChimp uses the data only in a pseudonymized form to optimize and improve its own offers.

d) Storage period

Your personal data gets deleted when it is not necessary anymore to achieve the processing purpose. We will not use your e-mail address for sending you notifications via e-mail when you have changed the channel for sending you notifications to “system message”. We do not delete your e-mail address because it is needed for you to log in onto our website.

We delete your personal data stored in connection with the use of web beacons when you change the channel for receiving notifications to system message. We have no influence on the use and storage of your data by MailChimp, for more information how and to what extend MailChimp processes your personal data, see https://mailchimp.com/legal/privacy/.

e) Possibility to object according to Article 21 GDPR

You have the possibility to object to receive the notifications via e-mail at any time. For this, log in onto the website and go to “settings” then under “notifications” then set the receiving notifications to “system message” instead of “email”. To object the processing of your collected personal data through MailChimp, please turn to privacy@mailchimp.com.

7. E-mail notifications via Newsletter2go

a) Description and scope of data processing

After completing your registration, you will receive pre-set notifications regarding GLORIUS which are related to your status as a lender, a borrower or an affiliate partner. You can change the notification settings at any time in your GLORIUS account and receive the notifications as system message. For sending the notifications, we use the e-mail address provided by you in the online registration form.

For dispatching our notifications we use the e-mail dispatching tool Newsletter2Go which is operated by the Newsletter2Go GmbH, Köpenicker Str. 126, 10179 Berlin, Germany (hereinafter “Newsletter2Go”) and acts as processor on our behalf. Thus, your name and e-mail address provided during the online registration process will be transmitted to and stored on a server operated by Newsletter2Go. The data you have provided through the online registration (e-mail address, name) will exclusively be used for dispatching the newsletter you have subscribed to and will not be transferred to third parties. The collected data will not be synchronised with to other data we collected through other components of our website.

b) Legal basis for data processing

We process your personal data pursuant to Art. 6 Sec. 1 phrase 1 lit. f GDPR.

c) Data processing purpose

Your e-mail address is processed for sending you notifications via e-mail. We check the e-mail address you have provided, to ensure that you are in fact the actual owner of the e-mail address.

d) Storage period

Your personal data gets deleted when it is not necessary anymore to achieve the processing purpose. We will not use your e-mail address for sending you notifications via e-mail when you have changed the channel for sending you notifications to system message. We do not delete your e-mail address since you need it to log in onto our website. We have no influence on the use and storage of your data by Newsletter2Go, for more information how and to what extend Newsletter2Go processes your personal data, see https://www.newsletter2go.de/datenschutz/.

e) Possibility to object and removal according to Article 21 GDPR

You have the possibility to object to receive the notifications via e-mail at any time. For this, log in onto the website and go to “settings” then under “notifications” then set the receiving notifications to “system message” instead of “email”. To object the processing of your collected personal data through Newsletter2go, please turn to datenschutz@newsletter2go.com.

IV. Rights of the Data Subject

Regarding the processing of your personal data on our website, you are a data subject within the meaning of the GDPR, therefore, you are entitled of the following rights towards us:

  1. Right to be informed

    You have the right to request information about your personal data processed by us at any time. This includes information about the origin, recipients or categories of recipients to whom we transfer your data, and the purposes for which we process your personal data.

  2. The right to rectification

    You have the right to request the rectification of inaccurate personal data concerning you and to have incomplete personal data completed.
  3. Right to erasure and right to restrict processing

    You can ask us to delete your personal data immediately. We are obliged to carry out the deletion immediately unless we are obliged to further process your personal data based on contractual and/or legal regulations. This is the case, for example, if we are prohibited from deleting data under tax law. In such a case we restrict the processing and delete the personal data in question immediately after expiry of the retention period.

  4. Right to data portability

    You have the right to receive your personal data you have provided in a structured, current, and machine-readable format if technically possible. Furthermore, you have the right to transfer this data to another controller without any hindrance.

  5. Rights in relation to automated decision making and profiling

    You have the right not to be a subject of a completely automated decision-making process – including profiling – that has a legal effect against you or significantly impairs you in a similar manner.

  6. Right to appeal to a supervisory authority

    You have the right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data is contrary to the GDPR.

    Our competent supervisory authority is:

Bayerisches Landesamt für Datenschutzaufsicht
Promenade 27 (Schloss), 91522 Ansbach
Postfach 606, 91511 Ansbach
Germany
Phone: +49 (0) 981 53 1300
Facsimile: +49 (0) 981 53 98 1300
E-Mail: poststelle@lda.bayern.de

 

Information on data protection according to Art. 13 GDPR

4/28/2017 | 914 Hits