oben / top  |  Navigation  |  Navigation (Breadcrumb Trail)  |  Navigation (untergeordnet)  |  Inhalt / Content  |  unten / bottom

Data Privacy Statement

We appreciate your interest in our website and our Company.

Protecting your Personal Data processed during your visit to our website is very important to us.

You can generally use our website without providing any Personal Data. However, your Personal Data must be processed to use our order service, investor relations communication or contact form. In this case, we will obtain your consent as the Data Subject.

We process your Personal Data, e.g., your name or e-mail address, within the framework of the applicable data protection rules (in particular, the General Data Protection Regulation (GDPR) and German Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG) as amended from time to time. We would like to take the time to inform you of the type, scope and purpose of processing your Personal Data and of your rights as the Data Subject.

We, alstria office REIT-AG, as processing Controller, have implemented technical and organizational measures to offer the fullest possible protection of your data during your visit to this website. However, given that Internet-based data transfers can lead to security gaps, absolute protection cannot be guaranteed. You may therefore also provide your data in another manner, such as by telephone.


I. Definitions

Our data privacy statement uses terms as they are also found in the GDPR. We would like to explain a few terms below to make this data privacy statement easier to read and understand:


Personal Data (Cf. Art. 4 No. 1 of the GDPR)

“Personal Data” means any information related to an identified or identifiable natural person (hereinafter, “Data Subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.


Processing (Cf. Art. 4 No. 2 of the GDPR)

“Processing” means any operation or set of operations which is performed on Personal Data, whether or not by automated means, such as collection, recording organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, or otherwise making available, alignment or combination, restriction, erasure or destruction.


Restriction of Processing (Cf. Art. 4 No. 3 of the GDPR)

“Restriction of Processing” means the marking of stored Personal Data with the aim of limiting their processing in the future.


Profiling (Cf. Art. 4 Np. 4 of the GDPR)

“Profiling” means any form of automated processing of Personal Data consisting of the use of Personal Data to evaluate certain personal aspects relating to a natural person, in particular to advise or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.


Pseudonymization (Cf. Art. 4 No. 5 of the GDPR)

“Pseudonymization” means the processing of Personal Data in such a manner that the Personal Data can no longer be attributed to a specific Data Subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the Personal Data is not attributed to an identified or identifiable natural person.


Controller (Cf. Art. 4 No. 7 of the GDPR)

“Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data, where the purposes and means of such processing are determined by Union or Member State law, the Controller or the specific criteria for its nomination may be provided for by Union or Member state law.


Processor (Cf. Art. 4 No. 8 of the GDPR)

“Processor” means a natural or legal person, public authority, agency, or other body which processes Personal Data on behalf of the Controller.


Recipient (Cf. Art. 4 No. 9 of the GDPR)

“Recipient” means a natural or legal person, public authority, agency or another body, to which the Personal Data is disclosed, whether a third party or not. However, public authorities which may receive Personal Data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.


Third Party (Cf. Art. 4 No. 10 of the GDPR)

“Third Party” means a natural or legal person, public authority, agency or body other than the Data Subject, Controller, Processor and persons who, under the direct authority of the Controller or Processor, are authorized to process Personal Data.


Consent (Cf. Art. 4 No. 11 of the GDPR)

“Consent of the Data Subject” means any freely given, specific, informed and unambiguous indication of the Data Subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of Personal Data relating to him or her.


II. Recording of General Data and Information

When we received data from you, we will in principle only process it for these purposes that we received it or we collected it.

A data processing for other purposes comes only into question, if the required legal provisions pursuant to Art. 6(4) GDPR are given. Any information duties pursuant to Art. 13(3) GDPR and Art. 14(4) will be considered by us naturally.


III. Recording of General Data and Information when accessing the homepage

Our website records general data and information each time our Internet site is accessed by a Data Subject or an automated system. This general data and information is stored in log files on the server. The following data may be collected in such process:

•    IP-address of the requesting computer;

•    Date and time of access;

•    Name and URL of the downloaded file;

•    Amount of data transferred;

•    Indication whether the download of data was successful;

•    Data identifying browser and operating system used;

•    Name of the Internet-access provider;

•    Mouse, scrolling, data input and windowing behavior;

•    Internet site from which the accessing system reaches our Internet site (“referrer“);

•    Sub-websites of our Internet site accessed via an accessing system;

•    Other similar data and information serving to avert risks in the event of attacks on our IT systems.

We use this data to ensure the proper display of our website and the functionality of our IT systems and our website. In addition, we will provide this data to public authorities for criminal prosecution in the event of a cyberattack and, if necessary, to assert our own damage compensation claims.

We do not draw any conclusions about Data Subjects when processing their data. We statistically analyze the data in part. The anonymous data of the server log files is stored separately from all Personal Data provided by Data Subjects.


IV. Google Analytics and Cookies

Our website uses Google Analytics, a web analysis service of Google Inc. (“Googleˮ). Google Analytics uses “cookiesˮ to analyze the usage behavior of website users, i.e., you.

Cookies are text files that are stored on a computer via an Internet browser. Many cookies contain a cookie ID. A cookie ID is an unambiguous identifier of the cookie. It consists of a series of characters through which Internet pages and servers can be attributed to the specific Internet browser in which the cookie was stored. This enables the Internet sites and servers accessed to differentiate between the individual browsers of the Data Subjects and other Internet browsers containing other cookies. A specific Internet browser can be recognized and identified by an unambiguous Cookie ID.

The information generated by a cookie through the use of this website is generally transferred to and stored on a Google server in the United States. However, due to the activation of anonymization on this website, your IP address is shortened by Google within the member states of the European Union or in other contractual states of the Agreement on the European Economic Area. Only in exceptional cases the complete IP address is transferred to a Google server in the United States and shortened there.

Google will use this information on our behalf to evaluate your use of the website, to generate reports regarding website activities and to provide other services vis-à-vis the website operator related to the use of the website and the Internet. The IP address provided by your browser within the framework of Google Analytics will not be combined with other data by Google. You can prevent the storage of cookies by configuring your browser software correspondingly; however, we would like to point out to you that you might not be able to use all functions of this website in full in such case. In addition, you can prevent the recording of the data generated by the cookie and concerning your use of this website (including your IP address) and its transmission to Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link (

More information about the terms and conditions of use and data protection can be found at and Please note that Google Analytics was expanded by the anonymization method on our website to guarantee the anonymous recording of IP addresses (“IP masking”).

This website uses Google Analytics reports on demographic characteristics in which data is used from Google interest-based advertising as well as access data from third-party providers (i.e., age, gender and interests). Such data cannot be traced back to any one certain person and may be deactivated at any time via the display settings.


V. Order Service and Contact Form

We need your full name and address to send you our reports that you order. You also need to provide your e-mail address so that you can be contacted with any questions and the reports can be sent to you via e-mail. The data provided by you on the form will be sent to us by e-mail. The data will be deleted after the order has been sent.

We enable you to contact us via a form on our website that sends the information you provide to us by e-mail. The data sent to us will be stored and used solely for the purpose of processing your inquiry. Your data will be deleted after your inquiry has been processed in full.

It is possible that your Personal Data will be passed on to one or more order Processers, such as a package service, which will likewise only use your Personal Data for internal processing which can be attributed to the Data Processing Controller.

You are naturally entitled to the rights for Data Subjects described under No. X below with regard to the data provided by you. Please contact our data protection officer for all these matters (Cf. No. XII below).


VI. Investor Relations Communication

We send out investor relations communication to update you on alstria’s development by press releases and other relevant investor relations communication (invitation to quarterly calls, ad-hoc-announcements…). The press releases contain updateson financial figures, reports and all important company-related events. It might contain information regarding the operation of the investor relations communication service. To subscribe to the investor relations communication, we need your name and e-mail address to which the investor relations communication should be sent. All other information is voluntary.

We use a double opt-in procedure for our investor relations communication distribution. This means that we will only send you investor relations communications if you confirm your registration by providing your e-mail address via an e-mail sent by us and confirm again via a link provided to you in an e-mail. This is to ensure that only you yourself as the user of the e-mail address provided can register for the investor relations communication. You must confirm your subscription promptly after receiving our e-mail because otherwise your registration and e-mail address will be deleted from our database. Our investor relations communication service will not accept any further registrations under that e-mail address until you confirm your registration.

You can unsubscribe to investor relations communication you ordered from us at any time. To cancel your subscription, you can either send us an e-mail ([email protected]) or follow the link at the end of the investor relations communication.

We administer your name and communication data you provided us for the investor relations communication distribution via a service provider. Our service provider, Mailchimp by The Rocket Science Group LLC, Georgia, USA, does not use the data itself but only to assist us in the distribution of the investor relations communication. You can find further information on the data policy of our service provider here.

In addition, we do not pass your data on to others or use it for other purposes.


VII. Data Protection in Employment Applications or Application Processes

We process the Personal Data of applicants in the course of employment application processes electronically. For example, when you send us your application via e-mail. The data is processed solely to review the initiation of the process, or, if the application is successful, to later carry out an employment relationship. If no employment agreement is concluded, we delete your employment application three months after notifying you of the rejection unless there is a justified interest in conflict to the deletion thereof.  


VIII. Legal Basis for Processing

Our data processing may be based on the following legal bases:

a)    You have given your consent to the processing of your Personal Data for one or more purposes (Cf. Art. 6(1) Lit. a of the GDPR). We need your consent, for example, to send you the investor relations communication or reports (order service).

b)    Processing is necessary for the performance of a contract, to which you are a party or to take steps your request prior to entering into a contract (Cf. Art. 6 (1) Lit. b of the GDPR). This is for example the case in an employment application process or for review prior to the conclusion of a lease relationship.

c)    Processing is necessary for compliance with a legal obligation to which we are subject (Cf. Art. 6(1) Lit. c of the GDPR). This is, for example, the case with regard to tax duties.

d)    Processing is necessary to protect your vital interests or those of another natural person (Cf. Art. 6(1) Lit. d of the GDPR). This could be the case, for example, if a guest injures itself at our Company as we would then pass his or her data on to a doctor or emergency medical technician.

e)    Processing is necessary to protect our legitimate interests or the legitimate interests of a third party, except where your interests or fundamental rights and liberties requiring the protection of Personal Data prevail, in particular when a child is involved (Cf. Art. 6 (1) Lit. f of the GDPR). As a rule, our legitimate interests lie in the conduct of our business in favor of all our stakeholders (employees, tenants, business partners, investors…).


IX. Other information (Necessity of Processing Data)

We process your data in order to fulfill our own legal duties or contractual duties. Therefore, it might be necessary for you to provide us your Personal Data (e.g., name and address) for the conclusion of an agreement. If you do not, we cannot conclude the agreement because it is necessary to process data to perform the agreement or to fulfill our legal duties. If you are of the opinion that it is not necessary to process your Personal Data, we would ask that you contact our employees so that they can review in each specific case whether it is necessary for you to provide us your Personal Data.


X. Erasure and Blocking

We will only process your data as long as it is necessary or to the extent prescribed by German statutory or European law.

If the reason for storing / processing your data no longer exists or a storage period in accordance with German or European law expires, we will erase or block your respective Personal Data.


XI. Rights of Data Subjects

As a Data Subject affected by our data processing you have various rights in accordance with the GDPR which we would like to briefly point out to you in excerpts. The rights mentioned below may be restricted by the rights of other or legal stipulations which, however, will not be elaborated further below.

Please contact our data protection officer (Cf. No. XI below) to exercise your rights as Data Subjects.


Right to Information

As a Data Subject, you have a right to request a confirmation from us as to whether we process your Personal Data.

In addition, in accordance with the GDPR, you have the right to request us to provide information regarding the Personal Data stored about you and to receive a copy of such data. The GDPR stipulates a right to the following information:

a) thepurpose of processing the data,

b) the categories of Personal Data processed,

c) the Recipient or categories of Recipients, to which the Personal Data is or will be disclosed, in particular with regard to recipients in other countries or to international organizations,

d) if possible, the planned duration for which the Personal Data is to be stored, or, if this is not possible, the criteria for determining such duration,

e) the existence of a right to correct or delete your personal data or to the restriction of the processing by the Controller or a right to object such processing,

f) the existence of a right to complain to a supervisory authority,

g) if your Personal Data is not collected, all available information about the origin of the data,

h) the existence of an automated decision-making processing including profiling pursuant to Article 22(1) and (4) of the GDPR and — at least in these cases — meaningful information about the logic involved and the reach and aspired effects of such processing for your person.

In addition, we will inform you if your Personal Data is transmitted to another country or to an international organization. In this case, you can also request information regarding suitable guarantees in connection with such transmission.


Right to Rectification

As a Data Subject, you have the right to obtain that the rectification of any of your Personal Data that is inaccurate without undue delay. Taking into account the purpose of processing, you have the right to have incomplete data completed, including by means of providing a supplementary statement.


Right to Erasure (Right to be Forgotten)

As a Data Subject you have the right to obtain the erasure of your Personal Data without undue delay where one of the following grounds apply:

a) the Personal Data are no longer necessary in relation to the purpose for which they were collected or otherwise processed;

b) You withdraw your consent on which the processing is based according to Art. 6(1) Lit. a or Art. 9(2) Lit. a of the GDPR and where there is no other legal grounds for the processing;

c) You object to the processing pursuant to Art. 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21(2) of the GDPR;

d) The Personal Data have been unlawfully processed;

e) Your personal data have to be erased for compliance with a legal obligation in Union or Member State law, to which we are subject;

f) Your Personal Data have been collected in relation to the offer of information society services referred to in Art. 8(1) of the GDPR.

If we have made your Personal Data public and are obligated pursuant to Art. 17 (1) of the GDPR to erase your Personal Data, we, taking into account of available technology and the cost of implementation, will take reasonable steps, including technical measures, to inform other controllers which are processing your Personal Data that you have requested the erasure by such controllers of any links to, copy or replications of your Personal Data.


Right to Restriction of Processing

As a Data Subject you have the right to obtain from us restriction of processing where one of the following applies:

a) The accuracy of your Personal Data is contested by you, for a period enabling us to verify the accuracy of your Personal Data.

b) The processing is unlawful and you oppose the erasure of your Personal Data and request the restriction of their use instead.

c) We no longer need your Personal Data for the purposes of processing, but they are required by you for the establishment, exercise or defense of legal claims.

d) You have objected to processing pursuant to Art. 21(1) of the GDPR pending the verification whether the legitimate grounds of us override those of you.


Right to Data Portability

As a Data Subject you have the right to receive your Personal Data you provided to us from us in a structured, commonly used and machine-readable format and you have the right to transmit those data to another controller without our hinderance, provided where

a) the processing is based on consent pursuant to Art. 6(1) Lit. a or Art. 9 (2) Lit. a of the GDPR or on a contract pursuant to Art. 6(1) Lit. b of the GDPR and

c) the processing is carried out by automated means. In exercising your right to Data Portability, you have the right to have your Personal Data transmitted directly from one controller to another, wheretechnically feasible.


Right to Object

As a Data Subject you have the right to object, on grounds relation to your particular situation at any time to processing of your Personal Data which is based on Art. 6 (1) Lit. e or f of the GDPR, including profiling based on those provisions. In this case, we will no longer process your Personal Data unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.

If we process your Personal Data for direct marketing purposes, you as a Data Subject have the right to object at any time to the processing of your Personal Data for such marketing, which includes profiling to the extent that is related to such direct marketing.

In addition, you as a Data Subject on grounds resulting from your particular situation, have the right to object to the processing of your Personal Data for scientific or historical research purposes or statistical purposes pursuant to Art. 89 (1) of the GDPR, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

To exercise your right, you may contact us or, notwithstanding Directive 2002/58/EC and in the context of the use of information society service, exercise your right to object by automated means using technical specifications.


Rights related to Automated Individual Decision-making, including Profiling

As a Data Subject, you have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects for you or similarly significantly affects you. This shall not apply if the decision

a) is necessary for entering into, or performance of, a contract between you and us;

b) is authorized by Union or member state law two which we are subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests or

c) is based on your explicit consent.

If the decision is

a) necessary for entering into, or performance of, a contract between you and us or

b) is based on your explicit consent, we will implement suitable measures to safeguard your rights and freedoms and your legitimate interests, at least the right to obtain human intervention at our company, to express your point of view and to contest a decision.

We do not use automated individual decision-making or Profiling.


Right to Withdraw Consent

As a Data Subject you have right to withdraw your consent to process your Personal Data at any time.


Right to File a Complaint

Irrespective of any other legal recourse in administrative law or court, as a Data Subject you have the right to file a complaint at a supervisory authority, in particular in the member state of your place of residence, your place of employment or the location of the alleged breach if you are of the opinion that the processing of your Personal Data breaches the GDPR.


XII. Data Protection Officer

The data protection officer of the Controller responsible for processing data is:

Ms. Lea Evans

c/o alstria office REIT-AG

Steinstr. 7

20095 Hamburg


Fax: +49 (0)40 22 63 41 310

E-Mail: [email protected]

Data Subjects may contact our data protection officer directly with any questions or concerns regarding data protection.


XIII. Controller

The Controller is:

alstria office REIT-AG

Steinstr. 7

20095 Hamburg


Tel.: +49 (0)40 22 63 41 300

E-Mail: [email protected]


Please see our imprint for our management and additional information about the company.

As per 31 May 2018