Data protection

Privacy policy

HIH Invest Real Estate GmbH (hereinafter referred to as “we” or “HIH Invest”) welcomes you to its website. We appreciate your interest in our company and would like to make your visit to our website as pleasant as possible. Responsible handling of your data, which complies with legal requirements in every respect, is a matter of course for us. In the following, we explain how we process your personal data and provide further relevant information in this context. You can find a supplementary privacy policy for our social media channels at: https://www.hih-invest.de/datenschutz-social-media/.

Who is responsible for processing your personal data?

HIH Real Estate GmbH, Ericusspitze 1, 20457 Hamburg, Tel: +49 40 3282-30 Fax: +49 40 3282-3100, datenschutz@hih.de is the controller within the meaning of the EU General Data Protection Regulation (“GDPR”).

Data Protection Officer

For all questions relating to the processing of your personal data and the exercise of your rights under the GDPR, you can contact our data protection officer BEN digital services GmbH at bhansen@hih.de or our data protection team at datenschutz@hih.de.

When and on what legal basis do we collect data about you?

We only process your data if one of the following legal bases applies:
  • You have given us your consent to data processing in accordance with Art. 6 para. 1 lit. a) GDPR. You can revoke your consent at any time with effect for the future.
  • We are entitled to process your data for the establishment, fulfillment or termination of the contract within the framework of contractual or pre-contractual measures required in accordance with Art. 6 para. 1 lit. b) GDPR.
  • We are obliged to process data in order to fulfill legal obligations, e.g. statutory retention obligations with regard to business documents in accordance with Art. 6 para. 1 lit. c) GDPR.
  • We may process your data in the context of the balancing of interests in accordance with Art. 6 para. 1 lit. f) to protect our legitimate interests.

Specifically, we process your data in the following cases:

When accessing our website/server log files

Each time you access our website, your web browser transmits usage data. This includes your IP address and a description of the content accessed (URL). Without the collection and temporary storage of this data for the duration of the session, it is not possible to establish a connection to our server and thus use the website. Depending on the web browser configuration, further data may be transmitted to us, such as browser type, browser version, operating system, referrer URL, host name of the accessing computer, time of the server request100, IP address. In addition, we store technical access data (non-personal data) in so-called server log files after the end of use, such as the name of the requested file, date and time of access, amount of data transferred and the requesting provider. This data is used exclusively to ensure trouble-free operation and to improve the usability of the site, which constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f) GDPR.

Contact and communication

On some pages you can enter personal data in input fields for the purpose of corresponding with us. This data is only processed for the purpose for which you have provided us with the data, e.g. to process your inquiries or to contact you at your request. Our legitimate interest is to process your inquiry or request completely and correctly and, for example, to contact you. The processing of personal data is therefore carried out in accordance with Art. 6 (1) (f) GDPR. If your request is aimed at concluding a contract or an existing contract, Art. 6 (1) (b) GDPR is the legal basis for processing.

E-mail, telephone, fax

If you contact us by e-mail, telephone or fax, we will store and process your request, including all personal data (name, telephone number), for the purpose of processing your request. This data is processed on the basis of Art. 6 para. 1 lit. b GDPR if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the inquiries addressed to us (Art. 6 para. 1 lit. f GDPR). The data you send to us via contact requests will remain with us until the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory statutory provisions – in particular statutory retention periods – remain unaffected. We would like to point out that data transmission over the Internet (e.g. when communicating by email) may be subject to security vulnerabilities. Complete protection of data against access by third parties is not possible. We delete your data processed through contact or communication when the purpose for which you have provided us with your data has been fulfilled or completed and we are not entitled or obliged to further storage for legal reasons.

Categories of recipients when contact is made

If you submit a contact request, your personal data may be transmitted to the companies affiliated with us listed below, insofar as this is permitted within the scope of the above-mentioned purposes and legal bases:

  • HIH Institutional Advisory GmbH
  • HIH Business Development GmbH
  • HIH Projektentwicklung GmbH
  • IntReal International Real Estate Kapitalverwaltungsgesellschaft mbH
  • IntReal Solutions GmbH
  • IntReal Legal Advisory GmbH
  • IntReal Luxembourg S.A Real Exchange GmbH
  • ReaxAdvisory GmbH
  • Eternigy GmbH
  • HIH Real Estate GmbH
  • HIH Center and Project Management GmbH

Use of cookies on our website

Our website uses cookies. These are small text files that your web browser stores on your end device. Cookies help us to make our website more user-friendly, effective and secure. Some cookies are “session cookies”. Such cookies are deleted automatically at the end of your browser session. Other cookies, on the other hand, remain on your device until you delete them yourself. Such cookies help us to recognize you when you return to our website.

Essential cookies

We use so-called essential cookies on our website. These are cookies that are required to carry out the electronic communication process or to provide certain functions that you have requested (e.g. language settings). The legal basis, insofar as personal data is processed, is Art. 6 para. 1 lit. f) GDPR. The website operator has a legitimate interest in the storage of cookies for the technically error-free and optimized provision of its services and otherwise § 25 para. 2 no. 2 TDDSG. We use the following essential cookies on our website:

Borlabs

This website uses Borlabs Cookie, which sets a technically necessary cookie (borlabs-cookie) to store your cookie consent. Borlabs Cookie does not process any personal data. The borlabs cookie stores the consent you gave when you entered the website. If you wish to revoke this consent, simply delete the cookie in your browser. When you re-enter/reload the website, you will be asked for your cookie consent again.

  • Name of the tool/tag type: borlabs-cookie
  • Cookie name: Borlabs Cookie
  • Purpose: Saves the settings of the visitors selected in the cookie box.
  • Term: 1 year
  • Business address and further data protection information: Borlabs GmbH, Hamburger Str. 22, 22083 Hamburg, https://de.borlabs.io/datenschutz/

Server log files

The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are

  • Browser type and browser version
  • Operating system used
  • Referrer URL
  • Host name of the accessing computer
  • Time of the server request
  • IP address
This data is not merged with other data sources. This data is collected on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimization of its website – the server log files must be recorded for this purpose.

External media

Content from video platforms and social media platforms is blocked by default. If you have consented to the use of external media in accordance with Art. 6 para. 1 lit. a) GDPR, you have the option of accessing this media and access to this content no longer requires manual consent. Under the link “Cookie settings” at the bottom left of the website, you can also agree to the use of only individual external media or revoke your consent. You can also prevent the storage of cookies by setting your browser software accordingly. We have integrated the following external media into our website:

Vimeo

This website uses plugins from the video portal Vimeo. The provider is Vimeo Inc, 555 West 18th Street, New York, New York 10011, USA. When you visit one of our pages featuring a Vimeo video, a connection to the Vimeo servers is established. This tells the Vimeo server which of our pages you have visited. Vimeo also obtains your IP address. This also applies if you are not logged in to Vimeo or do not have a Vimeo account. The information collected by Vimeo is transmitted to the Vimeo server in the USA. If you are logged into your Vimeo account, you enable Vimeo to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your Vimeo account. Vimeo uses cookies or comparable recognition technologies (e.g. device fingerprinting) to recognize website visitors. The use of Vimeo is in the interest of an appealing presentation of our online offers. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time. The data transfer to the USA is based on the standard contractual clauses of the EU Commission and, according to Vimeo, on “legitimate business interests”. You can find details here: https://vimeo.com/privacy. Further information on the handling of user data can be found in Vimeo’s privacy policy at: https://vimeo.com/privacy. The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/ participant/5711.

Statistics

If you have consented to the setting of optional statistics cookies, the collection, storage and evaluation of the cookies listed below is based on Art. 6 para. 1 lit. a) GDPR. We use statistics cookies to analyze the use of our website. We only set the following statistics cookies with your consent:

Google Tag Manager

We use the Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Tag Manager is a tool that enables us to integrate tracking or statistical tools and other technologies on our website. The Google Tag Manager itself does not create any user profiles, does not store any cookies and does not carry out any independent analyses. It is only used to manage and display the tools integrated via it. However, Google Tag Manager records your IP address, which may also be transmitted to Google’s parent company in the United States. The Google Tag Manager is used on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the fast and uncomplicated integration and management of various tools on its website. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time. The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified in accordance with the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/ participant/5780.

Google Analytics

This website uses functions of the web analysis service Google Analytics. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics enables the website operator to analyze the behavior of website visitors. The website operator receives various usage data, such as page views, length of visit, operating systems used and origin of the user. This data is summarized in a user ID and assigned to the respective end device of the website visitor. We can also use Google Analytics to record your mouse and scroll movements and clicks, among other things. Google Analytics also uses various modeling approaches to supplement the collected data records and uses machine learning technologies for data analysis. Google Analytics uses technologies that enable the recognition of the user for the purpose of analyzing user behavior (e.g. cookies or device fingerprinting). The information collected by Google about the use of this website is generally transmitted to a Google server in the USA and stored there. The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and §25 para. 1 TDDDG. Consent can be revoked at any time. Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://privacy.google.com/businesses/ controllerterms/mccs/. The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/ participant/5780.

IP anonymization

Google Analytics IP anonymization is activated. As a result, your IP address will be truncated by Google within member states of the European Union or other parties to the Agreement on the European Economic Area prior to transmission to the United States. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website , Google will use this information for the purpose of evaluating your use of the website , compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator . The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

Browser plugin

You can prevent the collection and processing of your data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/ dlpage/ gaoptout?hl=en. You can find more information on how Google Analytics handles user data in Google’s privacy policy at : https://support.google.com/ analytics/answer/ 6004245?hl=en.

Fonts

Adobe Fonts

If you have consented to its use, this website uses web fonts from Adobe for the uniform display of certain fonts. The provider is Adobe Systems Software Ireland Limited, 4-6 Riverwalk, Citywest Business Campus, Dublin 24, Republic of Ireland. When you access this website, your browser loads the required fonts directly from Adobe in order to display them correctly on your device. In doing so, your browser establishes a connection to Adobe’s servers in the USA. This gives Adobe knowledge that this website has been accessed via your IP address. According to Adobe, no cookies are stored when the fonts are provided. The data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here: https://www.adobe.com/de/privacy/eudatatransfers.html. You can find more information about Adobe Fonts at: https://www.adobe.com/de/privacy/eudatatransfers.html. You can find Adobe’s privacy policy at: https://www.adobe.com/de/privacy/eudatatransfers.html. The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. The data is stored and analyzed on the basis of Art. 6 para. 1 lit. a GDPR; consent can be revoked at any time.

How long will your data be stored?

We only store your data for as long as is necessary to achieve the purposes of the data processing or as stipulated by the various storage periods provided for by law. If the respective purpose no longer applies or after the corresponding periods have expired, your data will be blocked or deleted. We delete your data that we process in the context of use,
  • if the data processing is based on Art. 6 para. 1 lit. f) GDPR, you object to the data processing (Art. 17 para. 1 lit. c) GDPR and there are no overriding legitimate reasons for storing your data;
  • if the data processing is based on Art. 6 para. 1 lit. b) GDPR and the contractual relationship between us ends, as long as no statutory retention periods prevent deletion.
If you revoke your consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g. retention periods under tax or commercial law); in the latter case, deletion will take place after these reasons no longer apply.

Surfing our website

“Session cookies” are deleted automatically at the end of your browser session. However, other cookies remain on your device for longer (see above).

Security during data transmission

This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line. If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

What rights do you have?

You have the following rights vis-à-vis us with regard to your personal data:

Information

You have the right to receive information about your personal data processed by us and to request access to your personal data and/or copies of this data.

Correction

You have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

Right of withdrawal

If the processing is based on consent, you have the right to withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

Right to erasure

You have the right to demand that we delete personal data concerning you immediately, and we are obliged to delete personal data immediately if the legal requirements of Art. 17 GDPR are met.

Right to object to the collection of data in special cases and to direct marketing (Art. 21 GDPR)

If data processing is carried out on the basis of Art. 6 para. 1 lit. f GDPR, you have the right to object to the processing of your personal data at any time for reasons arising from your particular situation; this also applies to profiling based on these provisions. The respective legal basis on which processing is based can be found in this privacy policy. If you object, we will no longer process your personal data concerned unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or the processing serves the establishment, exercise or defense of legal claims (objection pursuant to Art. 21 (1) GDPR). If your personal data are processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling insofar as it is associated with such direct marketing. If you object, your personal data will subsequently no longer be used for the purpose of direct marketing (objection pursuant to Art. 21 (2) GDPR).

Right to restriction of processing

You have the right to obtain from us restriction of processing where the legal requirements of Art. 18 GDPR are met. If processing has been restricted in accordance with the above requirements, such personal data may only be processed – with the exception of storage – with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State. If you have obtained restriction of processing, we will inform you before the restriction of processing is lifted.

Right to data portability

You have the right, if the processing is based on your consent or a contract and is carried out by automated means, to request that we provide your personal data in a machine-readable format.
SSL or TLS encryption.

Right of appeal

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR. A list of the data protection supervisory authorities, including the data protection officers and their contact details, can be found at the following link: https://www.bfdi.bund.de/ EN/Citizens/content/general/specific-authorities/specific-authorities.html. The assertion of these rights is free of charge for you.

Necessity of the provision of personal data

The provision of personal data is neither legally nor contractually required, nor are you obliged to provide the personal data. However, the provision of personal data is necessary in order to contact us. In addition, it is not guaranteed that you will be able to access all functions of this website without restrictions if you do not agree to the use of optional cookies or your browser does not allow cookies.

Updating this data protection notice

It may be necessary to update this privacy policy from time to time. You will find the current version here.

Other

You can print and save this privacy policy directly, for example by using the print or save function in your browser. This privacy policy was created on September 5, 2024.

Xing Linkedin
© 2025 HIH Invest Real Estate GmbH
Scroll to Top
Search
Xing Linkedin

Kontakt

Haben Sie Fragen zu einem bestimmten Themen oder möchten in den persönlichen Austausch mit uns gehen? Schreiben Sie uns einfach und bequem eine Nachricht über das Kontaktformular.