Horizontower Eschborn Privacy

Any collection, use, storage, deletion, or other use (hereinafter referred to as "processing") of data is solely for the purpose of providing our services. Our services have been designed with the aim of using as little personal data as possible. In this context, "personal data" (hereinafter also referred to as "data") means all individual details about the personal or factual circumstances of an identified or identifiable natural person (known as the "data subject"). The following information on data protection describes what types of personal data are processed when you visit our website, what happens to this personal data, and how you can object to data processing if necessary.

1 General information on data processing on this website

1.1 Responsible

The controller within the meaning of the EU General Data Protection Regulation (GDPR) is:

NAS Invest AcquiCo 65 S.à r.l
33 rue du Puits Romain,
L-8070 Bertrange
Luxembourg
Phone 069913948044 Email info@nas-invest.com Website: https://horizon-eschborn.de

1.2 Data protection officer

The data protection officer of the company responsible is:

The data protection officer is:
Alexander Hönsch from WS Datenschutz GmbH

If you have any questions about data protection, you can contact WS Datenschutz GmbH at the following email address: nas-real@ws-datenschutz.de

WS Datenschutz GmbH
Dircksenstraße 51
D-10178 Berlin
https://webersohnundscholtz.de

1.3 Protection of your data

We have taken technical and organizational measures to ensure that the provisions of the GDPR are observed both by us and by external service providers working on our behalf.

If we work with other companies, such as email and server providers, to provide our services, this is only done after an extensive selection process. In this selection process, each individual service provider is carefully selected for its suitability in terms of technical and organizational capabilities in data protection. This selection process is documented in writing and a contract in accordance with Art. 28 (3) GDPR on the processing of personal data on behalf of others (AV contract) is only concluded if it meets the requirements of Art. 28 GDPR.

Your data is stored on specially protected servers. Access to these servers is only possible for a few specially authorized persons.

Our website is SSL/TLS encrypted, which you can recognize by the "https://" at the beginning of the URL.

1.4 Deletion of personal data

We only process personal data for as long as necessary. Once the purpose of data processing has been fulfilled, the data is blocked and deleted in accordance with the standards of the local deletion concept, unless legal regulations prevent deletion.

2 Data processing on this website and creation of log files

2.1 Description and scope of data processing

When you visit our website, our web servers temporarily store each access in a log file. The following personal data is collected and stored until it is automatically deleted:

IP address of the requesting computer
Date and time of access
Name and URL of the file accessed
Amount of data transferred
Message indicating whether the retrieval was successful
Identification data of the browser and operating system used
Error messages (if caused)

In addition to this personal data, further personal data may be collected by us and our partners; more information on this is provided below.

2.2 Legal basis for data processing

This data is processed on the basis of Art. 6 (1) (f) GDPR. Our legitimate interest is based on making our website accessible to you.

2.3 Purpose of data processing

Data processing is carried out for the purpose of enabling the use of the website (connection establishment). It serves system security, technical administration of the network infrastructure, and optimization of the Internet offering. The IP address is only evaluated in the event of attacks on our network infrastructure or the network infrastructure of our Internet provider.

2.4 Duration of data storage

Personal data is deleted as soon as it is no longer required for the above-mentioned purposes. This is the case when you close the website. Our hosting provider may use the data for statistical surveys. However, the data is anonymized for this purpose. The data is deleted by our hosting provider after 30 days.

2.5 Option for deletion by the data subject

The collection of data for the provision of the website and the storage of data in log files is essential for the operation of the website. Consequently, there is no possibility for the user to object. You can find out more about data processing at kbit.de and exercise your rights by sending a form-free email with the relevant subject line, stating your name, address, and date of birth, to: kbit GmbH, Owner: Managing Director, Im Neuen Garten 10, 14770 Brandenburg an der Havel, Germany.

2.6 Hosting service provider Kontor Business IT GmbH

We use the service provider kbit.de as our hosting provider. kbit.de uses cookies. These help to make our website usable by enabling basic functions such as page navigation and access to the website. Data processing is carried out by:
kbit GmbH, Im Neuen Garten 10, 14770 Brandenburg an der Havel, Germany. Further information can be found in the privacy policy of kbit.de: https://kbit.de/datenschutz/

2.6.1 Duration of data storage

The data will be deleted once the purpose of data processing has been achieved and there are no legal, regulatory, or contractual retention periods that prevent deletion.

2.6.2 Option for deletion by the data subject

3 Contact

3.1 Description and scope of data processing

It is possible to contact us by telephone via our website. Various data is required to respond to the inquiry.
The data will not be passed on to third parties.

3.2 Legal basis for data processing

The legal basis used here is Art. 6 (1) (b) GDPR.

3.3 Purpose of data processing

We process your data exclusively for the purpose of processing your contact request.

3.4 Duration of data storage

We will delete your data as soon as the purpose of data processing has been fulfilled, usually immediately after responding to your request. In rare cases, however, we may store your data for a longer period of time. This may be due to legal, regulatory, or contractual obligations.

3.5 Option for removal by the data subject

You can contact us at any time and object to further processing of your data. In this case, we will unfortunately be unable to continue communicating with you. All personal data processed by us in the course of contacting you will be deleted in this case, unless there are legal obligations to retain your data that prevent deletion.

4 Other third-party tools

We also use third-party providers to help us with the page layout and functionality of the website. These are listed below:

4.1 Font Awesome

4.1.1 Description and scope of data processing

This website uses the Font Awesome product from Fonticons, Inc. for the uniform display of fonts. When you visit a page, your browser loads the required web fonts into your browser cache to display texts and fonts correctly. We have integrated the web fonts locally on our own website so that the provider does not gain knowledge that our website has been accessed via your IP address.
If your browser does not support web fonts, a standard font from your computer will be used.
According to its own statement, Font Awesome respects data protection rights in accordance with Regulation (EU) 2016/679, the European Union's General Data Protection Regulation (GDPR).

4.1.2 Legal basis for data processing

The legal basis is based on our legitimate interest pursuant to Art. 6 (1) (f) GDPR.

4.1.3 Purpose of data processing

The purpose of data processing is the uniform display of fonts and icons on our website.

4.1.4 Duration of data storage

No data is stored.

4.1.5 Option for the data subject to erase the data

You can set your browser so that it does not support web fonts. In this case, a standard font from your computer will be used.

5 Data transfer to a third country

In order to provide our services, we use the support of service providers from the European Union as well as from third countries. To ensure the protection of your personal data even in the case of data transfer to a third country, we conclude special order processing agreements with each of the carefully selected service providers. All service providers we use have sufficient evidence that they ensure data security through appropriate technical and organizational measures. Our service providers from third countries are either located in countries that have an adequate level of data protection recognized by the EU Commission (Art. 45 GDPR) or have provided appropriate safeguards (Art. 46 GDPR).
Adequate level of protection: The provider comes from a country whose adequate level of data protection has been recognized by the EU Commission. For more information, see: Adequacy decisions (europa.eu)
EU standard contractual clauses: Our provider has submitted to the EU standard contractual clauses to ensure secure data transfer. For more information, see: https://eurlex.europa.eu/eli/dec_impl/2021/914/oj?uri=CELEX%3A32021D0914&locale=en
Binding Corporate Rules: Article 47 of the GDPR provides for the possibility of ensuring data protection when transferring data to a third country through binding internal data protection rules. These are reviewed and approved by the competent supervisory authorities as part of the consistency procedure under Article 63 of the GDPR.
Consent: Furthermore, data will only be transferred to a third country without an adequate level of protection if you have given us your consent in accordance with Art. 49 (1) (a) GDPR or if another exception under Art. 49 GDPR applies to the data transfer.

6 Your rights

You have the following rights vis-à-vis us with regard to your personal data:

6.1 Right to withdraw consent (cf. Art. 7 GDPR)

If you have given your consent to the processing of your data, you can revoke it at any time. Such revocation affects the permissibility of the processing of your personal data for the future after you have notified us of your withdrawal. It can be made verbally, in writing by mail, or by email.

6.2 Right to information (cf. Art. 15 GDPR)

In the event of a request for information, you must provide sufficient details of your identity and provide proof that the information relates to you. The information concerns the following:

the purposes for which the personal data are processed;
the categories of personal data that are processed;
the recipients or categories of recipients to whom your personal data has been or will be disclosed;
the planned duration of storage of the personal data concerning you or, if specific information on this is not possible, criteria for determining the storage period;
the existence of a right to rectification or erasure of personal data concerning you, a right to restriction of processing by the controller, or a right to object to such processing;
the existence of a right to lodge a complaint with a supervisory authority;
any available information on the origin of the data if the personal data is not collected from the data subject;
the existence of automated decision-making, including profiling, pursuant to Art. 22 (1) and (4) GDPR and, at least in these cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

6.3 Right to rectification or erasure (cf. Articles 16 and 17 GDPR)

You have the right to request that we, as the controller, rectify and/or complete your personal data if it is inaccurate or incomplete. The controller must rectify the data without delay.

In addition, you may request the erasure of personal data concerning you if one of the following reasons applies to you:

The personal data concerning you is no longer necessary for the purposes for which it was collected or otherwise processed.
You revoke your consent on which the processing was based in accordance with Art. 6 (1) (a) or Art. 9 (2) (a) GDPR, and there is no other legal basis for the processing.
You object to the processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 (2) GDPR.
The personal data concerning you has been processed unlawfully.
The erasure of personal data concerning you is necessary to comply with a legal obligation under Union law or the law of the Member States to which the controller is subject.
The personal data concerning you was collected in relation to the information society services offered in accordance with Art. 8 (1) GDPR.

If we have made the personal data concerning you public and are obliged to delete it in accordance with Art. 17 (1) GDPR, we will take all reasonable measures to inform other controllers of this fact that you have requested the deletion of all links to this personal data or of copies or replications of this personal data.

The right to erasure does not apply if processing is necessary:

for exercising the right of freedom of expression and information;
to comply with a legal obligation which requires processing under Union or Member State law to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
for reasons of public interest in the area of public health pursuant to Art. 9 (2) (h) and (i) and Art. 9 (3) GDPR;
for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes pursuant to Art. 89(1) GDPR, insofar as the above-mentioned right is likely to render impossible or seriously impair the achievement of the objectives of this processing, or
for the establishment, exercise, or defense of legal claims.

6.4 Right to restriction of processing (cf. Art. 18 GDPR)

Under the following conditions, you may request that we restrict the processing of your personal data:

if you dispute the accuracy of the personal data concerning you for a period enabling us to verify the accuracy of your personal data;
the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
we no longer need the personal data for the purposes of processing, but you need it to assert, exercise, or defend legal claims, or
if you have objected to the processing pursuant to Art. 21 (1) GDPR and it is not yet clear whether our legitimate reasons outweigh yours.

If the processing of personal data concerning you has been restricted, such data may, with the exception of storage, only be processed with your consent or for the assertion, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State.
If the restriction of processing has been restricted in accordance with the above conditions, we will inform you before the restriction is lifted.

6.5 Right to be informed (cf. Art. 19 GDPR)

If you have asserted your right to rectification, erasure, or restriction of data processing against us, we are obliged to notify all recipients of your personal data of the rectification, erasure, or restriction of data processing. This only applies insofar as this notification does not prove impossible or would involve a disproportionate effort. You have the right to know which recipients have received your data.

6.6 Right to data portability (see Art. 20 GDPR)

You have the right to receive your personal data from us in a commonly used, machinereadable format so that it can be forwarded to another controller, if necessary, provided that

the processing is based on consent pursuant to Art. 6 (1) (a) GDPR or Art. 9 (2) (a) GDPR or on a contract pursuant to Art. 6 (1) (b) GDPR and
the processing is carried out using automated procedures.

When exercising your right to data portability, you have the right to have the personal data transmitted directly from us to another controller, insofar as this is technically feasible.
The right to data portability does not apply to the processing of personal data that is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.

6.7 Right to object to processing (cf. Art. 21 GDPR)

If we base the processing of your personal data on a legitimate interest (pursuant to Art. 6 (1) (f) GDPR), you may object to the processing. The same applies if we base the data processing on Art. 6 (1) (e) GDPR.
When exercising such an objection, we ask you to explain the reasons why we should not process your personal data as we have done. In the event of your justified objection, we will examine the situation and either stop or adjust the data processing or point out to you our compelling legitimate reasons for continuing the processing.

6.8 Right to lodge a complaint with the competent supervisory authority (cf. Art. 77 GDPR)

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the GDPR. The supervisory authority to which the complaint has been lodged shall inform you of the progress and outcome of the complaint, including the possibility of a judicial remedy pursuant to Article 78 GDPR.

7 How to exercise these rights

To exercise these rights, please contact our data protection officer:

Alexander Hönsch from WS Datenschutz GmbH
nas-real@ws-datenschutz.de
or by mail:
WS Datenschutz GmbH
Dircksenstraße
51 D-10178
Berlin

8 Reservation of changes

We reserve the right to change this privacy policy in accordance with legal requirements.
As of March 2025