data privacy

privacy policy

Data Privacy Information

This privacy statement informs you about how we treat your data. To make the processing of your data transparent, we would like to provide you with the following information to give you an overview of these processing operations. To keep things fair, we additionally want to inform you about your rights pursuant to the EU-General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG).

ONEVEST DEVELOPMENTS GMBH
is the controller of the data processing (hereinafter referred to as ‘we’ or ‘us’).

I.    General Information

1.    Contact,

If you have any questions or feedback concerning this information or wish to contact us to exercise your rights, please send your enquiry to

ONEVEST DEVELOPMENTS GMBH
Große Bleichen 35, 20354 Hamburg, Deutschland
Tel.: +49 (40) 288 09-0
E-Mail: wankum(at)onevest.de

2.   Legal Basis

The legal term ‘personal data’ refers to all information relating to an identified or identifiable natural person.

We process personal data in compliance with the data protection regulations, in particular the GDPR and the BDSG. We solely process data based on law. We process personal data

  • solely with your consent (Art. 6 section 1 letter a) GDPR),
  • to perform a contract to which you are a party or to take steps at your request prior to entering into a contract (Art. 6 section 1 letter b) GDPR),
  • to comply with a legal obligation (Art. 6 section 1 letter c) GDPR) or
  • where processing is necessary for the purposes of our legitimate interests or those of a third party, except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of personal data (Art. 6 section 1 letter f) GDPR).

3.   Period of Storage

Unless otherwise stated in the following, we will only store your data for as long as required to achieve the intended processing purpose or to fulfil our contractual or statutory obligations. In particular, such statutory retention requirements may result from regulations under commercial or tax law.


From the end of the calendar year in which the data was collected, we will retain such personal data contained in our accounting data for ten years and retain personal data present in commercial letters and contracts for six years. In addition, we will retain data in connection with consents requiring proof as well as with complaints and claims for the duration of the statutory limitation periods.

4.   Recipients of Data

For certain processing activities, we rely on service providers. These processing activities include, for example, hosting, maintenance and support for IT systems, customer and client management, accounting or destruction of paper files and data carriers. A ‘processor’ is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller. Processors process data not for their own purposes but solely for the controller and are contractually obliged to implement appropriate technical and organizational measures ensuring data protection. 

Apart from that, we may transfer your data to postal and delivery services, our bank, consultants/auditors or the fiscal authority if necessary. Should your data be transferred to further recipients, you can find this information under the description of the respective processing activity.

5.   Processing in the Exercise of your Rights pursuant to Art. 15 to 22 GDPR

If you exercise your rights pursuant to Art. 15 to 22 GDPR, we process the personal data transferred in order for us to grant you your rights and to acquire proof thereof. For the purpose of providing information and preparing such information, we will process the stored data only for this purpose as well as for purposes of data protection control and otherwise restrict processing in accordance with Art. 18 GDPR. These processing operations are based on Art. 6 section 1 letter c) GDPR in combination with Art. 15 to 22 GDPR and section 34 para. 2 BDSG.

6.    Your rights

As the data subject, you are entitled to exercise your rights against us. In particular, you have the following rights:

  • Pursuant to Art. 15 GDPR and section 34 BDSG, you have the right of access to information confirming whether and, if so, to what extent we are processing personal data concerning you.
  • Pursuant to Art. 16 GDPR, you have the right to rectification of your data.
  • Pursuant to Art. 17 GDPR and section 35 BDSG, you have the right to erasure of your personal data.
  • Pursuant to Art. 18 GDPR, you have the right to require us to restrict the processing of your personal data.
  • Pursuant to Art. 20 GDPR, you have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and the right to transfer such data to another controller.
  • Where you have granted us specific consent to a processing activity, you can withdraw such consent at any time pursuant to Art. 7 section 3 GDPR. Any such withdrawal of consent shall not affect the lawfulness of processing based on that consent prior to its withdrawal.
  • If you are of the view that the processing of your personal data infringes GDPR provisions, you have the right to lodge a complaint with a supervisory authority pursuant to Art.77 GDPR.

7.    Right to object

Pursuant to Art. 21 section 1 GDPR, you have the right to object to processing activities based on Art. 6 section 1 letter e or letter f GDPR on grounds relating to your particular situation. If we process your personal data for the purpose of direct marketing, you may object to such processing pursuant to Art. 21 section 2 and section 3 GDPR.

II.    Data processing on our website


During use of our website, we collect information that you provide yourself. We also automatically collect certain information about your use of the site during your visit to the site. In data protection law, the IP address is also considered personal data. An IP address is assigned to each device connected to the internet by the internet provider so that it can send and receive data.

1.     Processing of Server-Log-Files

When using our website for informative purposes only, general information that your browser transfers to our server is initially stored automatically (not via registration). This includes by default: browser type/-version, operating system used, page called, the previously visited page (referrer URL), IP address, date and time of server request and HTTP status code. The processing is carried out in pursuit of our legitimate interests and is based on Art. 6 section 1 letter f GDPR. This processing serves the technical administration and security of the website. The data collected will be deleted after seven days unless there is a justified suspicion of illegal use based on concrete indications and further examination and processing of the information is necessary for this reason. We are unable to identify you as a data subject based on the information collected. Art. 15 to 22 GDPR therefore do not apply pursuant to Art. 11 section 2 GDPR, unless you provide additional information to enable your identification in order to exercise the rights set out in these articles. 

2.    Contact form and requests

Our website provides a contact form, through which you can enquire an offer from us. Your data is transferred encrypted (note the ‚https‘ in the address bar of your browser). All data fields marked as mandatory are necessary to be filled in for the handling of your request. Failure to provide the required information will result in us being unable to process your request. You have the alternative option to send us an email.

We process the data for the purpose of handling your request. If your request relates to the establishment or execution of a contract with us, the processing of your data is based on Art. 6 section 1 letter b GDPR. In all other cases we process data out of our legitimate interest in contacting the person enquiring. The latter data processing finds its legal basis in art. 6 sec. 1 letter f GDPR.

Status: Juni 2021