Data Privacy

www.offmade.io
Status: 06.02.2020
1. Subject and scope of this privacy policy
With the following data protection declaration we would like to inform you about the type, scope and purpose of the collection and processing of your personal data, which is required when using the website "www. offmade.io" (hereinafter also "Website") and our mobile app (hereinafter "App") as well as the use of the services offered by offmade GmbH (see our Imprint, hereinafter “offmade”, “we”, “us”) within the framework of our software platform (hereinafter "Platform") for the purpose of off-market transactions (hereinafter jointly "Services"). offmade is committed to protecting your personal data.

The personal data collected when using our services is only processed by offmade and by third parties listed in this privacy policy. Beyond that offmade does not usually pass on personal data to other third parties. Personal data will only be passed on to other third parties in the exceptional case that offmade is obliged to pass on the collected data due to an official or court order.

As far as we link to the offers of third parties (e.g. social networks) within the framework of our website, the data protection regulations of these third parties apply. If you click on such a link, we are not responsible for further data processing.
2. Person responsible for data collection
Responsible for the collection and processing of your personal data in accordance with the EU Data Protection Regulation (Regulation (EU) 2016/679) (hereinafter also referred to as "DSGVO") is the:
offmade GmbH
represented by Lucas and Lennart Christel
Charlottenburg Local Court HRB 207883 Bc/o
Axel Springer Porsche GmbH & Co KG Markgrafenstraße 12-14
10969 Berlin
E-Mail address: contact@offmade.io
Phone: +49 152 33682892
Impressum: https://www.offmade.io/impressum
3. Personal data and their processing
Personal data is individual information about personal or factual circumstances of a specific or identifiable natural person. Depending on the extent to which you use the website offered by us, different data is collected and processed as described below.

3.1. Access to the website
When you visit our website, we only collect the personal data that your browser transmits to our server (server log files, hereinafter also referred to as "log files"). Every access to our website is therefore logged. The log files created from this contain the following data:
- IP address of the requesting computer,
- Date and time of access,
- Name and URL of the retrieved file,
- Website from which the access takes place (referrer URL),
- the browser used and, if applicable, the operating system of your computer and the name of your access provider.

We process these log files on the basis of our legitimate interests in accordance with Art. 6 Para. 1 S. 1 lit. f DSGVO in order to be able to display our website to you, to ensure its stability and security (e.g. by investigating acts of abuse or fraud) and for other administrative purposes. The data cannot be assigned to you as a specific person. This data is not merged with other data sources.

3.2. Contact
When you contact us (e.g. by e-mail, letter or telephone), your details will be stored for the purpose of processing your contact request and for its handling. The legal basis for this is your express consent pursuant to Art. 6 para. 1 sentence 1 lit. a DSGVO to be able to answer your enquiry or Art. 6 para. 1 sentence 1 lit. b DSGVO if the subject of your enquiry is (pre-)contractual information. You can revoke your consent to the processing of the data provided in accordance with section 4.1 of this data protection declaration at any time.


3.3. Registration for user access and membership
In order to be able to use the services offered on our website, you must first apply for a user access (hereinafter "Account") for the platform by providing a valid e-mail address and choose a password of your own choice in accordance with the security requirements of offmade.

Afterwards, your following personal data will be requested during the registration process:
- First and last name,
- Date of birth,
- Address and telephone number,
- User categorisation
- Optional: Business information (previous market experience, market focus, buy and sell focus, traded volume)
- If applicable, information about the company (address and contact details)
- for brokers, confirmation that a § 34c Gewerbeordnung (GewO) permit or - if acquired outside Germany - a similar permit is available

We require this information in accordance with Art. 6 para. 1 sentence 1 lit. b and c DSGVO in order to be able to identify you as a contractual partner and in accordance with the provisions of the Money Laundering Act, at the latest when the main contract is initiated. If you optionally provide information about your business experience in real estate transactions, we will process this information on the basis of your express consent in accordance with Art. 6 para. 1 sentence 1 lit. a DSGVO, which you can revoke at any time by having the information deleted from your user profile without having to fear any disadvantages. offmade will not process this optional information afterwards.

3.4. Identification procedure
In order to be able to use our platform, it is necessary for security reasons and for more precise identification to compare the information you have provided about yourself. We are also obliged to do so under the Money Laundering Act (hereinafter "GWG") at the latest when the main contract is initiated. The legal bases for conducting this procedure are therefore Art. 6 para. 1 sentence 1 lit. c DSGVO and Art. 9 para. 3 lit. g DSGVO in conjunction with § Section 11a GWG, insofar as special personal data are concerned, as well as Art. 6 para. 1 sentence 1 lit. f DSGVO due to our legitimate interest in preventing the misuse of our platform by users, in particular by providing untrue information with fraudulent intent.
For this purpose, you can use the "NECT IDENT" service of Nect GmbH, Spaldingstraße 218, 20097 Hamburg (hereinafter referred to as "Nect"). The personal data processed by Nect include, among others, a video or photo recording of you or your face, as well as the data on your identity card. If the identity of a user can be successfully verified, offmade receives a "Success Message". In order to be able to assign the verification to an individual person, each user is given an individual identification number ("identification number" or "ID"). Nect processes your information within the verification process in its own data protection responsibility. For more information on the personal data processed by Nect, please visit https://nect.com/privacy/
Alternatively, you can contact us directly (see our contact details in section 2 or our imprint) to obtain identification by means of a valid identification document.
Identification in accordance with the GWG is carried out in the case of legal entities on the basis of company data, including the names of the members of the respective representative body or the names of the respective legal representatives, and in the case of natural persons on the basis of the following personal data of the principal and any beneficial owners (Section 11 (4) GWG):
- First and last name
- Place of birth
- nationality, and
- postal address.

The above information, as well as any further information in the case of politically exposed persons, is collected and processed in the context of a specific mandate to offmade.

3.5. Use of the services
After successful registration in accordance with section 3.3 of this data protection declaration, we will continue to process all information which you send us for the purpose of a property offer or application within the framework of platform use in accordance with Art. 6 para. 1 sentence 1 lit. b DSGVO for the purpose of implementing the contractual relationship.

3.6. Internal processing
We process the personal data mentioned above under points 3.1. to 3.5. within the scope of administrative tasks as well as for the organisation of our operations, financial accounting and for compliance with legal obligations, such as archiving. The legal basis for this is Art. 6 (1) sentence 1 lit. b, c or f DS-GVO. Both visitors to our website and users of our services are affected by the processing. The purpose and our interest in processing is therefore to maintain our business activities, to fulfil our legal duties and to provide our contractual services.

3.7. Duration of storage and deletion of personal data
We process and store personal data only for the period of time required to achieve the purpose of processing or for as long and to the extent required by law, but at least for the duration of the statutory limitation periods.If the purpose of storage ceases to apply, if you revoke your consent or if a legally prescribed storage period expires, the personal data will be blocked or deleted routinely and in accordance with the statutory provisions.

3.8. Cookies and similar technologies
offmade uses so-called cookies. This is small text information that is stored on your terminal device by your browser when you visit our website. Cookies do not cause any damage to your end device, do not contain viruses, trojans or other malware. The cookie stores information that is related to the specific terminal device used. This does not mean, however, that we will gain immediate knowledge of your identity. The legal basis for the data processed by cookies is Art. 6 Para. 1 S. 1 a DSGVO if you give us your express consent, Art. 6 Para. 1 S. 1 b DSGVO if the cookies are technically necessary in order to be able to offer you certain functions of the website (e.g. language settings), including the platform, or Art. 6 Para. 1 S. 1 f DSGVO if we can demonstrate an overriding legitimate interest in this respect.

We also use cookies in order to statistically record the use of our services by our service providers and to evaluate this data for the purpose of optimising our offer for you or to be able to place personalised advertising. Such cookies from our service providers are only set when you log on to our platform. You will find more detailed information on the service providers we commission and the cookies they use under section 3.9. in the description of the respective third-party service provider.

You can allow or disable these cookies via the settings in your browser or via the cookie banner that appears when you visit the landing page. Cookies already stored can be deleted at any time. This can also be done automatically. However, offmade hereby points out that in this case it cannot be excluded that some contents of the website are not or not completely usable. For more information on how to prevent the setting of certain cookies, please refer to section 3.9 for the different service providers.

Service providers may also use so-called "pixel tags" (invisible graphics, also known as "web beacons") for statistical or marketing purposes. Pixel tags allow information such as visitor traffic on the website to be evaluated. For more information on this, see also point 3.9.

3.9. Included third party content and services
Within the scope of our services we use the services of various service providers, about which we inform you in the following, sorted according to the underlying purposes.

A. Web hosting, including content delivery network and mailing
We use server capacities of providers through whom we are able to offer you our services online via our website („web hosting“). In this process, all information is transmitted to the web hosting provider that is generated in the course of using our services (see points 3.1. to 3.5.).

In this context, services for hosting and sending e-mails as well as content delivery networks (hereinafter „CDN“) are also used. CDN is a service that creates duplicates of website content on different servers, resulting in faster website load time, higher reliability, protection against brute force attacks and increased protection against data loss. To this end, your IP address is transmitted anonymously to the servers of the providers when the website is accessed, which may also be located in other EU countries.

The above-mentioned purposes also give rise to the legitimate interests of offmade within the meaning of Art. 6 para. 1 sentence 1 lit. f DSGVO.

The following providers are used for this:
- Amazon Web Services. For web hosting and other infrastructural services (see also Section 3.9 lit. c) we use the service of Amazon Web Services Inc., 410 Terry Avenue North, Seattle WA 98109, USA (hereinafter "AWS"). All data collected within the scope of our services is automatically encrypted and exclusively stored in a German data center (Frankfurt/Main), which is certified according to ISO 27001, 27017 and 2018 as well as PCI DSS Level 1. The transmitted data is stored on the AWS servers until we delete it. Data protection information: https://d1.awsstatic.com/legal/privacypolicy/13677832_1_DEMATTERS(AWS_Privacy_Notice_Update-GERMAN).pdf; https://aws.amazon.com/de/compliance/gdpr-center/; https://aws.amazon.com/de/compliance/data-privacy-faq/
- Webflow. We use the CDN of the provider Webflow, Inc. 208 Utah, Suite 210, San Francisco, CA 94103, USA (hereinafter "Webflow"). Here it is possible that your personal data is transmitted to webflow servers located in the USA. Webflow has subjected itself to the EU-US Privacy Shield, which guarantees an adequate level of data protection in accordance with Art. 45 DSGVO (https://www.privacyshield.gov/participant?id=a2zt0000000TT9jAAGtatus=Active). Data protection information: https://webflow.com/legal/eu-privacy-policy.
- Netlify: We use the Netlify service from Netlify Inc, 2325 3rd St 215 San Francisco (hereinafter "Netlify") for front-end hosting. Log files on your use (see also Section 3.1.) are transmitted to Netlify servers, stored there for a period of 30 days and then deleted. Netlify has committed itself to an adequate level of data protection in accordance with standard contractual clauses Data protection information: https://www.netlify.com/privacy/; https://www.netlify.com/gdpr/.
- Mailgun: We use as mail server the service Mailgun of Mailgun Technologies Inc, 112 E Pecan St. #1135 San Antonio, TX 78205 (hereinafter "Mailgun"). Mailgun has subjected itself to the EU-US Privacy Shield, which guarantees an adequate level of data protection according to Art. 45 DSGVO (https://www.privacyshield.gov/participant?id=a2zt0000000PCbmAAGtatus=Active). Privacy information: https://www.netlify.com/privacy/.

B. Stability and error control
Bugsnag. For stability control and error monitoring we use the service bugsnag from Bugsnac Inc, 110 Sutter St, Suite 1000 San Francisco, CA 94104, United States (hereinafter "Bugsnag"). In the event of a software error, the following information is automatically sent to Bugsnag:
- Device information (operating system, browser version, browser type),
- the IP address of the device used,
- Details of the page visited at the time of the error,
- Error time.

The necessary processing of personal data is carried out in accordance with Art. 6 Para. 1 S. 1 lit. a DSGVO, insofar as you have given us your express consent, or in accordance with Art. 6 Para. 1 S.1 lit. f DSGVO, due to our legitimate interest in improving the accessibility and technical stability of our website by monitoring the functionality, system stability and detection of code errors. Bugsnag has subjected itself to the EU-US Privacy Shield, which guarantees an adequate level of data protection in accordance with Art. 45 DSGVO (https://www.privacyshield.gov/participant?id=a2zt0000000TSeVAAWtatus=Active). Data protection information: https://docs.bugsnag.com/legal/privacy-policy/.

C. Cloud services
For the purpose of our internal administration in accordance with section 3.6 of this data protection declaration, in particular for archiving purposes, we use the cloud solutions of various providers who provide us with storage capacity on their servers accessible via the Internet. The use of third-party storage capacities is a legitimate interest of offmade in the sense of Art. 6 Paragraph 1 Sentence 1 lit. f DSGVO. The data transmitted to the cloud providers in this process is stored on the respective servers until we delete it.

The following cloud providers are used for this:
- Amazon Web Services. For more information about Amazon Web Services, please refer to section 3.9. a of this privacy policy.
- Google Cloud. Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (collectively "Google"). The data is transmitted exclusively to Google servers located in Germany, Frankfurt am Main, and stored there until we delete it. Data protection information: https://www.google.com/policies/privacy, https://cloud.google.com/security/privacy; https://cloud.google.com/terms/data-processing-terms.

D. Evaluation of user behaviour
We use the services of various providers for the purpose of evaluating and optimizing the use of our website. The processing of personal data required for this purpose is carried out in accordance with Art. 6 Para. 1 S. 1 lit. a DSGVO, insofar as you have given us your express consent, or in accordance with Art. 6 Para. 1 S.1 lit. f DSGVO, due to our legitimate interest in improving the end user experience and the performance of the website.

The following providers are used for this
Hotjar. Hotjar Ltd. St Julian's Business Centre, 3, Elia Zammit Street, St Julian's STJ 1000, Malta (hereinafter "Hotjar"). Cookies (for more information on cookies, see section 3.8.) are used and the following information is collected:
- IP address of the terminal device (it is collected and stored in anonymised format),
- Resolution of the screen/display,
- Type of terminal device, operating system, browser type, geographical location (country only),
- preferred language and mouse events (movements, position and clicks).

The collected data is transferred and stored via an encrypted connection to servers located in Ireland (EU). Hotjar stores this data in a pseudonymous user profile. Neither Hotjar nor we will use this information to identify individual users, nor will the information be merged with other information about individual users. Processing by Hotjar shall be based on an agreement under data protection law and shall be carried out exclusively within the scope of our instructions.

You may opt-out of Hotjar's collection of your information at any time by clicking "Disable Hotjar" at https://www.hotjar.com/legal/compliance/opt-out. Data protection information: www.hotjar.com/privacy.
Google Analytics. We use the Google Analytics service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter collectively "Google"). Google uses cookies (for more details see section 3.8.), which enable an analysis of your use of the website and in particular generate the following information:
- Browser type/version,
- the operating system used,
- Referrer URL (the previously visited page),
- Host name of the accessing computer (IP address),
- Time of the server request.

The information generated by the cookies about your use of our website can be transferred to a Google server in the USA and stored there. Google LLC has subjected itself to the EU-US Privacy Shield, which guarantees an adequate level of data protection in accordance with Art. 45 DSGVO (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAItatus=Active). We only use Google Analytics with active IP anonymisation. Therefore, your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area before. Only in exceptional cases is the full IP address transferred to a Google server in the USA and shortened there.
The IP address transmitted by your browser in the context of Google is not merged with other data from Google. You can prevent
the collection of your personal data by the cookies (including your IP address) and the processing of this data by Google by downloading and installing the browser plugin available under the following link: http://tools.google.com/dlpage/gaoptout?hl=de. Data protection information: http://www.google.com/analytics/terms/de.html (user conditions); http://www.google.com/intl/de/analytics/learn/privacy.html (overview of data protection); http://www.google.de/intl/de/policies/privacy (data protection declaration)

E. Marketing
Facebook-Pixel. offmade uses the visitor action pixel of Facebook, a service provided by Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, parent company, to display advertising: Facebook Inc, 1 Hacker Way, Menlo Park, CA 94025, USA (collectively "Facebook"). The Facebook pixel can be used to track that you have been redirected to our website by clicking on a Facebook advertisement. The visitor action pixel is integrated directly by Facebook when you call up our website and can store a cookie on your device (for more details, see section 3.8.). This allows the effectiveness of Facebook Ads to be evaluated for statistical and market research purposes and future advertising measures to be optimised. The data collected by the cookie is processed in accordance with Art. 6 Para. 1 S. 1 lit. a DSGVO, insofar as you have given us your express consent, or in accordance with Art. 6 Para. 1 S.1 lit. f DSGVO, due to our legitimate interest in making our website more interesting for you. The data is stored and processed by Facebook so that a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes in accordance with the Facebook data protection guidelines. This allows Facebook to enable the placement of ads on pages within Facebook and outside of Facebook. Offmade therefore has no influence on the scope of this data collection. The data collected by the cookie is stored on Facebook servers, which may be located in the USA. Facebook Inc. has subjected itself to the EU-US Privacy Shield, which guarantees an adequate level of data protection in accordance with Art. 45 DSGVO (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAACtatus=Active). You can edit the usage-based advertising setting in the Advertising Settings section of https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. You must be logged in to Facebook for this. Data protection information: https://www.facebook.com/policy.php; https://www.facebook.com/policies/cookies

4. Your rights in relation to your personal data

With regard to your personal data you are entitled to the following rights, which you can assert against offmade by sending an e-mail to contact@offmade.io, unless otherwise stated. offmade will fulfill your aforementioned rights to the extent that the legal requirements for the assertion of the rights are met.

4.1. Right to withdraw consent
If we process your personal data on the basis of your consent, you can revoke this consent at any time and with effect for the future in accordance with Art. 7 Para. 3 DSGVO. Processing that took place before the revocation remains unaffected.

4.2. Right to information
In accordance with Art. 15 DSGVO, you have the right to receive information from us free of charge about the extent to which we process personal data from you and to receive a copy of this information.

4.3. Right of rectification and completion
If the personal data collected and processed concerning you is incorrect or incomplete, you have the right to correct and/or complete your personal data in accordance with Article 16 of the DSGVO.

4.4. Right to restrict processing
In accordance with Art. 18 DSGVO, you can demand from offmade that the processing of personal data concerning you be restricted.

4.5. Right of cancellation
You can demand from offmade in accordance with Art. 17 DSGVO that the personal data concerning you be deleted immediately.

4.6. Right to data portability
In accordance with Art. 20 DSGVO, you have the right to receive personal data concerning you, processed off-make, in a structured, common and machine-readable format. Furthermore, you have the right to transfer this data to another responsible person without hindrance by offmade.

4.7. Right of objection  
According to Art. 21 DSGVO, you have the right to object to the processing of personal data concerning you. Pursuant to Art. 21 Para. 1 DSGVO, you may at any time, for reasons arising from your particular situation, object to the collection and processing of personal data concerning you, which is carried out on the basis of Article 6 Para. 1 lit. f DSGVO.


4.8. Right of appeal to a supervisory authority
Under Art. 77 DSGVO, you have the right to complain to a supervisory authority if you believe that the collection and processing of personal data concerning you is in breach of the DSGVO.

5. German and English

The Data Privacy Statement is available in German and English. In the event of any discrepancy or contradiction between the German and English versions, the German version shall prevail.


Cookie-Einstellungen widerrufen