Privacy policy

I. Introduction and Definitions

1. General

In operating our website at the URL www.livos-gruppe.de (hereinafter referred to as the “Website”), we process personal data. We treat this data as confidential and process it in accordance with applicable laws—in particular the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG). With this privacy policy, we aim to inform you about what personal data we collect from you, for what purposes and on what legal basis we use it, and, if applicable, to whom we disclose it. In addition, we explain the rights you have to protect and enforce your privacy.

2. Definitions

Our privacy policy contains technical terms that are defined and used in the GDPR and the BDSG. To help you better understand, we would like to explain these terms in simple terms in advance:

2.1 Personal Data

“Personal data” refers to any information relating to an identified or identifiable natural person (Art. 4(1) GDPR). Information about an identified person may include, for example, their name or email address. However, data is also considered personal if the identity is not immediately apparent but can be determined by combining one’s own or third-party information to identify the person in question. Examples of information about an identified individual include a name or email address. However, data is also considered personal if the identity is not immediately apparent but can be determined by combining one’s own or third-party information to identify the individual in question. A person can be identified, for example, by providing their address or bank details, date of birth, or username, as well as their IP addresses and/or location data. Relevant here is any information that in any way allows for the identification of a person.

2.2 Processing

Under Article 4(2) of the GDPR, “processing” refers to any operation or set of operations performed on personal data. This includes, in particular, the collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure, transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction of personal data.

II. Data Controller and Data Protection Officer

3. Data Controller

The entity responsible for data processing is:

Company: MA-BA Immobilienbeteiligungsgesellschaft mbH (“we”)
Legal Representative: Matthias Bahr (Managing Director)
Address: Hasenheide 78, 10967 Berlin
Phone: +49 30-84 77 13 22
Fax: +49 30-84 77 13 33
Email: info@livos-gruppe.de

4. Data Protection Officer

We have appointed an external Data Protection Officer for our company. You can contact him at:

Name: Arne Platzbecker
Address: HABEWI GmbH & Co. KG, Palmaille 96, 22767 Hamburg
Phone: 040/ 46008966
Fax: 040/ 46008977
Email: datenschutz@habewi.de

III. Scope of Processing

5. Scope of Processing: Website

Within the scope of the website, we process the personal data listed in detail below in Section IV. We only process data that you actively provide on the website (e.g., by filling out forms) or that you automatically make available when using our services.

Your data is processed exclusively by us and is generally not sold, lent, or disclosed to third parties. If we use external service providers to process your personal data, this is done within the framework of so-called commissioned processing, in which we, as the client, have the authority to issue instructions to our contractors. We use external service providers for hosting to operate our website. We host our website with the external provider Netcup GmbH (address: Daimlerstraße 25, 76185 Karlsruhe), at the data center location in Karlsruhe, Germany. If additional external service providers are used for specific processing activities listed in Section IV, they will be named there.

We do not transfer data to third countries as a matter of principle, nor do we have any plans to do so. We will provide information regarding any exceptions to this principle in the processing activities described below. Any data transfers to third countries will then be carried out on the basis of the so-called EU Standard Contractual Clauses.

IV. Processing in Detail

6. Provision of the Website and Server Log Files

6.1 Description of Processing

Every time you visit the website, we automatically collect information that your browser transmits to our server. This includes the following data:

This information is also stored in our system’s log files. The temporary storage of your IP address by the system is necessary to deliver our website to a user’s device. For this purpose, the user’s IP address must remain stored for the duration of the session. For security reasons, your IP address is also recorded in the log files to defend against attacks on our website (in particular so-called DDoS attacks) and to prevent fraud.

6.2 Purpose

The processing is carried out to enable access to the website and to ensure its stability and security. In addition, the processing serves the purpose of statistical analysis and improvement of our online offering.

6.3 Legal Basis

Processing is necessary to safeguard the legitimate interests of the controller (Art. 6(1)(f) GDPR). Our legitimate interest lies in the purpose specified in Section 6.2.

6.4 Retention Period

The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. In the case of data collected to provide the website, this is the case when the respective session has ended. Log files are deleted after 30 days.

7. Contact via Email

7.1 Description of Processing

You can contact us via the email addresses provided on the website. In this case, we process the personal data transmitted with the email.

7.2 Purpose

The data transmitted with and in your email is used exclusively for the purpose of processing and responding to your inquiry.

7.3 Legal Basis

The processing is necessary to safeguard the legitimate interests of the controller that override the interests, rights, and freedoms of the data subject (Art. 6(1)(f) GDPR). Our legitimate interest lies in the purpose specified in Section 7.2. If the email contact is aimed at concluding or fulfilling a contract, data processing is carried out for the purpose of contract performance (Art. 6(1)(b) GDPR).

7.4 Retention Period

We will delete the data as soon as it is no longer necessary to achieve the purpose for which it was collected. This is usually the case when the relevant communication with you has ended. Communication is deemed to have ended when it can be inferred from the circumstances that your matter has been conclusively resolved. If statutory retention periods prevent deletion, the data will be deleted immediately after the statutory retention period expires.

8. Fonts

Fonts are used to display our website. The standard fonts used on our website are hosted locally on our server. As a result, when you visit our website, no connection is established with external servers operated by font providers, and no personal data—in particular, no IP addresses—is transmitted to third parties.

However, in connection with the use of Google Maps, it may be technically necessary to load additional fonts (“Google Fonts”) from servers operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. This occurs only if you have consented to the use of Google Maps via our Consent Manager. Without your consent, Google Maps, including the associated fonts, will not be loaded.

When these fonts are retrieved, your IP address in particular may be transmitted to Google. For more information on data processing by Google, please visit:

https://policies.google.com/privacy

Processing is carried out solely on the basis of your consent in accordance with Article 6(1)(a) of the GDPR.

9. External Links

Our website contains links to external websites in some cases. Clicking on such a link does not result in any data processing on our website. The respective operator is responsible for data processing on the linked websites.

10. Google Maps

10.1 Description of Processing

Our website uses “Google Maps,” a map display service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter referred to as “Google”). We use Google Maps by embedding a map on our website. The map is loaded directly from a Google server.To enable this, your browser sends a request to a Google server. As a result, your IP address may also be transmitted to Google together with the address of our website. However, Google Maps does not store cookies on your device. If you are logged into Google while visiting our site, Google Maps associates this information with your Google user account. Google stores your data as user profiles and uses them for advertising purposes, market research, and/or to tailor Google’s websites to your needs. You have the right to object to the creation of these user profiles; to exercise this right, you must contact Google directly. For more information on Google’s privacy practices, visit policies.google.com/privacy. A cookie is set to store your consent. This is a so-called “session cookie.” The cookie is automatically deleted after 14 days. You can revoke your consent at any time by deleting the cookies in your browser.

When using Google Maps, additional fonts (“Google Fonts”) may also be loaded from Google’s servers.

10.2 Purpose

The processing is carried out to display an interactive map on our website.

10.3 Legal basis

Processing is based on consent pursuant to Article 6(1)(a) of the GDPR. We obtain this consent via a content blocker on the part of our website where an interactive map is to be displayed. This consent is voluntary. A cookie is set to store your consent. This is a so-called “session cookie.” The cookie is automatically deleted after 14 days. You can revoke your consent at any time by deleting the cookies in your browser.

10.4 Withdrawal of Consent

You may revoke your consent to the display of Google Maps on our website at any time with future effect.

10.5 Recipients and Transfer to Third Countries

Google also processes your personal data in the United States.

11. Google Analytics

11.1 Description of Processing

Our website uses “Google Analytics,” a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter referred to as “Google”).

Google Analytics enables us to analyze the use of our website. To this end, cookies are used that allow for an analysis of your use of the website.

The information generated by the cookies regarding your use of this website is generally transmitted to a Google server and stored there.

During your visit to the website, the following data in particular is processed:

No personal data such as name, address, or contact information is transmitted to Google Analytics.

The IP address is truncated by Google within the EU or the EEA before it is stored (IP anonymization). Only in exceptional cases is the full IP address transmitted to a Google server in the U.S. and truncated there.

The collected data is processed in a pseudonymized form. User-related data is automatically deleted after 14 months. Aggregated data remains stored indefinitely.

Google processes this information on our behalf based on a data processing agreement in accordance with Art. 28 GDPR.

11.2 Purpose

The data is processed to analyze and regularly improve the use of our website, as well as to optimize our marketing and advertising activities.

11.3 Legal Basis

Processing is carried out exclusively on the basis of your consent pursuant to Art. 6(1)(a) GDPR.

Consent is obtained via our cookie settings dialog and is voluntary. A cookie is set to store your consent. This cookie is deleted after two years at the latest, or earlier if you withdraw your consent.

11.4 Withdrawal of Consent

You may withdraw your consent to the use of Google Analytics at any time with future effect by deactivating the relevant cookies via our cookie settings dialog or by installing the browser add-on provided by Google to disable Google Analytics.

11.5 Recipients and Transfer to Third Countries

The recipient of the data is Google. Google also processes your personal data on servers in the United States.

Please note that the United States does not have a level of data protection comparable to that of the EU, and in particular, government agencies may gain access to personal data without effective legal remedies being available.

For more information on data protection at Google, please visit:

https://policies.google.com/privacy

12. Meta Pixel (Facebook Pixel)

12.1 Description of Processing

Our website uses the “Meta Pixel,” a web analytics service provided by Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland (hereinafter referred to as “Meta”).

The Meta Pixel enables us to analyze the use of our website and measure the success of our advertising campaigns on the Facebook and Instagram platforms. To this end, cookies are used that allow for an analysis of your use of the website. The information generated by the cookies regarding your use of this website is generally transmitted to Meta’s servers and stored there.

During your visit to the website, the following data in particular is processed:

No personal data such as your name, address, or contact information is transmitted to Meta.

The collected data is processed in a pseudonymized form. Meta may link this data to your Facebook or Instagram account under certain circumstances, provided you are logged in there.

We and Meta share joint responsibility in accordance with Article 26 of the GDPR. You can view the joint processing agreement here:

https://www.facebook.com/legal/controller_addendum

12.2 Purpose

The data is processed to analyze the effectiveness of our advertising measures on Facebook and Instagram (conversion tracking), to better understand user behavior, and to display personalized advertising.

12.3 Legal Basis

Processing is carried out exclusively on the basis of your consent pursuant to Art. 6(1)(a) GDPR in conjunction with § 25(1) TDDDG.

Consent is obtained via our cookie settings dialog and is voluntary. A cookie is set to store your consent. This cookie is deleted after one year at the latest, or sooner if you withdraw your consent.

12.4 Withdrawal of Consent

You may withdraw your consent to the use of the Meta Pixel at any time with future effect by deactivating the relevant cookies via our cookie settings dialog.

12.5 Recipients and Transfer to Third Countries

The recipient of the data is Meta. Meta also processes your personal data on servers in the United States.

Meta Platforms, Inc. is certified under the EU-US Data Privacy Framework, ensuring an adequate level of data protection within the meaning of Art. 45 GDPR for data transfers to the US.

Please note, however, that the level of data protection in the U.S. is not fully comparable to that in the EU, and in particular, government agencies may gain access to personal data without effective legal remedies being available.

For more information on data protection at Meta, please visit:

https://www.facebook.com/privacy/policy/

13. Processing of Applicant Data

13.1. Description of Processing

We process the personal data you provide to us in connection with your application to assess your suitability for the position (or, if applicable, other open positions in our company) and to conduct the application process. This generally includes general personal information (such as your name, address, and contact details), details regarding your professional qualifications and educational background, information on professional development, knowledge, and skills, as well as other information you disclose to us in connection with your application. This is typically provided through cover letters, resumes, certificates, correspondence, and information provided over the phone or in person.

We wish to evaluate all applicants solely on the basis of their qualifications and therefore ask that you refrain, as much as possible, from including “special categories of personal data” as defined in Article 9 of the General Data Protection Regulation in your application (e.g., a photo that reveals your ethnic origin, information regarding your status as a person with a severe disability, etc.). If your application contains such information, please send us a corresponding declaration of consent; otherwise, your application cannot be considered.

If your application is successful, we will transfer your personal data to your personnel file and process it for the purpose of carrying out and terminating your employment relationship.

If we are unable to offer you employment at this time, we will continue to process your data even after sending the rejection letter in order to defend ourselves against any potential legal claims, particularly those alleging discrimination in the application process.

In addition, we work with an external recruitment agency. If a candidate is recommended to us by this service provider and subsequently hired, we are contractually obligated to pay a placement fee.

To verify and fulfill our contractual obligations, we store and process applicant data, in particular to determine whether a candidate has previously been directly involved in our application process. In this case, no commission is due.

The processing of your data is also carried out to fulfill our contractual obligations toward the recruitment service provider.

If you are not selected for the vacant position, we will add your data to our applicant pool—provided we have your consent to do so.

13.2. Purpose

The processing is carried out to conduct the application process, to decide on the establishment of an employment relationship with us, and to document compliance with legal requirements in the application process.

13.3. Legal Basis

The legal basis for data processing in connection with the application process is § 26(1) BDSG and Art. 6(1)(b) GDPR. If your application is successful, further data processing will take place pursuant to Article 6(1)(b) of the GDPR in conjunction with Article 88(1) of the GDPR and Section 26(1) of the BDSG for the purpose of establishing, carrying out, and terminating the employment relationship. If you have given your consent, e.g., to include your data in our applicant pool, data processing is based on Article 6(1)(a) of the GDPR. The legal basis for data processing following a rejection is, moreover, Article 6(1)(f) of the GDPR. Our legitimate interest lies in defending against legal claims.

13.4. Retention Period

If your application is successful, your data will be transferred to your personnel file and will be deleted in accordance with the regulations applicable to personnel files.

If we are unable to offer you a position at this time, we will continue to process your data for up to six months after sending the rejection letter. If we add your data to our applicant pool after the application process has been completed, we will delete it from the applicant pool either if an employment relationship is established at a later date or, otherwise, two years after it was added.

13.5. Recipients of Your Data, Disclosure of Data to Third Parties, and Transfer to Third Countries

Upon receipt of your application, your applicant data will first be reviewed by the Human Resources department. Suitable applications will then be forwarded internally to the respective department heads responsible for the open position. The further course of the application process will then be coordinated. Within our company, access to your personal data is generally restricted to those individuals who require it for the proper conduct of the application process. Your personal data will not be transferred to third parties. Nor will any data be transferred to third countries, and no such transfer is planned.

V. Security Measures

14. Security Measures

To protect your personal data from unauthorized access, we have equipped our website with an SSL or TLS certificate. SSL stands for “Secure Sockets Layer” and TLS for “Transport Layer Security”; these protocols encrypt data communication between a website and the user’s device. You can recognize active SSL or TLS encryption by a small padlock icon displayed on the far left of the browser’s address bar.

VI. Your Rights

15. Data Subject Rights

With regard to the data processing described above by our company, you are entitled to the following data subject rights:

15.1 Right of Access (Art. 15 GDPR)

You have the right to request confirmation from us as to whether we process personal data concerning you. If this is the case, you have the right, under the conditions set forth in Art. 15 GDPR, to access this personal data and to receive the information specified in detail in Art. 15 GDPR.

15.2 Rectification (Art. 16 GDPR)

You have the right to request that we immediately rectify any inaccurate personal data concerning you and, where applicable, complete any incomplete personal data.

15.3 Erasure (Art. 17 GDPR)

You have the right to request that we erase personal data concerning you without undue delay if any of the grounds listed in detail in Art. 17 GDPR apply, e.g., if your data is no longer necessary for the purposes we pursue.

15.4 Restriction of Data Processing (Art. 18 GDPR)

You have the right to request that we restrict processing if one of the conditions listed in Art. 18 GDPR applies, e.g., if you contest the accuracy of your personal data. In this case, data processing will be restricted for the duration necessary to allow us to verify the accuracy of your data.

15.5 Data Portability (Art. 20 GDPR)

You have the right, under the conditions listed in Art. 20 GDPR, to request that the data concerning you be provided to you in a structured, commonly used, and machine-readable format.

15.6 Withdrawal of Consent (Art. 7(3) GDPR)

You have the right to withdraw your consent at any time regarding processing based on consent. The withdrawal takes effect from the time it is asserted and applies to the future. The lawfulness of the processing carried out prior to the withdrawal remains unaffected.

15.7 Complaint (Art. 77 GDPR)

If you believe that the processing of your personal data violates the GDPR, you have the right to lodge a complaint with a supervisory authority. You may exercise this right, in particular, with a supervisory authority in the EU Member State of your residence, your workplace, or the place where the alleged infringement occurred.

15.8 Prohibition of Automated Decision-Making/Profiling (Art. 22 GDPR)

Decisions that produce legal effects concerning you or significantly affect you may not be based solely on automated processing of personal data—including profiling. We hereby inform you that we do not use automated decision-making, including profiling, with respect to your personal data.

15.9 Right to Object (Art. 21 GDPR)

If we process your personal data on the basis of Art. 6(1)(f) GDPR (to safeguard overriding legitimate interests), you have the right to object to the processing under the conditions set forth in Art. 21 GDPR. This applies if there are grounds arising from your particular situation.

Once you have objected, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms. We are also not required to cease processing if it serves to assert, exercise, or defend legal claims. In any case—even regardless of a specific situation—you have the right to object at any time to the processing of your personal data for direct marketing purposes.

As at: May 2026