Last updated: November 2019

Privacy Policy

1. Controller for data processing
2. Contacting the data protection officer
3. Your rights
3.1. General rights
3.2. Rights relating to data processing in accordance with legitimate interests
3.3. Rights relating to direct marketing
3.4. Right to lodge a complaint with a supervisory authority
4. Collection of personal data when visiting our website
5. Contact via email or contact form
6. Newsletter
6.1. General information
7. Applications
8. Use of social plugins
9. Use of cookies
9.1. Transient cookies
9.2. Persistent cookies
9.3. Flash cookies
9.4. Blocking cookies
9.5. Legal bases and storage period
10. Website analysis
10.1. Google Analytics
11. Data transfer 
12. Data security

We have provided the following information about the collection of personal data when using our website. Personal data includes all data that can be obtained about your person, such as your name, address, email address and user behaviour. We have taken extensive technical and operational precautionary measures to protect your data against accidental or intentional manipulation, loss, destruction or access by unauthorised third parties. Our security procedures are regularly reviewed and adapted to meet the latest technological developments.

1. Controller for data processing
The controller as defined by Article 4 (7) of the EU General Data Protection Regulation (GDPR) is CBRE GmbH, OMNITURM, Große Gallusstraße 18, 60312 Frankfurt, email: [email protected] (see our Imprint).


2. Contacting the data protection officer
Astrid Ackermann
intersoft consulting services AG
Beim Strohhause 17
D-20097 Hamburg
Fon +49(40) 790 235 – 0
Fax +49(40) 790 235 – 170
[email protected]

3. Your rights
You have the following rights against us with regard to personal data relating to you:

3.1 General rights
You have the right to access, rectification, erasure, restriction of processing, the right to object to processing and the right to data portability. To the extent that processing depends on your consent, you have the right to revoke this consent from us with effect for the future.

3.2. Rights relating to data processing in accordance with legitimate interests
In accordance with Article 21 (1) GDPR, you have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data relating to you based on Article 6 (1) e GDPR (data processing in the public interest) or Article 6 (1) f GDPR (data processing to safeguard a legitimate interest), including profiling based on this provision. If you object to this, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

3.3. Rights relating to direct marketing
To the extent that we process your personal data for direct marketing purposes, you have the right to object at any time to processing of personal data relating to you for such marketing, which includes profiling to the extent that it is related to such direct marketing, in accordance with Article 21 (2) GDPR.

If you object to processing for direct marketing purposes, we will no longer process your personal data for such purposes.

3.4. Right to lodge a complaint with a supervisory authority
You also have the right to lodge a complaint with a competent data protection supervisory authority regarding our processing of your personal data.


4. Collection of personal data when visiting our website
We collect the personal data transmitted to our servers by your browser for purely informational use by the website, i.e. if you do not register or transmit any other information to us. When you visit our website, we collect the following data that is technically necessary in order for us to display our website to you and ensure its stability and security. The legal basis for this is Article 6 (1) f GDPR:

IP address, date and time of request, time zone difference to Greenwich Mean Time (GMT), content of request (specific page), access status/HTTP status code, data volume transmitted in each case, website from which the request is received, browser, operating system and its interface, and the language and version of the browser software.


5. Contact via email or contact form
When you contact us via email, we store the data you provide (your email address and, where applicable, your name and telephone number) for the purpose of responding to your enquiries. Where we request inputs via our contact form that are not required in order to make contact, we have marked all of these inputs as optional. This information helps us to better understand and process your enquiry. This information is communicated expressly on a voluntary basis and with your consent in accordance with Article 6 (1) a GDPR. Where this information relates to communication channels (e.g. email address, telephone number), you also agree that we can contact you via these communication channels where necessary to respond to your request. Of course, you can revoke this consent at any time with effect for the future.

We delete the personal data collected in this context once its storage is no longer required or limit its processing where there is a legal obligation to retain it.


6. Newsletter
6.1. General information
With your consent as set out in Article 6 (1) a GDPR, you can subscribe to our newsletter to receive information about our latest offers.

We use the ‘double opt-in’ process for registering to receive our newsletter. 
This means that after you register, we send an email to the email address you have provided in which we ask you to confirm that you wish to receive the newsletter. 

We also store the IP address you have used for this together with the registration and confirmation dates. The purpose of this process is to prove your registration and investigate the possible misuse of your personal data where appropriate.

After you have submitted confirmation, we store your email address for the purpose of distributing the newsletter. The legal basis for this is Article 6 (1) a GDPR.

You can revoke your consent for sending the newsletter at any time and unsubscribe from the newsletter. You can provide notice of this revocation by clicking on the link provided in each newsletter email or by submitting a request to the aforementioned data protection officer.


7. Applications
You can apply electronically to join our company, particularly via email. We will use your details solely for the purposes of processing your application and will not pass this information on to third parties. Please note that emails sent in an unencrypted state are not protected against unauthorised access. 

You can also apply to join our company online via our application portal. Your online application will be forwarded directly to the HR department via an encrypted connection and will be treated confidentially as a matter of course. We will use your details solely for the purposes of processing your application and will not pass this information on to third parties. Further information about data processing during the application process can be found in the Privacy Policy on our application portal.

If you have applied for a specific role that has already been filled or if we believe that you are equally or better suited to another role, we will gladly pass on your application within our company. Please inform us if you do not consent to this. 

Your personal data will be erased as soon as the application process is complete or after a maximum of six months if you have not expressly given your consent for your data to be stored for a longer period or if the process does not result in an employment contract. The legal basis for this is Article 6 (1) a, b and f GDPR and Section 26 of the German Federal Data Protection Act (BDSG).


8. Use of social plugins
This website uses social plugins provided by:

- Twitter (operator: Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA)

These plugins generally collect data from you as standard and transmit this to the relevant provider's server. To protect your privacy, we have adopted technical measures to ensure that the provider of the relevant plugin cannot collect your data without your consent. Whenever you view a page with integrated plugins, the plugins are initially deactivated. They are only activated when you click on the relevant symbol and, in doing so, give your approval for your data to be transmitted to the relevant provider. The legal basis for the use of plugins is Article 6 (1) a and f GDPR.

Once activated, the plugins also collect personal data such as your IP address and send it to the relevant provider’s server, where it is stored. Activated social plugins also place a cookie with a unique identifier when visiting the relevant website. This allows the provider to create a profile about your usage behaviour. This happens even if you are not a member of the provider’s social network. If you are a member of the provider’s social network and are logged in to that network during your visit to this website, your data and information about your visit to this website can be linked to your profile on the social network. We have no influence over the precise extent of the data collected from you by the relevant provider. For further information about the extent, nature and purpose of data processing and rights and settings options to protect your privacy, please refer to the privacy policy for the relevant provider’s social network. This can be found at the following address:

Twitter: https://twitter.com/privacy/ 


9. Use of cookies:
Cookies are stored on your computer when you use our website. They are small text files that are stored on your hard drive and assigned to the browser you use, enabling certain information to flow through the location where the cookie is placed. Cookies cannot run programs or transmit viruses onto your computer. They help to make online offerings generally more user-friendly and effective. We also use cookies to enable us to identify you for subsequent visits if you have an account with us, thus saving you from having to log in every time you visit. 
This website uses the following kinds of cookies, the scope and functionality of which are explained below:
 

    Cookie
    Type
    Name Purpose Expiry
    Analytics _utma Used to record anonymous data about your visit.
    The information is aggregated to our Google Analytics account. We do not share this data in any form.
    2 years
    Analytics
    _utmb
    Same as above.
    30 minutes
    Analytics
    _utmb Same as above.
    When you close your browser
    Analytics _utmz Same as above. 6 months
    Analytics
    MF_user This cookie establishes whether the user is a
    returning or first-time visitor for the purpose of analytics. This is done
    simply by a yes/no toggle - no further information about the user is stored.
    90 days
    Analytics _GA Allows web analytics to identify unique users
    across browsing sessions, but it cannot identify unique users across different browsers
    or devices.
    90 days
    Analytics _Gid Allows web analytics to identify unique users
    across browsing sessions, but it cannot identify unique users across different
    browsers or devices.
    90 days
    Analytics SC_ANALYTICS_
    GLOBAL_COOKIE
    Identifies repeat visits from an anonymous
    single user across CBRE websites.
    1 year
    Performance Adrum
    Performance Cookie for technical monitoring of
    the server load
    On session close
    Performance ASP.NET_SessionId Collects and reports on aggregate non-identifiable information, which can then be used to report on the performance of the website and provide insights on how the site is currently used and how it can be improved. 1 year
    User Login State GRG_jwtToken Identifies if a user is logged in to the CBRE Global Research Gateway. The Login is able to persist up to 90 days or on log out by the user.
    90 days
    User Login Stat auth_id_token Identifies a user is authenticated by Single Sign on and able to download CBRE Research
    90 days

    9.1. Transient cookies 
    These cookies are automatically deleted when you close the browser. In particular, this includes session cookies, which store what is known as a ‘session ID’ that allows your browser to allocate different requests to the same session. This means your computer can be recognised when you return to our website. Session cookies are deleted when you log out or close the browser.

    9.2. Persistent cookies 
    These cookies are automatically deleted after a specific length of time, which can differ depending on the cookie. You can delete these cookies in the security settings of your browser at any time.

    9.3. Flash cookies
    The Flash cookies used are not collected by your browser but by your Flash plugin. We also use HTML5 storage objects that are stored on your device. These objects store the necessary data regardless of the browser you are using and do not have an automatic expiry date. If you do not want the Flash cookies to process data, you must install the appropriate add-on, e.g. ‘Better Privacy’ for Mozilla Firefox (https://addons.mozilla.org/de/firefox/addon/betterprivacy/) or the Adobe Flash Killer Cookie for Google Chrome. You can prevent the use of HTML5 storage objects by using your browser in private mode. We also recommend that you manually delete your cookies and browser history periodically.

    9.4. Blocking cookies
    You can configure your browser settings according to your requirements; for example, this can include refusing to accept third party cookies or all cookies. Please be aware that this may mean you are unable to use all the functions of this website.

    9.5. Legal bases and storage period
    The legal bases for the potential processing of personal data and its storage period vary and are detailed in the following paragraphs.


    10. Website analysis
    We use different services outlined below for the purposes of analysing and optimising our websites. For example, these services enable us to analyse how many users visit our website, which information is most in demand or how users locate the offering. We collect data including the page from which the person in question arrived at a website (the ‘referrer’), which subpages on the website are accessed, or how often a subpage is viewed and how long the viewer stays there. This helps us to design our offering in a user-friendly way and to improve it. The data collected for this purpose is not used to personally identify individual users. The data collected is anonymous or pseudonymous at most. The legal basis for this is Article 6 (1) f GDPR. 

    10.1. Google Analytics
    This website uses Google Analytics, a web analysis service provided by Google Inc, (1600 Amphitheatre Parkway Mountain View, CA 94043, USA). This use includes the Universal Analytics operating mode. This makes it possible to allocate data, sessions and interactions to a pseudonymous user ID across several devices and thus analyse a user’s activities across those devices.

    Google Analytics uses cookies to enable analysis of your use of the website. The information about your website usage generated by this cookies is generally transmitted to a Google server in the USA and stored there. However, if IP anonymisation is activated on this website, your IP address is first truncated by Google within the member states of the European Union or in other Contracting States to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. The IP address transmitted by your browser as part of Google Analytics is not combined with other data by Google. Google will use this information on behalf of the operator of this website to evaluate your use of the website, compile reports on website activities and provide additional services to the website operator associated with website and internet usage. These purposes also represent our justified interest in data processing. The legal basis for the use of Google Analytics is Section 15 (3) of the German Telemedia Act (TMG) and Article 6 (1) f GDPR. The data transmitted by us and linked with cookies, usernames (e.g. user ID) or advertising IDs is automatically deleted after a maximum of 24 months. Data that has reached its storage period is automatically deleted once a month. For further information about terms of use and privacy, visit https://www.google.com/analytics/terms/de.html or https://policies.google.com/?hl=de 

    You can prevent the storage of cookies by adjusting the settings in your browser software accordingly; however, please be aware that if you do so, you may not be able to make full use of all the functionality on this website. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) as well as the processing of this data by Google by downloading and installing https://tools.google.com/dlpage/gaoptout?hl=de. Opting out of cookies prevent the future collection of your data when visiting this website. To prevent data collection by Universal Analytics across different devices, you must opt out on all of the systems you use.


    11. Data transfer
    In principle, your data is not transmitted to third parties unless we are legally obliged to do so, where the data transfer is required for performance of the contractual relationship or if you have expressly agreed to the transfer of your data in advance. 

    External service providers and partner companies only receive your data where this is necessary to process your enquiry. In these cases, however, the scope of the transmitted data is restricted to the necessary minimum. To the extent that our service providers come into contact with your personal data, we ensure that they observe the provisions of data protection legislation in the same way when processing your data in accordance with Article 28 GDPR. Please also note the provider’s privacy policy in each case. The relevant service provider is responsible for the content of third party services, in which case we review the services for their compliance with statutory requirements as far as is reasonable.

    We believe it is important that your data is processed within the EU / EEA. However, we may appoint service providers who process data outside the EU / EEA. In these cases, we ensure that the recipient has established an appropriate level of data protection before transmitting your personal data. This means that a level of data protection comparable with standards within the EU has been reached via EU standard agreements or an adequacy decision such as the EU Privacy Shield.


    12. Data security
    We have taken extensive technical and operational precautionary measures to protect your data against accidental or intentional manipulation, loss, destruction or access by unauthorised third parties. Our security procedures are regularly reviewed and adapted to meet the latest technological developments.