Skip to main content

Privacy Statement

General instructions for handling your data
We, AT Estate AG Aktiengesellschaft, commit ourselves as a responsible body to respect and protect your personal data. The following information describes what information we collect from you on our website ( and how we handle it.

1. Responsible body and data protection officer(s)
If you have any questions about your personal data or if you would like to exercise rights or claims to your personal data, you can contact us using the contact options listed below. In order to process your request comprehensively, we will use your personal data, if we have not already saved it, for the purpose of processing your request according to Art. 6 para. 1 lit. b) GDPR.

a) Responsible body within the meaning of the Data Protection Act
AT Estate AG Aktiengesellschaft
Board: Markus Saxen, Marcus Grah, Matthias Opitz
Bahnhofstr. 40
45525 Hattingen
Phone: +49 2324 91 987 0

b) Data protection officer
Stefan Kramer
Fachenfelder Weg 84, 21220 Seevetal
Phone: +49 172 412 65 78

2. Data processed by us, purpose, legal basis

a) Legal basis
Personal information may be processed every time you visit our website. A processing of your personal data takes place only if it is legally permitted (legal basis). This is according to Art. 6 para. 1 GDPR the case, if

  • You have given us your consent, or
  • the processing is required to fulfill our contract with you, or
  • in case of a request by you pre-contractual measures are required, or
  • the processing is needed to protect your vital interests, or those of another natural person, or
  • processing is necessary for the protection of our legitimate interests or that of a third party, unless your interests or fundamental rights and fundamental freedoms requiring the protection of personal data are outweighed (balance of interests).

b) What is personal data
Personal data describes individual details about personal or factual circumstances of a specific or identifiable natural person (affected person). These details are referred to as "personal" data if they can be traced back to a person through proportionate means. The decisive factor is whether a person can or will become identifiable by means of the data (Article 4 (1) GDPR).

c) When do we collect personal data and for what purpose
Where possible, we give you the opportunity to freely decide whether you want to share your information with us.

In order to optimize our online offer, to analyze the economic operation and to guarantee the security of the website, to ensure a smooth connection of the webpage, to prevent misuse and to prevent unauthorized use (legitimate interests), we collect usage data. This is done on the basis of Art. 6 para. 1 lit. f) GDPR.

Some of this data is collected automatically. Your browser automatically sends us information that is automatically stored on our server in an internal log file. This data consists of:

  • Type and version of the browser you are using,
  • Type and version of the operating system you are using,
  • URL of the page where you came to us,
  • Keywords you used to find our site
  • Date and time of retrieval of our website,
  • Names of the subpages you have requested,
  • Your IP address used when the website was accessed,
  • the resolution you use
  • the type of device you are using

This data is called usage data. We collect and process this data in anonymous form, meaning it can not be assigned to a specific person. The purpose of the data collection and processing is to ensure a smooth connection of the website, a comfortable use of our website without interruptions and for other administrative purposes. There are no conclusions on your person made under any circumstances.

The deletion of your usage data (IP address and usage profile) on this website takes place after seven days.


This website does not use cookies.

3. Data security

The security of your personal data is a very high priority for us. We therefore protect your stored data with technical and organizational measures. This ensures that the provisions of data protection laws are adhered to and that any loss or misuse by third parties is effectively prevented. In particular, our employees who process personal information are required to maintain data secrecy and must comply with it.

SSL encryption
Our website uses secure SSL encryption when it comes to the transmission of personal data or personal content of our users. Please make sure that the SSL encryption is activated by appropriate activities on your side. The use of encryption is easy to recognize: The display in your browser line changes from "http: //" to "https: //". SSL encrypted data is not readable by third parties. Therefore, transmit your confidential information only with activated SSL encryption and contact us in case of doubt.

4. Contact

a) by email or by phone / messenger
When contacting us (by phone or e-mail), your details for processing the contact request and their processing in accordance with. Art. 6 para. 1 lit. b) GDPR (precontractual measure) or Art. 6 para. 1 lit. f) (legitimate interest) GDPR. The legitimate interest is to contact you when you make us an inquiry. We use the personal data that you provide to process your request, for the purpose of providing services and for billing purposes. We also use your information to communicate with you. The data is also stored for answering follow-up questions.

The information that you provide with your request, is deleted, if it is no longer necessary. This will happen no later than three months after the end of your request. In the case a contract is signed, we copy your data into our file system. We check the necessity every three months. This does not take account of the statutory filing obligation (see section 8 of this declaration).

b) contact via the contact form
If you would like to use the contact form offered on the website to contact us, we will need the information requested in the form to answer your request. Some data is collected only on a voluntary basis. We use this data exclusively for processing your request and do not pass it on to third parties. The processing of the data entered into the contact form takes place exclusively on the basis of your consent (Art. 6 (1) lit. GDPR). The granted consent to the storage of the data can be revoked at any time. The legality of the already completed data processing operations remains unaffected by the revocation. The data deposited with us for the purpose of establishing contact with us will be stored until you request us to delete it or legal deadlines permit or require deletion from us.

5. Integration of services and content of third parties

We will not disclose your personal information that you have provided to us to third parties, unless the data is required to complete your contract, there are legitimate interests, or you have expressly consented to the disclosure. Insofar as we are legally obliged to do so, we will pass on your data to government agencies and authorities entitled to receive information. Our legitimate interests are, for example, the interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f. GDPR.

When disclosing your personal data, we always ensure the highest possible level of security. Therefore, your data will only be passed on to previously carefully selected and contracted service providers and affiliates in order to protect your personal information in accordance with applicable law. As far as our service providers or partners are based in a country outside the European Economic Area (EEA), we inform you about the consequences of this fact in the description of the offer.

To use our contact request via the WhatsApp, Threema and Telegram messengers, the privacy policy of the messenger service you use applies. For further details, please refer to the corresponding data protection information:

6. Use of Google Analytics, anonymized collection
This site does not use Google Analytics Scripts.

7. Your rights in relation to your personal data
You have the following rights regarding your personal data:

  • according to Art. 15 GDPR, you may request information about your personal data processed by us. In particular, you can request information on the processing purposes, the category of personal data, the categories of recipients to whom your data has been disclosed or the planned storage period, the right to rectification, deletion, limitation of processing or opposition, the existence of a the right to complain, the source of their data, if not collected from us, and the existence of automated decision-making including profiling and, where appropriate, meaningful information about their details;
  • in accordance with Art. 16 GDPR, you can immediately request the correction of incorrect or completed personal data stored by us;
  • according to Art. 17 GDPR, you may request the deletion of your personal data stored by us, unless the processing is required regarding the right of freedom of expression and information, for the fulfillment of a legal obligation, for reasons of public interest or for the assertion, exercise or defense of legal claims;
  • according to Art. 18 GDPR you can demand the restriction of the processing of your personal data, as far as the accuracy of the data is disputed by you, the processing is unlawful, but you reject its deletion and we no longer need the data, but you need the data to in relation to the exercise or defense of legal claims or you have objected to the processing in accordance with Art. 21 GDPR;
  • according to Art. 20 GDPR you have the right to demand the transfer data, i.e. your personal information provided to us may be obtained in a structured, common and machine-readable format, or may require transmission to another person responsible, provided that the processing is based on your consent or a contract with us and the processing has been automated. In the case of data transmission to another person responsible, however, you can only request the transfer if this is technically feasible;
  • according to Art. 7 (3) GDPR, you can revoke your once given consent at any time. As a result, we are not allowed to continue the data processing based on this consent for the future; and
  • according to Art. 77 GDPR you have the right to complain to a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence or work or our office.

Right of objection

If your personal data is processed based on legitimate interests in accordance with Art. 6 para. 1 sentence 1 lit. f. GDPR, you have the right under Art. 21 GDPR at any time to object to the processing of your personal data, as far as there are reasons for this that arise from your particular situation or the objection is directed against direct mail. In the latter case, you have a general right of objection, which is implemented by us without the need for you to state a paticular reason.

If you would like to make use of your right of revocation or objection, please send an e-mail to the persons listed in paragraph 1.

As soon as you have objected to the processing of your personal data, we cease processing. However, this does not apply if we can prove that there are compelling legitimate reasons for processing that outweigh your interests, rights and freedoms, or that serve to assert, exercise or defend legal claims. We will inform you of such compelling reasons. You have the right to complain to a regulator at any time (for example, the supervisor at your place of residence or at the headquarters of our company).

Your rights with regard to your personal data can be exercised the most quickly by sending an e-mail to the address mentioned in paragraph 1 of this statement. There are no costs for exercising your rights.

8. General information on retention periods of your data

The data stored with us is deleted as soon as it is no longer necessary for the intended purpose. For details, see the points in this statement that explain the nature and purpose of the processing of personal data.

Data that we need to store due to legal, statutory or contractual retention requirements (e.g. for tax reasons) will be blocked instead of a deletion in order to prevent use for other purposes. This includes, for example, the storage for 6 years pursuant to § 257 paragraph 1 HGB (for trading books, inventories, opening balances, annual accounts, trade letters, accounting documents, etc.) or the storage for 10 years in accordance with § 147 Abs. 1 AO (books, records , Management reports, accounting documents, commercial and business letters, tax documents, etc.).

9. Changes to the privacy policy

This Privacy Policy is current and is dated May 2018. Due to changes in legislation or data processing, updates to this privacy policy may be required. We therefore recommend that you regularly inform yourself about changes on this page. If the amendment concerns your consent or the provisions of the contractual relationship, these only take place with your consent. For this you will be contacted separately.