Privacy Policy

1. General

The protection of your privacy and the lawful processing of your personal data are very important to us. As the controller, we wish to make our processing activities transparent to you and to inform you, in the following data privacy statement, about how your personal data shall be processed if you use this website, contact us, express an interest in one of our real estate offers and request information concerning this or other real estate offers and/or conclude a contract with us.

2. Definitions

The terms regarding data protection legislation used in this data privacy statement, such as “personal data”, “processing” and “controller”, are defined in Art. 4 of the General Data Protection Regulation (GDPR).

3. Name and contact details of the controller responsible for the processing and of the data protection officer

The controller responsible for your personal data is:

Tuchlauben Immobilien GmbH, companies’ register no. FN 361719s, Freyung 3, A-1010 Vienna, e-mail:

In addition to the controller, you can also get in touch with the relevant data protection officer using the following contact details:

SIGNA, 1010 Wien
Freyung 3
Attn. Datenschutzkoordinator

4. Categories of personal data which we process about you / sources of data

Personal data are any information relating to an identified or identifiable person, and therefore information that can be assigned to you individually. Examples include your name, address, telephone number, e-mail address or IP address. As described below, we process various personal data relating to you that we have received from you within the framework of our (business) relationship with you. We also process data that we have legitimately received from brokers and advisors or from publicly accessible sources (e.g. companies’ register, land register, etc.).

Use of our website:
If you use our website, certain information shall be collected (further details under “Server log files”). In addition, data shall be collected through the use of cookies, tracking and online marketing tools and plug-ins (further details below).

Contacting us:

You can contact us using our contacts details as displayed on the website (e.g. by email or telephone). In this case, the data supplied by you shall be processed.

Real estate brokerage:
Within the framework of real estate brokerage, we shall essentially process your master data and contact details, as well as contract and property data, account and payment details, correspondence and all other data required for identification purposes and to perform the contractual relationship.

Within the context of our engagement, it may also be necessary for us to process special categories of data, such as data relating to your health (pursuant to Art. 9(1) GDPR). To this end, we shall obtain your consent (pursuant to Art. 6(1)(a), Art. 7 and Art. 9(2)(a) GDPR), if necessary.

5. Relevant legal bases

If and insofar as the legal basis is not mentioned in the data privacy statement, the following shall apply: the legal basis for obtaining consent is Art. 6(1)(a) and Art. 7 GDPR and/or Art. 9(2)(a) GDPR; the legal basis for processing to provide our services and implement contractual measures as well as to respond to enquiries is Art. 6(1)(b) GDPR; the legal basis for processing to fulfil our legal obligations is Art. 6(1)(c) GDPR; and the legal basis for processing to protect our legitimate interests is Art. 6(1)(f) GDPR. For the event that vital interests of the data subject or of another natural person require the processing of personal data, Art. 6(1)(d) GDPR serves as the legal basis.

6. Contacting us

If you get in touch with us using the contact details available on the website (e.g. by e-mail or telephone), the personal data that you have supplied to us voluntarily shall be processed for the purpose of handling the enquiry and to deal with any follow-up enquiries on the basis of your consent (pursuant to Art. 6(1)(a) GDPR). In this case, we shall erase your personal data if and insofar as such data are no longer required and/or the erasure is not opposed by statutory retention periods.

Withdrawal of consent:
Your consent may be withdrawn in full or in part at any time with future effect by getting in touch with the controller using the contact details above (under point 3.). Such withdrawal shall not affect the lawfulness of processing based on consent before its withdrawal.

7. Real estate brokerage

If we are close to concluding a contract with you on the basis of your interest and/or enquiry, Art. 6(1)(b) GDPR (to fulfil contractual or pre-contractual obligations) shall also come into question as a further legal basis for processing your data within the framework of real estate brokerage. The purpose of the processing shall be the specific negotiation and preparation of a rental contract and/or a real estate purchase contract between you and the lessor and/or the seller as well as all other associated and required activities and actions.

The data shall be retained for the duration of the contractual relationship and thereafter at least for as long as statutory retention periods exist or until limitation periods for potential legal claims expire.

You shall be obliged to provide personal data that are necessary for proper performance of the contractual relationship and which we are obliged by law to collect. As a rule, if you do not wish to make the data available to us, we must decline to conclude the contract. In this case, we shall no longer be able to perform an existing contract. However, data that are not necessary for proper performance of the business relationship or not legally required do not have to be provided. The communication of such data shall then be voluntary.

8. Server log files

The provider of the website automatically collects and stores information (browser type and browser version, operating system used, referrer URL, host name of the computer accessing the website, time of the server request and IP address) in server log files which your browser transmits automatically.

The data collected are used to ensure that connection to the website is established smoothly, to make sure that our website is user-friendly and to analyse system security and stability. We reserve the right to subsequently examine these data if we become aware of specific indications of unlawful use. These data are not merged with other data sources.

The legal basis for such data processing is Art. 6(1)(f) GDPR. The legitimate interest arises from the purposes for data collection as listed above.

Server log files are stored for a period of 180 days and then erased. Data whose further retention is required for evidentiary purposes are excluded from such erasure until the incident concerned is finally resolved.

The recording of data to provide the website and the storage of these data in log files are absolutely essential for operation of the website. There is therefore no option to object to such usage in this case.

9. Cookies

Our website uses cookies. These are small files which can be stored on the visitor’s device when you visit our website. They serve to make the website generally more user-friendly and more effective.

This website uses transient and persistent cookies whose scope and function are explained below:

Transient cookies are erased automatically when you close the browser. These include session cookies, in particular. These store a session ID, which can be used to assign various requests from your browser to a common session. This makes it possible to recognise your computer if you return to our website. Session cookies are erased when you log out or close the browser.

Persistent cookies are erased automatically after a set period of time, which can vary depending on the cookie. You can erase cookies in your browser’s security settings at any time.

You can prevent the installation of cookies at any time by adjusting the settings of the browser used accordingly. In addition, you can erase already installed cookies at any time using your browser. This can be done in all standard browsers. However, please note that if you disable the installation of cookies in the internet browser you are using or if you have erased already installed cookies, you may not be able to use all the features of our website in full.

When you access our website for the first time, an information banner shall appear, informing you about the use of cookies. We use various groups of cookies. If you click on the details in the information banner, you shall be shown the cookies that we use and the group to which each cookie belongs. The dialogue box which you can configure shall inform you about the use of cookies and ask you to consent to this. Please note that you cannot affect the use of essential functional cookies. Only after you have selected the cookie groups shall cookies be used on the website.

10. Information on the embedding of videos via Vimeo

We have embedded Vimeo videos on our website, which are stored at “” and can be played directly from our website. To increase the protection of your data when you visit our website, the videos have been embedded into the site using the double-click solution, which means that no data are transferred to Vimeo about you as a user if you do not play the videos. Only if you play the videos and, by doing so, consent to the transmission of data shall Vimeo cookies be stored on your computer and data transferred to Vimeo, Inc. 555 West 18th Street New York, New York 10011. If you are logged into your Vimeo account, you are hereby enabling Vimeo to assign your browsing behaviour to your personal profile directly. You can prevent this by logging out of your Vimeo account.

Vimeo is used in the interests of an appealing presentation of our online offerings. This represents a legitimate interest within the meaning of Art. 6(1)(f) GDPR.

Further information on the handling of user data can be found in Vimeo’s Privacy Policy at:

11. Matomo

Scope of processing personal data

The website uses Matomo, which enables a statistical analysis of website use to be conducted using cookies. To this end, usage information is sent; however, your IP address is immediately anonymized during this process. Personal data is therefore not stored for the purposes of statistical analysis.

  • the IP-adress of the user, shortened by the last two digits
  • visited Subpages of the Website
  • the Website from where the user got to (Referrer)
  • welcher Browser mit welchen Plugins, welches Betriebssystem und welche Bildschirmauflösung genutzt wird
  • Browser, PlugIns, Operating System and screen resolution of the user
  • amount of time spent on the website

The data collected by Matomo is stored on a server of the Controller. We don't transfer user-data to third-parties. (For exceptions see Chapter 13.)

Legal Basis
Data processing takes place on the basis of Art. 6(1)(a) GDPR (consent).

Means of data processing
We use Matomo to generate website access statistics that are easy to use and, as a consequence, to improve our offering and our web presence. You can prevent any recording of your data by Matomo by clicking on the following link. This installs an opt-out cookie which prevents any recording of your data during future visits to this website:

[matomo_opt_out language=en]

12. Social media

On the basis of Art. 6(1)(f) GDPR, we place buttons on our website that belong to the social networks Facebook, Twitter and Instagram in order to increase awareness of our website and projects via these channels. To increase the protection of your data when you visit our website, these buttons are not unrestricted; they are merely embedded in the site using an HTML link. This embedding ensures that when you access a page of our website that contains such buttons, a connection is not established with the servers of the provider of the respective social network. By clicking on the respective icon, you consent to communication with the respective platform and to the transmission of information (e.g. IP address) to the respective service provider. The provider of the social network can be identified by the marking on the box, i.e. its initial letter or logo.

The purpose and scope of data collection and the further processing and use of the data by the providers on their sites, as well as your rights in this regard and the settings you can configure to protect your privacy, are set out in the data privacy policies of these providers. Please note that, as the provider of this website, we have no knowledge of the content of the data transmitted or of the use thereof by the respective providers. Addresses of the respective providers with their data privacy policies:

13. Forwarding of data

Data shall only be forwarded to fulfil (pre-)contractual obligations, on the basis of your consent, due to a legal obligation or on the grounds of our legitimate interests.

All processors are contractually obliged by us on the basis of Art. 28 GDPR to comply with applicable data protection legislation in relation to us. Alongside the service providers referred to in the data privacy statement, the IT service provider (currently SIGNA Informationstechnologie GmbH) in particular works for us as a processor.

If and insofar as we are required by law or to fulfil a contract, we shall disclose or transmit your data, among other things, to the following recipients:

  • Third parties involved in the transaction (including persons required to take part in the transaction and potential contracting parties, financing companies, credit institutions and insurers, etc.);
  • Service providers (including tax advisors, property managers, insurers, accountants, lawyers, ombudsman’s offices and other service providers, etc.); and
  • The tax office and other authorities, tax advisors and legal representatives (with the enforcement of rights or defence against claims or as part of official proceedings).

Obviously, your data shall only be passed on to the extent required for the respective purpose of the processing.

Transmission to recipients in a third country (outside the EU) or to an international organisation is not intended, with the exception of the automated sending of e-mails via MailChimp as well as within the context of tracking and online marketing tools (further details on this above). MailChimp, Google and Facebook are certified under the Privacy Shield agreement and thereby guarantee compliance with European data protection law.

14. Data security

We implement appropriate technical and organisational measures to guarantee the security of the data processing and to process your personal data in a manner that provides protection against access by unauthorised third parties.

In spite of our security measures, it is impossible to rule out the fact that information which you supply to us via the internet, especially also within the framework of unencrypted e-mails, may be viewed and used by other persons.

15. Changes to this data privacy statement

We reserve the right to adapt the information provided in this data privacy statement, without prior notice, to changes in legislation and case-law and/or to amend it for organisational reasons. The latest version published here shall apply.

16. Your rights in connection with personal data

Pursuant to the GDPR, as the data subject you are entitled to the following rights.

Right of access:
You have the right to obtain information from us about whether we are processing personal data belonging to you and which data this concerns as well as further information pursuant to Art. 15 GDPR.

Right to rectification:
Pursuant to Art. 16 GDPR, you have the right to obtain the rectification of inaccurate personal data concerning you and/or – taking into account the purposes of the data processing – the completion of incomplete personal data.

Right to erasure of data ("right to be forgotten"):
You have the right to erasure of your data provided that the conditions of Art. 17 GDPR are met.

Right to restriction of processing:
In accordance with Art. 18 GDPR, you have the right to restriction of the processing of all personal data collected.

Right to data portability:
You have the right to data portability provided that the conditions of Art. 20 GDPR are met.

Right to withdraw consent:
If processing is based on consent, you also have the right to withdraw this consent at any time (see Art. 7(3) GDPR for details). Withdrawal shall not affect the lawfulness of processing based on consent before its withdrawal.

Right to object:
Pursuant to Art. 21(1) GDPR, you have the right at any time to object, on grounds relating to your particular situation, to the processing of relevant personal data which are necessary to protect our legitimate interests or those of a third party (Art. 6(1)(f) GDPR). If you object, your data shall no longer be processed unless there are compelling legitimate grounds for the processing which override your interests, rights and freedoms or the processing is for the establishment, exercise or defence of legal claims.

Pursuant to Art. 21(2) and (3) GDPR, you also have the right to object to data processing for direct marketing purposes; such objection shall have future effect.

Assertion of rights and the right of appeal:
To assert your aforementioned rights, you can get in touch with the controller using the contact details above (under point 3.) and state your request.

To protect your privacy and security, we reserve the right to check your identity before we take any of the above measures.

The protection and lawful processing of your personal data are very important to us. If you have any questions or concerns about the processing of your personal data, please get in touch with us using the above contact details for the controller (under point 3.) or contact the data protection officer. If, however, you feel that the processing of your personal data is unlawful, you can also turn to a data protection authority.