Zum Hauptinhalt springen

Privacy Policy

1. Controller

Viebrock Immobilien GmbH

Hohenfelde 2

21698 Harsefeld

Germany

Phone: 04164 8991730

Email: immobilien@viebrockhaus.de

2. Hosting

This website is hosted on Amazon Web Services (AWS) in the Frankfurt region (eu-central-1).

When you visit the website, technical data (e.g. IP address, browser, timestamp) is automatically collected as required for the operation of the website.

Legal basis: Art. 6(1)(f) GDPR

3. Contact form

When you contact us via the contact form, the information you provide is processed for the purpose of handling your request and is sent to us by email.

Data processed:
Name, email, phone number (optional), subject, message

Legal basis: Art. 6(1)(b) GDPR

The data will be deleted as soon as it is no longer required for processing.

4. Email delivery (Resend)

Transactional emails (your confirmation message and the internal notification to us) are delivered through Resend, Inc., 2261 Market Street #5039, San Francisco, CA 94114, USA. We have signed a data processing agreement with Resend in accordance with Art. 28 GDPR.

Data processed: Email address, name, message content, technical email metadata.

Legal basis: Art. 6(1)(b) GDPR

Insofar as data is transferred to the USA, this is based on the EU-US Data Privacy Framework and/or the EU Standard Contractual Clauses (Art. 46 GDPR). Resend’s privacy notice: resend.com/legal/privacy-policy.

5. Spam and abuse protection

To protect our contact form from automated requests (spam, bots), each submission is associated with a pseudonymised hash (SHA-256 with a server-side pepper) of your IP address, stored in an Amazon DynamoDB table in the Frankfurt region (eu-central-1). A counter based on this hash limits the number of requests per hour.

Retention: Entries are deleted automatically after one hour by DynamoDB’s time-to-live mechanism. The original IP address is never stored.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in defending against automated attacks and spam).

6. Server logs

For operational and security purposes, AWS Lambda functions and Amazon CloudWatch automatically record technical log data (request and response metadata, timestamps, error messages). Logs may transiently contain personal data submitted via the contact form (name, email address, message).

Retention: 3 months, after which logs are automatically deleted.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in operational stability, error analysis and IT security).

7. Cookies

Only technically necessary cookies are used to operate the website. The site stores a single language preference in the browser’s local storage.

Legal basis: Art. 6(1)(f) GDPR; § 25(2)(2) TTDSG (technically necessary).

8. ChatbotChatbot

Our website offers an AI-powered chatbot that answers questions about our properties, projects, FAQs and emergency contacts. Your messages are not persistently stored on our servers.

Data flow: Your message is forwarded through our server to Amazon Bedrock and answered by the generative language model Amazon Nova Lite. Model invocations are routed through an EU-wide inference profile and processed exclusively in EU regions (including Frankfurt, Ireland and Paris). The processor is Amazon Web Services EMEA SARL (Luxembourg); where unavoidable, data is transferred to Amazon Web Services, Inc. (USA) on the basis of the Standard Contractual Clauses pursuant to Art. 46(2)(c) GDPR and the EU-US Data Privacy Framework.

No training on your data: Under the AWS Service Terms (Section 50.3 for Amazon Bedrock), AWS does not use the submitted inputs or model outputs to train the foundation models and does not share them with the model providers.

Storage: The conversation history is kept only in your browser’s session storage and is automatically cleared when the tab is closed. We do not persistently store your messages on our servers.

Abuse protection: To limit automated requests we store – analogous to the contact form – a pseudonymised hash (SHA-256 with a server-side pepper) of your IP address in an Amazon DynamoDB table. Entries are deleted automatically after one hour. The original IP address is never stored.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in offering a user-friendly self-service feature and in defending against automated attacks).

9. Data subject rights

You have the right to access, rectify, erase, restrict the processing of, and object to the processing of your personal data.

You also have the right to lodge a complaint with a data protection supervisory authority.