loader
ShopsSaleFoodServicesNews & Events
DE | EN

DATA PRIVACY

Name and address of the company

The controller in the sense of the General Data Protection Regulation (hereinafter “GDPR”) and other national data protection legislation of the Member States as well as other data protection regulations is:

FORUM Invest S.à r.l.
registered in the Registre de Commerce et des Sociétés
under number B181062
Managing Directors: Cathrin Brettnacher | Matthias Gutknecht

37a Avenue J.F. Kennedy
1855 Luxembourg
Tel.: +49 (0) 304 220 699 0
E-mail: infoeastsidemall.de

General information

Scope of and authorisation for the processing of personal data

We only collect and use the personal data of our users insofar as this is necessary to provide the functionality of our website and our content and services. We regularly collect and use personal data of our users only with their consent.

An exception applies in those cases where obtaining prior consent is not possible for practical reasons and the processing of the data is permitted by law.

The legal basis for processing involving personal data where the consent of the data subject has been obtained in advance is Art. 6 (1) (a) GDPR. The legal basis for the processing of personal data required for the performance of a contract or for the implementation of pre-contractual measures is Art. 6 (1) (b) GDPR. When processing personal data to comply with a legal obligation, the legal basis is Art. 6 (1) (c) GDPR. If vital interests of the data subject or of another natural person require the processing of personal data, Art. 6 (1d) GDPR serves as the legal basis. If processing is necessary to protect a legitimate interest of our company or a third party, and if these interests outweigh the interest of the data subject, taking into account the data subject's fundamental rights and freedoms, Art. 6 (1) f GDPR provides the legal basis for the processing of the data.

Data erasure and storage period

The personal data of the data subject will be erased or blocked as soon as the purpose for storage ceases to apply. In addition, data may be stored if we are required by law to process the data. In this case, the data will be blocked or erased when the legally prescribed storage period expires, unless there is a need to continue storing the data for the conclusion or fulfilment of a contract.

Data processing through the use of our website

Visiting our website

When you visit our website, the browser used on your device will automatically send information to the server hosting our website. This information is stored temporarily in a log file. In this process, the following information is captured without any action on your part and stored until it is erased automatically: IP address of the requesting computer, date and time of access, name and URL of the accessed file, website from which access was made (referrer URL), browser used and, where applicable, the operating system of your computer as well as the name of your access provider.

We process the aforementioned data for the purpose of ensuring a problem-free connection to our website, ensuring that our website is easy to use, evaluating system security and stability as well as for other administrative purposes.

The legal basis for processing these data is Art. 6 (1) (f) GDPR. Our legitimate interest is based on the purposes for data collection listed above. We never use the collected data to draw any inference about your identity.

Data sharing

None of your personal data will be disclosed to any third party for any purpose other than those listed. We will only disclose your personal data to third parties if you have given your explicit consent in accordance with Art. 6 (1) (a) GDPR, if the disclosure is necessary for the assertion, exercise or defence of legal claims in accordance with Art. 6 (1) (f) GDPR and there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data, in the event that there is a legal obligation for the disclosure in accordance with Art. 6 (1) (c) GDPR, and if this is legally permissible and necessary for the processing of contractual relationships with you in accordance with Art. 6 (1) (b) GDPR.

Use of cookies

We use cookies to operate our website in order to make it more user-friendly. Some elements on our website require the calling browser to be identified even after switching to another page.

Cookies are small files that allow specific information related to the device to be stored on the user's access device (PC, smartphone or similar). They are used, first, to make websites more user-friendly and thus for users (e.g. storage of login data). Second, they are used to collect statistical data concerning the use of the website and to be able to analyse them in order to improve the service. Users can influence the use of cookies. Most browsers have an option to restrict or completely prevent cookies from being stored. However, we would point out that functionality and, in particular, ease of use may be restricted without cookies.

The user data collected in this way are pseudonymised through technical measures. It is therefore no longer possible to attribute the data to the calling user. The data will not be stored together with other personal data of users.

The legal basis for the processing of personal data using cookies is Art. 6 (1) (f) GDPR. The legal basis for processing personal data using cookies that are technically necessary is Art. 6 (1) (f) GDPR. The legal basis for the processing of personal data using cookies for analytical purposes is Art. 6 (1) (f) GDPR, provided that the user has given their consent accordingly.

The purpose of using cookies that are necessary for technical reasons is to make it easier for users to navigate websites. Some functions of our website cannot be offered without the use of cookies. This requires a browser to be recognised even after switching pages.

Analytical cookies are used in order to improve the quality of our website and its content. Analytical cookies enable us to learn how the website is used and thereby constantly improve our service.

These purposes also constitute our legitimate interest in processing personal data in accordance with Art. 6 (1) (f) GDPR.

Required cookies

Name: Name: 71_SessionID
Source: eastsidemall.de
Lifetime: End of session
Use: Functional cookie

Third-party services

We have integrated the content, services and features of other providers into our website. These include, for example, maps provided by Google Maps, as well as graphics and images from other websites. Access to and the display of this data in the user's browser requires transmission of their IP address. Providers (hereinafter referred to as “third-party providers”) are therefore sent the IP address of the particular user.

Even though we endeavour to use only third-party providers who require the IP address for the sole purpose of delivering content, we have no control over whether the IP address is stored. In this case, one of the purposes of the process is for statistics. We will inform our users accordingly if we are aware that their IP address is being stored.

Use and application of Google Maps

We use the component “Google Maps” from Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA, hereinafter “Google”, on our website.

Each time the “Google Maps” component is called, Google sets a cookie in order to process user settings and data when displaying the page where the “Google Maps” component is integrated. This cookie will generally not be deleted when you close your browser but will expire after a certain time unless you delete it manually beforehand.

If you do not agree to this processing of your data, you have the option of deactivating the "Google Maps" service and thus preventing the transfer of data to Google. You must deactivate the Java Script function in your browser in order to do this. We would, however, point out that in this case you may not be able to use “Google Maps” or may only be able to use it to a limited extent.

The use of “Google Maps” and the information obtained via “Google Maps” is subject to Google’s terms of use at https://policies.google.com/terms?hl=en.html as well as the additional terms and conditions for “Google Maps” at https://www.google.com/intl/en_en/help/terms_maps.html.

Data protection in job applications and in the application procedure

We collect and process the personal data of applicants for the purpose of managing the application procedure. Processing may also be carried out by electronic means. This is particularly the case if an applicant sends us the relevant application documents electronically, for example by e-mail or via a web form on our website. If we conclude a contract of employment with an applicant, the data transmitted will be stored for the purpose of managing the employment relationship in compliance with the statutory provisions. If we do not conclude a contract of employment with the applicant, the application documents will be automatically deleted two months after notification of the rejection decision, provided that no other legitimate interests on our part preclude deletion. Other legitimate interests in this sense include, for example, a duty to provide evidence in proceedings under the General Equal Treatment Act (Allgemeines Gleichbehandlungsgesetz – AGG).

Rights of data subjects

You have the right:
(1) in accordance with Art. 15 GDPR, to request information about the personal data relating to you that we process. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data have been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of complaint, the origin of your data if it has not been collected by us, as well as the existence of automated decision-making including profiling and, if applicable, meaningful information about its details;
(2) in accordance with Art. 16 GDPR, to immediately request the correction of inaccurate or incomplete personal data stored by us;
(3) In accordance with Art. 17 GDPR, to request the erasure of your personal data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims;
(4) in accordance with Art. 18 GDPR, to request the restriction of the processing of your personal data, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you object to its erasure and we no longer require the data, but you need it for the assertion, exercise or defence of legal claims, or you have objected to the processing in accordance with Art. 21 GDPR;
(5) in accordance with Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request that it be transferred to another controller;
(6) in accordance with Art. 7 (3) GDPR, to revoke your consent at any time. This has the consequence that we may no longer continue data processing based on this consent in the future, and
(7) in accordance with Art. 77 GDPR, to lodge a complaint with a supervisory authority. As a general rule, you can contact the supervisory authority of your usual place of residence or workplace or of our registered office for this purpose.

Right of objection

You have the right to lodge an objection at any time for reasons arising from your specific situation against the processing of personal data relating to you based on Art. 6 (1) (e) or (f) GDPR; this also applies to profiling based on these provisions.

The controller will no longer process the personal data concerning you unless it can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims.

If personal data relating to you are processed for direct marketing purposes, you have the right to object at any time to processing of the personal data relating to you for the purpose of such marketing; this also applies to profiling where it is related to such direct marketing.

If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.

You have the possibility, in connection with the use of information society services, notwithstanding Directive 2002/58/EC, to exercise your right to object by means of automated procedures involving the use of technical specifications.

Automated individual decision-making in individual cases, including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which may have legal consequences for you or may have a similar adverse effect for you. This does not apply if the decision

(1) is necessary for the conclusion or performance of a contract between you and the controller,
(2) is permitted by legislation of the Union or the Member States to which the controller is subject and that legislation contains adequate measures to safeguard your rights and freedoms and your legitimate interests, or
(3) is carried out with your explicit consent.
However, these decisions may not be based on special categories of personal data in accordance with Art. 9 (1) GDPR, unless Art. 9 (2) (a) or (g) applies and appropriate measures have been taken to protect the rights and freedoms and your legitimate interests.

With regard to the cases referred to in (1) and (3), the controller will take reasonable steps to safeguard your rights and freedoms and your legitimate interests, including at least the right to obtain the intervention of a person on the part of the controller, to express his or her point of view and to contest the decision.

As a responsible company, we do not use automated decision-making or profiling.

Data security

During your visit to our website, we use the widespread SSL (Secure Socket Layer) procedure in combination with the highest level of encryption supported by your browser. This generally involves 256-bit encryption. If your browser does not support 256-bit encryption, we instead use 128-bit v3 technology. You can recognise whether a page from our website is transmitted in encrypted form by the closed representation of the padlock icon in the lower status bar of your browser.

In addition, we also undertake suitable technical and organisational measures to protect your data against accidental or deliberate manipulation, partial or complete loss, destruction or unauthorised access by third parties. Our security measures are constantly improved to reflect technological development.

Ensuring this privacy policy is up-to-date, amendments

This is the currently applicable version of our privacy policy and was last updated in October 2020.

It may become necessary to amend this privacy policy as our website and services evolve or as a result of changes in legal and regulatory requirements. You can access and print out the latest data privacy policy from this address at any time.