Consens Logo

Privacy Policy

CONSENS GmbH takes the protection of your personal data seriously. We treat your personal data confidentially and in accordance with the applicable legal data protection regulations.

As a rule, it is possible to use our website without providing personal data. Please read the first section of our data protection declaration to find out which personal data is nevertheless collected during use and how we deal with it.

If personal data (e.g. name, address or e-mail addresses) is collected on our pages, this is always done on a voluntary basis. This data will not be passed on to third parties without your express consent.

We would like to point out that data transmission on the Internet (e.g. communication by e-mail, access to websites) can have security gaps. Complete protection of data against access by third parties is not possible.

Which of your personal data we process and use depends largely on the services provided in each case. The responsible party for processing in the sense of data protection is the

Widenmayerstr. 16
80538 München
Phone: 0 89 / 12 00 50 – 0
E-Mail: dsb[at]

Managing Director: Torsten Flohr
Amtsgericht München HRB 79834

In the following, we, as the responsible party, fulfil our duty to provide information and disclosure regarding the processing of personal data and inform you about the type, scope and purpose of the processing of personal data. In addition, we will inform you about our criteria for the storage period, possible categories of recipients and planned transfers to third countries or to an international organisation. With regard to the terms "personal data", "processing", "controller", "data subject", "third party" used, we refer to the definitions of Art. 4 Regulation (EU) 2016/679 (GDPR). We would like to point out that this data protection notice may be adapted on an ad hoc basis or on the basis of regular reviews.

1. General information

On our website we would like to give you an overview of our company and our services. In doing so, we collect personal data (pursuant to Art. 6 para. 1 sentence 1 lit. f DSGVO). Data subjects are the respective users of this website.

1.1. Hosting of the website

This website is hosted by a provider within Germany. It offers sufficient guarantees to comply with appropriate technical and organisational measures to ensure the requirements of data protection law and to guarantee the protection of the rights of the data subjects. There is no direct access to the data by employees of the service provider.

1.2. Processing of website calls and server log files

When you use the website, we collect personal data that your browser transmits to the server when you call up the website and that is technically required to provide the website and its services. The following data is processed in the process:

  • Public IP address of the retrieval, if applicable of the proxy server used.
  • Time of the request
  • URL (address) of the request and the URL from which the request originated (referrer)
  • Browser used, operating system and its interface, language and version of the browser software
  • Technical information on access: access status/HTTP status code, amount of data transferred in each case
  • Retrieved and linked content data (texts, photos, videos, graphics, other data, etc.)

This data is stored in a log file and deleted after seven days.

The purposes of the processing are:

  • Provision of the website and its contents, services and functions
  • Ensuring a smooth and comfortable use of the website
  • Ensuring system security and stability by evaluating errors and incidents
  • Carrying out administrative tasks

The data will not be used to draw conclusions about your person.

1.3. Google Fonts

For display purposes, we use fonts that are reloaded by the Google Fonts service directly from your browser when you call up our website. At least the IP addresses are processed in the process. According to the current status, Google can collect and process data about your usage behaviour through the integration. Please refer to the provider's data protection information. The following provider is responsible for processing the request to the Google server:

Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA

Privacy policy:

1.4. Legal notice for the website

We are responsible for our own content on these pages in accordance with general laws. The free and freely accessible contents of this website have been created with the greatest possible care and serve only to provide general information and not advice in specific cases. The provider of this website excludes liability for the content of the retrievable information, unless it is a case of intentional or grossly negligent misinformation. As soon as we become aware of a concrete violation of the law, we will remove this content immediately.

1.5. Copyright

The content provided on the website (e.g. texts, graphics, photos, etc.) may be protected by copyright or other industrial property rights. The exploitation of this content is not permitted without the consent of the rights holder.

If you contact us (e.g. by e-mail or telephone), we store and process the contact information you provide (name, e-mail address, telephone number) and the information and content transmitted in connection with the contact in order to be able to answer the enquiry.

We carry out the processing in the context of pre-contractual measures if it is a corresponding request by you (legal basis Art. 6 para. 1 sentence 1 lit. b GDPR). Furthermore, we have a legitimate interest in answering enquiries to or about us and our services and to process data accordingly for this purpose (legal basis Art. 6 para. 1 sentence 1 lit. f GDPR).

We delete the data accruing in this context when storage is no longer necessary. This regularly takes place after one year, if no further communication results from the enquiry and if no further processing results from the enquiry (e.g. following contractual relationship), which provides for a different storage period (see above).

2. Type of data used

In the course of our activities as intermediaries for real estate loans, real estate and insurance, we come into contact with personal data. The respective companies or entrepreneurs usually have a contractual or pre-contractual relationship with us. If it is necessary for the provision of our services, we also process personal data which we obtain from publicly accessible sources (e.g. land registers, commercial registers, press, Internet) or which are transmitted to us by other third parties (e.g. partner companies of our clients). The data we process includes personal data (e.g. name, address, other contact data) and identification data (e.g. ID card data). Furthermore, we also process order data (e.g. payment orders), data from the fulfilment of our contractual obligations (e.g. tax data, beneficial owner), financial data (e.g. creditworthiness data, origin of assets, proof of income, wage documents, applications for employee savings allowances, capital-forming benefits, pension insurance documents), contribution statements for social insurance, pension insurance and insurance policies, documentation data (e.g. logs, e-mails, confirmations) and health data.

3. Purpose of the processing

We process personal data within the framework of the EU General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG).

3.1. Data processing for the purpose of contract initiation/contract management

We process personal data for the purpose of contract administration, i.e. so that we can provide our business partners or customers with the contractual services and for the purpose of corresponding contract preparations. If the business partner or customer is a natural person, the legal basis is that the processing is necessary for the fulfilment of a contract or for the implementation of pre-contractual measures in accordance with Art. 6 Para. 1 b GDPR.

3.2. Data processing within the framework of balancing interests

If necessary, we process personal data of employees of the business partner or customer. The legal basis for this is a legitimate interest according to Art. 6 para. 1 f GDPR - both ours or that of third parties (assertion of legal claims and defence in the event of disputes, risk management, prevention and investigation of criminal offences, etc.). The legitimate interest lies in the performance of our business activities and those of the business partner or customer. A conflicting interest of the respective data subject does not exist in this respect, because from the point of view of our business partner or customer, the processing by us is already necessary within the framework of the existing employment relationship with the data subject (Section 26 BDSG-neu). For this purpose, we store personal data for the duration of the contract.

3.3. Data processing on the basis of consent

Insofar as we have consent to process personal data for certain purposes (e.g. to pass it on to banks, real estate sellers), the lawfulness of this processing is given in accordance with Art. 6 (1) a GDPR. This consent can be revoked at any time. However, the revocation only applies to the future and does not affect the lawfulness of the data processed until the revocation.

3.4. Data processing due to legal requirements or in the public interest

CONSENS GmbH is subject to a wide range of legal obligations (e.g. Money Laundering Act). The processing and disclosure of personal data is necessary for the fulfilment of these obligations and is permitted in accordance with Art. 6 Para. 1 c GDPR.

4. Data sharing

Within CONSENS GmbH, only the employees entrusted with the fulfilment of the respective contractual and legal obligations have access to the personal data. In addition, we transmit your data to our business partners (banks, insurance companies, real estate buyers and sellers) for the purpose of initiating a contract. Personal data is only transferred or passed on to third parties if this is done on a legal basis and we state this in the individual processing operations or if one of the following reasons applies:

  • It is necessary for the performance of a contract with you or the implementation of pre-contractual measures at your request (Art. 6 para. 1 sentence 1 b GDPR).
  • The disclosure is necessary for the assertion, exercise or defence of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data (Art. 6 para. 1 sentence 1 f GDPR).
  • There is a legal obligation to disclose the data (Art. 6 para. 1 sentence 1 c GDPR).
  • We have a valid consent from you (Art. 6 para. 1 sentence 1 a GDPR).

In this context, data is only transferred to third countries (outside the EU and the EEA) or processed there if the special requirements of Art. 44 et seq. GDPR are fulfilled.

5. Duration of data retention

As a matter of principle, we store personal data for the period of time that is necessary for corresponding processing, legal or regulatory retention periods exist or we have a legitimate interest in storing the data or you have given your consent. We store certain data in accordance with the following rules for the duration specified in each case and delete it after the specified storage period has expired:

  • 3 years: data and contents on legal acts (including their preparation), insofar as necessary for the ability to provide information and defence as well as for the assertion or defence of claims.
  • 6 years: Commercial letters (section 257 (1) nos. 2 and 3, (4) HGB), hand files (section 50 (1) BRAO), wage documents, applications for employee savings allowances, capital-forming benefits, pension insurance documents, social insurance contribution statements, insurance policies.
  • 10 years: documents relevant to taxation, accounting vouchers, commercial books (§§ 147 para. 1 AO) 257 para. 1 nos. 1 and 4, para. 4 HGB), health data.
  • 30 years: Data stored on the basis of special circumstances in one's own interest or in the interest of third parties due to corresponding limitation periods or special retention periods (e.g. enforcement orders, special limitation periods).

If circumstances arise during storage (e.g. conclusion of a contract, negotiations about claims, legal disputes, etc.) that make longer storage necessary, these periods are extended accordingly. The beginning of a period for the storage period is regularly the end of the calendar year in which the last event for the respective processing took place (e.g. order, delivery, end of a contract, invoicing).

6. Your rights as a data subject and rights of appeal

As a data subject of a processing (hereinafter also "user") of personal data by us, you can assert the following rights against us:

  • You can request information in accordance with Article 15 of the GDPR, in particular about whether we process your personal data. If this is the case, you can request information about, among other things, the categories of personal data and the processing purposes as well as, if applicable, the origin (if this was not collected by us) and categories of recipients of this data.
  • You may request the correction of inaccurate or the completion of your personal data stored by us in accordance with Art. 16 GDPR.
  • You can request the deletion of your personal data stored by us within the scope of Art. 17 GDPR. If there are legitimate reasons for deletion, the processing of the data will be restricted (blocking). In order to effectively block data and implement the associated restriction of processing, the data concerned may need to be held in a blocking file.
  • You can request the restriction of processing from us within the framework of Art. 18 GDPR.
  • You may request information about recipients of any notification obligation under Art. 19 GDPR in the event of rectification, erasure or restriction of processing of personal data.
  • You may, in accordance with Art. 20 GDPR, receive your personal data that you have provided to us in a structured, common and machine-readable format or request that it be transferred to another controller.
  • You may exercise your right to object within the framework of Art. 21 GDPR, in particular if your personal data is used for direct marketing purposes or if there are grounds arising from your particular situation where the processing is based on Art. 6 (1) sentence 1 e or f GDPR. You can revoke consent to the processing of personal data at any time with effect for the future. Processing prior to revocation is not affected by this. You may also exercise your right to lodge a complaint with a competent supervisory authority under data protection law in accordance with Article 77 of the GDPR. In the case of CONSENS GmbH, this is the Bavarian State Commissioner for Data Protection:

Postfach 22 12 19, 80502 München
Wagmüllerstraße 18, 80538 München
Phone: 0 89 / 21 26 72 – 0
Fax: 0 89 / 21 26 72 – 50
E-Mail: poststelle [at]