We appreciate your interest in our company. Data protection is of a particularly high priority for the management of the WISTA Management GmbH. In the following we inform you about the processing of personal data when using our homepage.
The privacy policy for our booking platform via Cobot.me can be found at:
https://st3am-adlershof.cobot.me/privacy-policy
The privacy policy of WISTA Management GmbH is based on the terms used by the European legislator for the adoption of the General Data Protection Regulation (GDPR). Our privacy policy should be easy to read and understand for the public as well as for our customers and business partners. To ensure this, we would like to explain the terms used in advance.
We use the following terms in this privacy policy:
Personal data means any information relating to an identified or identifiable natural person (hereinafter referred to as „data subject“). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Data subject is any identified or identifiable natural person whose personal data is processed by the controller responsible for the processing.
Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Restriction of processing is the marking of stored personal data with the aim of restricting its future processing.
Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.
Pseudonymization is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
Controller or controller responsible for the processing is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Recipient is a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.
Third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.
Consent is any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
The controller within the meaning of the General Data Protection Regulation, other data protection laws applicable in the Member States of the European Union and other provisions of a data protection nature is the:
WISTA Management GmbH
Rudower Chaussee 17
12489 Berlin
Germany
Phone: +49 30 6392-2200
E-mail: info(at)wista.de
Website: www.wista.de
You can contact our data protection officer at the above address or at the following e-mail address:
E-mail: datenschutz(at)wista.de
Any data subject can contact our data protection officer directly at any time with any questions or suggestions regarding data protection.
We will provide you with information about whether and which of your personal data is processed by us and for what purposes (Art. 15 GDPR). In addition, you have the right to rectification (Art. 16 GDPR), the right to restriction of processing (Art. 18 GDPR), the right to erasure (Art. 17 GDPR) and the right to data portability (Art. 20 GDPR) under the respective legal requirements.
You have the right to object to the processing under the legal requirements (Art. 21 GDPR).
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) of Article 6(1)(1) (data processing for the performance of a task carried out in the public interest) or point (f) (data processing based on legitimate interest); this also applies to profiling based on these provisions. We will no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defense of legal claims (Art. 21 (1) GDPR).
Where personal data are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing (Art. 21 (2) GDPR).
To exercise the above rights, please contact us by e-mail at datenschutz(at)wista.de or by post at WISTA Management GmbH, Rudower Chaussee 17, 12489 Berlin. The exercise of your above rights is free of charge for you.
Without prejudice to these rights and the possibility of seeking any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority at any time, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes data protection regulations (Art. 77 GDPR).
The processing of personal data can be based on various legal bases. If we need your data to fulfill a contract with you or to respond to your inquiries regarding a contract, the legal basis for this data processing is Art. 6 para. 1 sentence 1 lit. b GDPR. If we obtain your consent for certain data processing, the legal basis is Art. 6 para. 1 sentence 1 lit. a GDPR. We carry out some data processing on the basis of our legitimate interest, whereby a balance is always struck between your interests worthy of protection and our legitimate interests. The legal basis for this is Art. 6 para. lit. f GDPR. Insofar as processing is necessary to fulfill a legal obligation to which we are subject, the legal basis is Art. 6 para. 1 lit. c GDPR.
Below we explain how we process personal data via our websites.
When you contact us by e-mail, the data you provide (your e-mail address, your name and telephone number if applicable) will be stored by us in order to answer your questions and process your requests. The legal basis in this respect is Art. 6 para. 1 sentence 1 lit. f GDPR.
If you make entries that are not required to contact us, you do so voluntarily. If we ask for information that is not required to process your request, we have always marked this as optional. We use this information to specify your request and to improve the processing of your request. This information is provided expressly on a voluntary basis and with your consent, Art. 6 para. 1 sentence 1 lit. a GDPR. If this involves information on communication channels (e.g. another email address, telephone number), you also consent to us contacting you via this communication channel in order to respond to your request. You can of course withdraw this consent at any time for the future.
Your data that we have received in the course of contacting you will be deleted as soon as it is no longer required to achieve the purpose for which it was collected, your request has been fully processed and no further communication with you is necessary or desired by you.
As the data controller, WISTA Management GmbH has implemented numerous technical and organizational measures to ensure that the personal data processed via this website is protected as completely as possible. Nevertheless, Internet-based data transmissions may in principle have security gaps. Absolute protection cannot be guaranteed; in any case, sending unencrypted e-mails is not secure. We therefore ask you not to send sensitive data by unencrypted e-mail, but to use either encrypted communication channels or the postal service.
We process the following technical information (log file data) when the website is used for information purposes only:
• the amount of data retrieved
• the current IP address of the device you are using to visit our website
• Date and time of access
• the URL of the previously visited website (referrer)
• the URL of the (sub)page that you access on the website
The collection of this data is technically necessary in order to display our website to you and to ensure stability and security. We (and our service provider) regularly do not know who is behind an IP address. We do not combine the data listed above with other data.
The legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR; insofar as access to information stored in the user’s terminal equipment is absolutely necessary, also § 25 para. 2 no. 2 TDDDG.
Since the collection of data for the provision of the website and storage in log files is absolutely necessary for the operation of the website and to protect against misuse, our legitimate interest in data processing prevails at this point.
Cookies are data that are stored on your computer by a website that you visit and enable your browser to be reassigned. Cookies are used to transmit information to the site that sets the cookie. Cookies can store various information, such as your language setting, the duration of your visit to our website or the entries you make there. This prevents you from having to re-enter required form data each time you use the website, for example. The information stored in cookies can also be used to recognize preferences and target content according to areas of interest.
There are different types of cookies: Session cookies are data sets that are only temporarily stored in the working memory and are deleted when you close your browser. Permanent or persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie. With this type of cookie, the information can also be stored in text files on your computer. However, you can also delete these cookies at any time via your browser settings.
First-party cookies are set by the website you are currently visiting. Only this website may read information from these cookies. Third-party cookies are set by organizations that are not operators of the website you are visiting. These cookies are used by marketing companies, for example.
The legal basis for possible processing of personal data using cookies and their storage duration may vary. If you have given us your consent, the legal basis is Art. 6 para. 1 sentence 1 lit. a GDPR. Insofar as the data processing is based on our overriding legitimate interests, the legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR. The stated purpose then corresponds to our legitimate interest.
Insofar as we use cookies or similar technologies to access a terminal device used by you within the meaning of Section 2 (2) No. 6 TDDDG by storing or reading information there independently of any personal reference, we will first obtain your purpose-related, voluntary and informed consent in accordance with Section 25 (1) TDDDG.
Insofar as consent can be bundled in accordance with the GDPR and the TDDDG, we will obtain it uniformly.
Consent under the TDDDG is not required for access to information that is already stored on your end device and has been sent to us through your active transmission; this concerns the public IP address of the end device, the address of the website accessed, the user agent string with browser and operating system incl. version and the language set.
Furthermore, no consent is required under the TDDDG if the cookie or similar technology is used to ensure the transmission of a message via a public telecommunications network (Section 25 (2) No. 1 TDDDG) or if the setting of the cookie and thus the storage of information in your terminal equipment or access to information already stored in your terminal equipment is absolutely necessary for the provision of a telemedia service expressly requested by you (Section 25 (2) No. 2 TDDDG).
We use cookies to ensure the proper operation of the website and to provide basic functionalities.
You can delete cookies already stored on your device at any time. If you want to prevent the storage of cookies, you can do this via the settings in your Internet browser. Alternatively, you can also install so-called ad blockers. Please note that individual functions of our website may not work if you have deactivated the use of cookies.
By law, we can store cookies on your device if they are strictly necessary for the operation of this site. We require your consent for all other types of cookies. However, such processing activities requiring consent do not take place on the website.
The following technically necessary cookies are set:
Cookie:
wpEmojiSettingsSupports
Description:
WordPress sets this cookie when a user interacts with emojis on a WordPress website. It helps to determine whether the user’s browser can display emojis correctly.
Description Duration:
Session
We offer various membership tariffs as part of our co-working space offer. Registration is required to use a tariff. A user account is created upon registration.
You can find more information on data processing in the context of your membership and room bookings directly on our booking and registration page:
https://st3am-adlershof.cobot.me/privacy-policy
Your personal data will not be transferred to third parties unless we are legally obliged to do so or the transfer of data is necessary for the execution of the contractual relationship or you have previously expressly consented to the transfer of your data.
External service providers and partner companies, such as IT service providers, will only receive your data if this is necessary. In these cases, however, the scope of the transmitted data is limited to the necessary minimum. Insofar as our service providers process your personal data on our behalf, we ensure that they comply with the provisions of data protection laws in the same way as part of order processing in accordance with Art. 28 GDPR. Please also note the data protection notices of the respective providers. The respective service provider is responsible for the content of third-party services, whereby we check the services for compliance with the legal requirements within the scope of reasonableness.
We attach great importance to processing your data within the EU/EEA. However, we may use service providers who process data outside the EU/EEA. In these cases, we ensure that an appropriate level of data protection comparable to the standards within the EU is established at the recipient before your personal data is transferred. This can be achieved, for example, by means of EU standard contracts or binding corporate rules or special agreements to which the company may be subject.
We have taken extensive technical and operational precautions to protect your data from accidental or intentional manipulation, loss, destruction or access by unauthorized persons. Our security procedures are regularly reviewed and adapted to technological progress.
Status: 16.06.2025
