GUTHMANN®
GUTHMANN® Logo
DE Contact

Privacy Policy

1. Privacy at a Glance

General Information

The following information provides a simple overview of what happens to your personal data when you visit our website. Personal data is any data that can be used to personally identify you. For detailed information on data protection, please refer to our privacy policy below.

Data Collection on This Website

Data collection on this website is carried out partly by the website operator. Your data is collected through technically necessary processing (e.g. session management, hosting) and, where applicable, through analytics tools. Analytics tools are only activated after your explicit consent.

Other data is collected automatically by our IT systems when you visit the website. This primarily includes technical data (e.g. internet browser, operating system, IP address, or time of page access). This data is collected automatically as soon as you enter our website.

Analytics Tools and Third-Party Tools

When you visit our website, your browsing behavior may be statistically analyzed. This is primarily done using analytics programs. Analysis of your browsing behavior only occurs after your explicit consent via our cookie banner. You can revoke your consent at any time via the “Cookie Settings” link in the website footer or on this privacy policy page.

2. General Information and Mandatory Disclosures

Data Protection

The operators of this website take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the applicable data protection regulations and this privacy policy.

When you use this website, various personal data is collected. Personal data is data that can be used to personally identify you. This privacy policy explains what data we collect and what we use it for. It also explains how and for what purpose this is done.

We would like to point out that data transmission over the internet (e.g. when communicating by email) may have security vulnerabilities. Complete protection of data against access by third parties is not possible.

Information About the Responsible Party

The responsible party for data processing on this website is:

Guthmann Estate GmbH
Blücherstraße 22
10961 Berlin

Phone: +49 30 69004240
Email: info@guthmann.estate

The responsible party is the natural or legal person who, alone or jointly with others, decides on the purposes and means of processing personal data (e.g. names, email addresses, etc.).

For all data protection matters — in particular access, correction, and deletion requests — you can reach us at privacy@guthmann.estate.

Revocation of Your Consent to Data Processing

Many data processing operations are only possible with your explicit consent. You can revoke any consent you have already given at any time. An informal notification by email to us is sufficient. The legality of the data processing carried out before the revocation remains unaffected by the revocation.

Right to Lodge a Complaint with the Supervisory Authority

In the event of data protection violations, the data subject has the right to lodge a complaint with the competent supervisory authority. The competent supervisory authority for data protection matters is:

Berlin Commissioner for Data Protection and Freedom of Information
Friedrichstr. 219
10969 Berlin
Phone: +49 30 13889-0
Email: mailbox@datenschutz-berlin.de
Website: https://www.datenschutz-berlin.de

Right to Data Portability

You have the right to have data that we process automatically on the basis of your consent or in fulfillment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of data to another responsible party, this will only be done to the extent that it is technically feasible.

SSL/TLS Encryption

This site uses SSL/TLS encryption for security reasons and to protect the transmission of confidential content, such as inquiries you send to us as the site operator. You can recognize an encrypted connection by the fact that the browser address bar changes from “http://” to “https://” and by the lock icon in your browser bar.

When SSL/TLS encryption is activated, the data you transmit to us cannot be read by third parties.

Access, Restriction, Deletion

Within the framework of applicable legal provisions, you have the right at any time to obtain free information about your stored personal data, its origin, recipients, and the purpose of data processing, as well as a right to correction, restriction, or deletion of this data (Art. 15–18 GDPR). For inquiries regarding your data subject rights — in particular access or deletion requests — please contact us directly at privacy@guthmann.estate. Alternatively, you can reach us at the address given in the legal notice.

Objection to Promotional Emails

The use of contact data published as part of the legal notice obligation for sending unsolicited advertising and information materials is hereby objected to. The operators of the website expressly reserve the right to take legal action in the event of unsolicited sending of advertising information, such as spam emails.

3. Hosting and Content Delivery

Cloudflare Workers

This website is hosted on Cloudflare Workers. The provider is Cloudflare Inc., 101 Townsend St, San Francisco, CA 94107, USA (hereinafter “Cloudflare”).

Cloudflare Workers is a serverless platform that runs web applications at the edge (i.e. in data centers close to the visitor). When you access our website, your request is automatically routed to the nearest Cloudflare data center. Technical data such as your IP address, browser type, and the page accessed are processed in this context.

Cloudflare is certified under the EU-US Data Privacy Framework. More information can be found in Cloudflare’s privacy policy: https://www.cloudflare.com/privacypolicy/

The use is based on Art. 6(1)(f) GDPR. We have a legitimate interest in the reliable, fast, and secure provision of our website.

Cloudflare CDN

We use Cloudflare’s Content Delivery Network (CDN). This caches content of our website in Cloudflare data centers (edge caching) to reduce loading times and increase availability. When cached content is accessed, your request is answered directly from the nearest Cloudflare data center without contacting our origin server.

The legal basis is Art. 6(1)(f) GDPR (legitimate interest in performant content delivery).

Cloudflare Speed Brain

We use Cloudflare Speed Brain, a service for speculative preloading (prefetching) of pages at the edge level. Cloudflare analyzes navigation behavior in aggregate to predict which page a visitor might access next and preloads it in the background. No personal data is stored in this process.

The legal basis is Art. 6(1)(f) GDPR (legitimate interest in faster page navigation).

4. Data Collection on Our Website

Cookies and Consent Management

This website uses one cookie to identify your session:

  • Name: _privacy_session
  • Purpose: Identification of the browser session and storage of your consent preferences
  • Properties: HttpOnly, Secure, SameSite=Strict
  • Duration: 30 days (automatically renewed on repeat visit)

For consent management, we use the open-source library “Vanilla Cookie Consent.” On your first visit, a cookie banner appears where you can grant or reject your consent. Your preferences are stored in our server-side session management (Cloudflare KV) — not as an additional cookie.

We distinguish two categories:

  • Necessary (always active): Technically required functions such as session management and consent storage.
  • Analytics (opt-in): Statistical analysis through Google Analytics via Google Tag Manager. Only activated after your explicit consent.

You can change or revoke your cookie settings at any time via the “Cookie Settings” link in the website footer.

The legal basis for consent management is Art. 6(1)(c) GDPR (legal obligation). The session cookie is set on the basis of Art. 6(1)(f) GDPR (legitimate interest in the technically error-free provision of the website).

Server Log Files

The hosting provider (Cloudflare) automatically collects and stores information that your browser transmits with every page request. This includes:

  • Browser type and version
  • Operating system
  • Referrer URL
  • IP address
  • Time of server request
  • Country and region (via Cloudflare geolocation)

This data is not merged with other data sources. The legal basis for data processing is Art. 6(1)(f) GDPR (legitimate interest in the secure and stable provision of the website).

Session Management and First-Touch Attribution

When you first visit our website, a server-side session is created and linked via the session cookie (_privacy_session) described above. Session data is stored in Cloudflare KV (key-value store) and automatically deleted after 30 days.

The following data is collected and stored on your first visit (first-touch attribution):

  • UTM parameters (utm_source, utm_medium, utm_campaign, utm_term, utm_content) — to identify the origin of your visit
  • Advertising click IDs (gclid, fbclid, msclkid, li_fat_id, twclid) — to attribute ad campaigns
  • Landing page (pathname without query parameters) — to analyze the entry page
  • Cookie consent status — your consent preferences

When a form is submitted, the following additional data is collected at the time of submission (live enrichment):

  • Geolocation data from Cloudflare (country, region, city, timezone) — not GPS data, but inferred from the Cloudflare data center
  • User agent (browser and device information)
  • IP address as SHA-256 hash with salt — no plaintext IP address is stored
  • Referrer (last page visited)

The legal basis is Art. 6(1)(f) GDPR. Our legitimate interest lies in attributing inquiries to marketing channels and optimizing our advertising campaigns. The IP address is stored exclusively as a cryptographic hash and serves for abuse prevention (rate limiting).

Contact Form

When you send us inquiries via the contact form, the following data is collected: first name, last name, email address, phone number (optional), and your message. You may also optionally consent to receiving our newsletter.

The data is processed through a server-side workflow (Cloudflare Workflow) and forwarded to our team via email (Mailgun, EU region). If you consent to the newsletter, your email address is additionally transmitted to Mailchimp (see Newsletter section).

Processing is based on Art. 6(1)(b) GDPR (pre-contractual measures) or Art. 6(1)(a) GDPR (consent for newsletter opt-in). The data will remain with us until you request deletion or the purpose for data storage no longer applies.

Newsletter

When you subscribe to our newsletter, your email address and the selected language (German/English) are transmitted to Mailchimp (The Rocket Science Group LLC, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA). Mailchimp is certified under the EU-US Data Privacy Framework.

We use the double opt-in procedure: after registration, you will receive a confirmation email in which you must confirm your registration. Only then will your data be stored for newsletter delivery.

The legal basis is Art. 6(1)(a) GDPR (consent). You can revoke your consent at any time, e.g. via the unsubscribe link in every newsletter email. More information: Mailchimp Privacy Policy

Property Valuation

Through our property valuation form, you can request a data-driven estimate for a Berlin property. The following data is collected: property address, property type, and living area.

To access the valuation result, you may optionally provide contact details (first name, last name, email, phone). In this case, you will receive an access code by email (Mailgun, EU region).

The legal basis is Art. 6(1)(b) GDPR (pre-contractual measures). Valuation data is stored in our CMS (Directus).

You may request the deletion of the data submitted for the property valuation at any time by contacting privacy@guthmann.estate. Unless retention is required by commercial or tax law, we will delete your data without undue delay.

Search Request / Search Profile

Through our search profile form, you can let us know your property preferences. The following data is collected: area of interest, preferred boroughs, maximum purchase price, message, and your contact details (first name, last name, email, phone).

The data is forwarded to our sales team via email (Mailgun, EU region) and may additionally be created as a search profile in our property management system (Propstack).

The legal basis is Art. 6(1)(b) GDPR (pre-contractual measures).

Property Inquiry

On property detail pages, you can submit an inquiry about a specific property via a contact form. In addition to your contact details (first name, last name, email, phone, message), the context of the requested property is transmitted.

Processing is carried out as for the general contact form (see above). The legal basis is Art. 6(1)(b) GDPR (pre-contractual measures).

5. Analytics Tools

Google Tag Manager

This website uses Google Tag Manager (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland). Tag Manager is a tool that allows us to manage tracking and analytics tags on our website. Google Tag Manager itself does not store cookies and does not collect personal data.

We use Google Tag Manager with Google Consent Mode v2. This means: Tag Manager is only loaded after you have consented to the “Analytics” category via our cookie banner. Without your explicit consent, no analytics or marketing tags are executed.

The legal basis is Art. 6(1)(a) GDPR (consent). More information: Google Privacy Policy

Google Analytics

This website uses Google Analytics 4, a web analytics service provided by Google Ireland Limited. Google Analytics is loaded exclusively via Google Tag Manager and is only activated when you have consented to the analytics category via our cookie banner.

Google Analytics uses cookies (e.g. _ga, _gid) that enable analysis of your use of the website. The information generated by the cookie about your use of this website is usually transmitted to and stored on a Google server.

We use Google Analytics with IP anonymization. Google Analytics 4 anonymizes IP addresses by default, so your IP address is not stored in full.

The legal basis is Art. 6(1)(a) GDPR (consent). You can revoke your consent at any time via the “Cookie Settings” link in the footer. Upon revocation, analytics cookies are automatically deleted.

We have concluded a data processing agreement with Google. More information: Data protection at Google Analytics

6. Plugins and Tools

Mapbox

This website uses the mapping service Mapbox (Mapbox Inc., 740 15th Street NW, 5th Floor, Washington, DC 20005, USA). Mapbox is used on property detail pages and location maps to display maps, geocoding, and location information.

When loading a map, your browser connects to Mapbox servers. This transmits data including your IP address and information about the requested map view. Mapbox uses a public access token (visible in the client). Additionally, events are sent to the Mapbox Events API (events.mapbox.com).

The legal basis is Art. 6(1)(f) GDPR (legitimate interest in the appealing presentation of our property locations). As Mapbox transfers data to the USA, the transfer is based on Standard Contractual Clauses. More information: Mapbox Privacy Policy

Cloudflare Turnstile

We use Cloudflare Turnstile as bot protection on all forms on our website. Turnstile is a CAPTCHA service by Cloudflare Inc. that automatically checks form submissions for bot activity without using traditional image puzzles.

When loading a form, a script from challenges.cloudflare.com is embedded. Cloudflare processes technical data such as IP address, browser information, and interaction data to distinguish between human visitors and bots.

The legal basis is Art. 6(1)(f) GDPR (legitimate interest in protecting our forms from abuse). More information: Cloudflare Privacy Policy

Propstack

For displaying property photos, we use images served via the CDN service of Propstack (images.propstack.de). When loading these images, your browser connects to Propstack servers, transmitting your IP address and the referrer.

The legal basis is Art. 6(1)(f) GDPR (legitimate interest in displaying current property images).

7. Email Delivery and External Services

Mailgun

For sending email notifications upon form submissions, we use Mailgun (Sinch Email, Lindhagensgatan 74, 112 18 Stockholm, Sweden). We exclusively use Mailgun’s EU region (api.eu.mailgun.net), ensuring that email processing takes place within the EU.

The legal basis is Art. 6(1)(f) GDPR (legitimate interest in the reliable delivery of notifications). More information: Mailgun Privacy Policy

Directus CMS

We use Directus as our content management system (CMS) for managing the content of this website. Directus is operated on our own servers (directus.guthmann.estate). Access to Directus occurs exclusively server-side — no data is transmitted directly from your browser to Directus.

Form data (contact inquiries, valuations) is stored server-side in Directus. The legal basis is Art. 6(1)(f) GDPR (legitimate interest in the efficient management of our content and inquiries).

8. Third-Country Transfers

Some of the services mentioned above process data outside the European Union, particularly in the USA. The following safeguards apply to these transfers:

  • Cloudflare, Google: Certified under the EU-US Data Privacy Framework
  • Mapbox: Standard Contractual Clauses (SCCs) pursuant to Art. 46(2)(c) GDPR
  • Mailchimp (The Rocket Science Group): Certified under the EU-US Data Privacy Framework
  • Mailgun (Sinch): Processing in the EU region (api.eu.mailgun.net)

9. Currency and Changes to This Privacy Policy

This privacy policy is currently valid as of April 2026. Due to the continued development of our website or changes in legal or regulatory requirements, it may be necessary to amend this privacy policy.