Privacy Policy

The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data refers to any information that can be used to identify you personally. For detailed information regarding data protection, please refer to our full privacy policy provided below this text.

The party responsible for data processing on this website is TEREAL GmbH. Full contact details can be found in the Imprint as well as in Section 2 of this declaration.

Your data is collected in one way by you providing it to us — for example, when you fill out our contact form.

Other data is collected automatically or, with your consent, by our IT systems when you visit the website. This primarily includes technical data (e.g., internet browser, operating system, time of page access).

Some data is collected to ensure the error-free provision of the website. Other data may — following your consent — be used for reach measurement and analysis of your user behavior.

You have the right at any time to receive free information regarding the origin, recipient, and purpose of your stored personal data. You also have the right to rectification or erasure of this data. You may revoke any consent provided at any time for the future. Under certain circumstances, you have the right to restrict processing as well as the right to lodge a complaint with the competent supervisory authority.

For inquiries, please contact info@tereal.de.

By default, this website does not use tracking cookies. Google Analytics 4 runs in so-called "cookie-less mode" (Consent Mode v2) prior to your consent and sends exclusively anonymous, aggregated signals without storage on your device (permitted under § 25 Para. 2 TTDSG). Cookies are only set and Microsoft Clarity is only loaded if you actively select "Accept all" in the cookie banner.

TEREAL GmbH Rheinpromenade 13 40789 Monheim am Rhein Germany

Managing Directors: Ricardo Freyer, Florian Zeise Phone: +49 (0) 2173 9939600 Email: info@tereal.de

Commercial Register: District Court Düsseldorf, HRB 110292 VAT ID: DE457431220

Due to its size and structure, TEREAL GmbH is not legally required to appoint a Data Protection Officer (Art. 37 GDPR in conjunction with § 38 BDSG). For data protection inquiries, you may contact us directly at info@tereal.de.

Unless a more specific storage duration is mentioned in this privacy policy, your personal data will remain with us until the purpose for the data processing ceases. If you assert a legitimate request for erasure or revoke consent for data processing, your data will be deleted, provided there are no other legally permissible reasons for storage (e.g., tax or commercial retention periods).

We process your data based on Art. 6 Para. 1 lit. a GDPR (consent), Art. 6 Para. 1 lit. b GDPR (contract or pre-contractual measures), Art. 6 Para. 1 lit. c GDPR (legal obligation), or Art. 6 Para. 1 lit. f GDPR (legitimate interest). The specific legal basis applied is indicated during each individual processing operation.

As part of our business activities, we work with various external entities. To the extent that the transfer of personal data is necessary, this is carried out on the basis of a legal permit, consent, or a data processing agreement (Art. 28 GDPR). An overview of the services used can be found in Sections 5–7.

Many data processing operations are only possible with your express consent. You can revoke any consent given at any time — for example, via the cookie settings at the bottom of the page. The lawfulness of the data processing carried out up to the time of revocation remains unaffected by the revocation.

In the event of violations of the GDPR, you have the right to lodge a complaint with a supervisory authority. For TEREAL GmbH, the competent authority is the State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia (LDI NRW), Kavalleriestraße 2-4, 40213 Düsseldorf.

You have the right to receive, on behalf of yourself or a third party, the data that we process automatically based on your consent or in fulfillment of a contract, in a common, machine-readable format.

You have the right at any time to receive free information regarding your stored personal data, its origin and recipients, as well as the purpose of the processing, and, if applicable, the right to rectification or erasure of this data.

For security reasons and to protect the transmission of confidential content, this site uses SSL/TLS encryption. You can recognize an encrypted connection by the fact that the browser's address bar changes from "http://" to "https://".

Our website uses so-called "cookies" as well as similar technologies such as Local Storage. Prior to your consent, only technically necessary data is processed.

In the Local Storage, your selection from the cookie banner is stored under the key "cookie-consent" (values: "accepted" or "rejected"). This information is stored exclusively locally in your browser and is not transferred to our servers. Legal basis: Art. 6 Para. 1 lit. f GDPR (legitimate interest in respecting your cookie preferences).

The provider of our hosting automatically collects and stores information in so-called server log files that your browser automatically transmits. These include:

• Browser type and browser version • Operating system used • Referrer URL • Hostname of the accessing computer • Time of server request • IP address

These data will not be merged with other data sources. The collection of this data is based on Art. 6 Para. 1 lit. f GDPR. The website operator has a legitimate interest in a technically error-free presentation and the optimization of its website — for this purpose, the server log files must be collected. The logs are automatically deleted after 7 days, unless security-relevant incidents require longer storage.

If you send us inquiries via the contact form, the information provided in the inquiry form, including the contact details you provided there, will be stored by us for the purpose of processing the inquiry and in the event of follow-up questions.

Processed data: Salutation, first and last name, email address, telephone number (optional), company (optional), LinkedIn profile (optional), asset class, number of units, square footage, property address, subject, and your message.

The processing of this data is carried out on the basis of Art. 6 Para. 1 lit. b GDPR, provided that your inquiry is related to the fulfillment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of inquiries directed to us (Art. 6 Para. 1 lit. f GDPR) or on your consent (Art. 6 Para. 1 lit. a GDPR).

The data you enter in the contact form will remain with us until you request its erasure, revoke your consent, or the purpose for the data storage ceases (e.g., after the processing of your inquiry has been completed). Mandatory legal provisions — particularly retention periods — remain unaffected.

If you contact us via email or telephone, your inquiry, including all resulting personal data (name, inquiry), will be stored and processed by us for the purpose of handling your request. We will not pass this data on without your consent.

The processing is carried out on the basis of Art. 6 Para. 1 lit. b GDPR, provided that your inquiry is related to the fulfillment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of inquiries directed to us (Art. 6 Para. 1 lit. f GDPR) or on your consent (Art. 6 Para. 1 lit. a GDPR).

This website is hosted by Replit, Inc., 548 Market St #105021, San Francisco, CA 94104-5401, USA. Personal data collected on this website is stored on the host's servers. This primarily includes IP addresses, contact inquiries, meta and communication data, contract data, contact details, names, website access, and other data generated via the website.

This is used for the purpose of contract fulfillment for our potential and existing customers (Art. 6 Para. 1 lit. b GDPR) and in the interest of providing a secure, fast, and efficient online offering (Art. 6 Para. 1 lit. f GDPR). A data processing agreement (Data Processing Addendum) exists with Replit in accordance with Art. 28 GDPR; the third-country transfer to the USA is secured via EU Standard Contractual Clauses (SCC).

Images on this website are delivered via the storage and image optimization infrastructure of Supabase Inc. (970 Toa Payoh North #07-04, Singapore 318992, with EU region Frankfurt). When accessing a page, your browser connects to the Supabase CDN servers, which transmits your IP address to Supabase. The legal basis is Art. 6 Para. 1 lit. f GDPR (legitimate interest in fast, optimized delivery of image content). An order processing agreement exists with Supabase; the storage location of the images is in the EU (Frankfurt).

We use TinaCMS (Tina Inc., USA) to maintain editorial content. TinaCMS processes only the editorial content of our employees — visitor data for the website is not collected through this service. Legal basis: Art. 6 Para. 1 lit. f GDPR. An order processing agreement exists with Tina Inc.; the transfer to a third country is secured via EU Standard Contractual Clauses.

This website uses local web fonts (Montserrat and JetBrains Mono) to ensure a consistent visual presentation. The fonts are delivered directly from our server. No connection is made to third-party servers — in particular, Google Fonts.

This website uses functions of the web analysis service Google Analytics 4. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics is integrated with the so-called "Consent Mode v2." Prior to your consent, Google Analytics is operated exclusively in cookie-less mode: no cookies are set and no personal identifiers (e.g., client_id) are stored on your device. Only anonymous, aggregated modeling pings (e.g., page view events) are transmitted. This processing is permitted without consent according to § 25 Para. 2 No. 2 TTDSG; the legal basis is Art. 6 Para. 1 lit. f GDPR (legitimate interest in data-efficient, anonymous reach measurement).

After your consent ("Accept all"), Google Analytics is switched to full mode. Cookies are set (including _ga, _ga_*, _gcl_au) with a storage duration of up to 2 years, which allow for the recognition of your browser and detailed statistics regarding your usage behavior. The measurement ID for this website is G-J3XW5S1RY6. Google Analytics is configured with IP anonymization.

Legal basis after consent: Art. 6 Para. 1 lit. a GDPR and § 25 Para. 1 TTDSG. You can revoke your consent at any time via the cookie settings link at the bottom of the page — set cookies will be actively deleted, and Google Analytics will switch back to cookie-less mode.

Google may also process data in the USA. We have concluded an order processing agreement with Google. The transfer to a third country is secured via EU Standard Contractual Clauses as well as Google LLC's certification under the EU-US Data Privacy Framework. Further information on the handling of user data can be found in Google's privacy policy: https://policies.google.com/privacy.

This website uses — exclusively after your express consent — Microsoft Clarity to analyze usage. The provider is Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland.

Microsoft Clarity records anonymized session repetitions, clicks, scrolling behavior, and mouse movements to improve the user-friendliness of our website. Sensitive input fields (e.g., passwords, payment data) are automatically masked. Cookies are set (including _clck with a 1-year storage duration and _clsk with a 1-day storage duration). The project ID for this website is w1tksgx18h.

Legal basis: Art. 6 Para. 1 lit. a GDPR and § 25 Para. 1 TTDSG. You can revoke your consent at any time via the cookie settings link.

Processing may also take place in the USA. An order processing agreement exists with Microsoft; the transfer to a third country is secured via EU Standard Contractual Clauses as well as Microsoft Corporation's certification under the EU-US Data Privacy Framework. Microsoft's privacy notice: https://privacy.microsoft.com/de-de/privacystatement.

We use "Google reCAPTCHA" (hereinafter "reCAPTCHA") on the contact page. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

reCAPTCHA is used to verify whether data entry on this website (e.g., in a contact form) is performed by a human or by an automated program. To this end, reCAPTCHA analyzes the behavior of the website visitor based on various characteristics (including IP address, duration of stay, mouse movements). The analysis begins when the contact page is accessed. The user is not separately notified of the analysis.

The storage and analysis of data take place on the basis of Art. 6 Para. 1 lit. f GDPR. The website operator has a legitimate interest in protecting its web offerings from abusive automated crawling and spam. The transfer to a third country in the USA is secured via EU Standard Contractual Clauses and the EU-US Data Privacy Framework.

Further information: https://policies.google.com/privacy and https://policies.google.com/terms.

On our contact page, we use services from Mapbox Inc., 1714 14th St NW, Washington, DC 20009, USA, for address suggestions during input as well as for displaying a static map on the confirmation page.

For address autocomplete requests, your keystrokes are forwarded to Mapbox via our server (server-side proxy), meaning Mapbox does not receive your IP address directly. For the static map, your IP address is transmitted to Mapbox when the map image is loaded.

Legal basis: Art. 6 Para. 1 lit. f GDPR (legitimate interest in convenient address entry and geographic visualization of the contact). The transfer to a third country in the USA is secured via EU Standard Contractual Clauses. Mapbox privacy notice: https://www.mapbox.com/legal/privacy.

To ensure the reliable delivery of messages received via the contact form to our inbox (info@tereal.de), we use the email delivery service SendGrid from Twilio Inc., 101 Spear Street, Fifth Floor, San Francisco, CA 94105, USA.

In this process, all data entered into the contact form is transmitted to and processed by SendGrid to deliver the email to us. No storage beyond the dispatch process takes place on the part of SendGrid; any use for other purposes is contractually excluded.

Legal basis: Art. 6 Para. 1 lit. b GDPR (initiation of a contract) as well as Art. 6 Para. 1 lit. f GDPR (reliable email delivery). An order processing agreement exists with Twilio. The transfer to a third country in the USA is secured via EU Standard Contractual Clauses and Twilio Inc.'s certification under the EU-US Data Privacy Framework. Privacy notice: https://www.twilio.com/legal/privacy.

To protect against spam and automated abusive use of our interfaces (especially the contact form and address autocomplete), we briefly log the number of requests per IP address. For address autocomplete, a hashed IP identifier is stored in our Supabase database (EU region Frankfurt) with a short lifespan. No content evaluation or linking with other data sources takes place.

Legal basis: Art. 6 Para. 1 lit. f GDPR (legitimate interest in protecting our IT systems).

We present open positions on our careers page. Applications are made either via the external application portal linked in the respective job advertisement — to which we provide separate privacy notices — or via email to the address specified.

For applications received directly via email: We process the submitted application documents (cover letter, CV, certificates, and any other attachments) exclusively for the purpose of the application process. The legal basis is § 26 Para. 1 BDSG in conjunction with Art. 88 GDPR as well as Art. 6 Para. 1 lit. b GDPR.

Upon completion of the application process, the documents of rejected applicants will be deleted after 6 months at the latest, unless you have expressly consented to longer retention (e.g., for future positions).

• Server log files: 7 days • Cookie consent choice (Local Storage): 12 months • Google Analytics cookies (after consent): up to 2 years • Microsoft Clarity cookies (after consent): _clck 1 year, _clsk 1 day • Contact form requests: until the request is processed; thereafter deletion, unless commercial or tax retention periods apply (generally 6 or 10 years according to AO/HGB) • Application documents: 6 months after completion of the process • Rate-limit hashes (Address Autocomplete): short technical lifespan (generally a few hours)

Subject to the respective legal requirements, you have the following rights:

• Right of access (Art. 15 GDPR) • Right to rectification (Art. 16 GDPR) • Right to erasure ("Right to be forgotten", Art. 17 GDPR) • Right to restriction of processing (Art. 18 GDPR) • Right to data portability (Art. 20 GDPR) • Right to object (Art. 21 GDPR) • Right to withdraw consent (Art. 7 Para. 3 GDPR) • Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)

To exercise these rights, an informal notification to info@tereal.de is sufficient.

Objection is hereby made to the use of contact data published as part of the legal notice requirements for the purpose of sending unsolicited advertising and information materials. The website operators expressly reserve legal action in the event of unsolicited delivery of advertising information, such as via spam emails.

Status: May 2026.

Due to the further development of our website or due to changed legal or regulatory requirements, it may become necessary to adapt this privacy policy. The current privacy policy can be viewed and printed on this page at any time.