Privacy Policy

The protection of your data is important to us. Below we inform you about which personal data we process on this website, for what purposes and what rights you have.

Status: January 2026

1. Controller

Investora Commercial
European Economic Interest Grouping
Schaurain 21
83101 Rohrdorf, Germany
Email: info@investora-commercial.de
Phone: +49(0)931 49737742

2. General Information

Personal data is all data with which you can be personally identified. We only process data insofar as this is necessary to provide this website, to process your request or to fulfill legal obligations.

3. Processed Data (Data Categories)

  • Server Logs: IP address, date/time, visited page/URL, referrer URL, browser/user agent.
  • Contacting us: If you contact us (e-mail, phone or inquiry form), we process your details to handle your request.
  • Inquiry Form (Lead Funnel): Depending on the input e.g. name, e-mail, phone number, company as well as property information.
  • Technical Data: Device and connection information necessary for the stable delivery and security of the website.

4. Purposes & Legal Bases

  • Operation of the website (Art. 6 Para. 1 lit. f GDPR)
  • Answering inquiries / pre-contractual measures (Art. 6 Para. 1 lit. b GDPR)
  • Fulfillment of legal obligations (Art. 6 Para. 1 lit. c GDPR)

If we require your consent in individual cases (e.g. for optional marketing/tracking services), the processing is based on Art. 6 Para. 1 lit. a GDPR.

5. Hosting & Server Log Files

When you visit this website, the hosting provider and our systems automatically collect information in so-called server log files. The processing is necessary to technically provide the website, ensure system security and detect abuse. The legal basis is Art. 6 Para. 1 lit. f GDPR.

This data is not merged with other data sources. Log data is generally only stored for as long as necessary for security reasons.

6. Contact & Inquiry Form

If you contact us by email, phone or via the inquiry form, we process the information you provide to answer your inquiry and, if necessary, implement pre-contractual measures. The legal basis is Art. 6 Para. 1 lit. b GDPR (initiation/fulfillment of a contract) as well as Art. 6 Para. 1 lit. f GDPR (efficient processing of customer inquiries).

7. Cookies, Local Storage & Consent

We use technical mechanisms that are necessary for the operation of the website (e.g. session/security functions). Tracking or marketing cookies are not used without your consent.

8. Recipients & Processors

Your data is generally only processed internally by us. Insofar as we use service providers (e.g. hosting, IT service providers), this is done on the basis of an order processing contract in accordance with Art. 28 GDPR.

9. Third Country Transfer

If data is transferred to countries outside the EU/EEA within the scope of using service providers, this is only done in compliance with the requirements of Art. 44 et seq. GDPR (e.g. adequacy decision, standard contractual clauses).

10. Storage Duration

We only store personal data for as long as is necessary for the respective purposes. We delete inquiry and communication data as soon as processing is complete and there are no statutory retention requirements.

11. Your Rights

You have the following rights regarding your data:

  • Information / Correction / Deletion: You can request information (Art. 15 GDPR) as well as correct incorrect data (Art. 16 GDPR) or have it deleted (Art. 17 GDPR).
  • Restriction / Data Portability: You can have processing restricted (Art. 18 GDPR) and request data portability (Art. 20 GDPR).
  • Objection: You can object to processing for reasons arising from your particular situation (Art. 21 GDPR).
  • Revocation & Complaint: You can revoke your consent at any time with effect for the future (Art. 7 Para. 3 GDPR). You also have the right to lodge a complaint with a supervisory authority (Art. 77 GDPR).

For any concerns regarding data protection, please write to us at info@investora-commercial.de.

12. Security (TLS/SSL)

This website uses TLS encryption to protect data transmissions. You can usually recognize a reliable encrypted connection by the https:// address in the browser bar.

13. Changes to this Privacy Policy

We adapt this privacy policy if the legal situation, the website or our processes change. The currently published version applies.

Data security in the PropTech sector: Protection of sensitive asset data

In the institutional real estate industry, data integrity is not an optional feature, but a business-critical factor. When project developers, asset managers and brokerage houses use FotoEstate's PropTech infrastructure, they entrust us with highly sensitive information - from confidential building plans (CAD/BIM) to financing exposés and detailed LiDAR scans of occupied portfolios. This privacy policy explains the legal framework for using the website. This supplementary guide, on the other hand, highlights our holistic security architecture for the processing of spatial data (3D visualization) in a B2B context.

1. GDPR compliance in the creation of digital twins

The recording of a building using laser scanning (e.g. Matterport) or classic architectural photography entails inherent data protection challenges, particularly in the rented commercial or residential sector. A precise 3D scan not only captures the geometry of the room, but potentially also whiteboards with company secrets, server room configurations or family photos in residential properties.

As a certified PropTech service provider, we have established strict protocols for compliance with the General Data Protection Regulation (GDPR). Before a digital twin is published or passed on to potential investors, the data material undergoes a multi-stage anonymization process. Using AI-supported algorithms and manual quality control (blurring), faces, license plates, screen contents and other personal data are irreversibly obscured. This guarantees that you can use visual assets legally secure in your virtual data rooms or in public marketing.

2. Secure hosting and cloud architecture in Europe

The processing of terabytes of raw data - such as gigantic point clouds, high-resolution drone videos or uncompressed RAW files - requires a powerful IT infrastructure. For many institutional portfolio holders (such as banks or insurance companies), hosting on insecure third-party servers outside the EU is strictly prohibited.

FotoEstate relies on a redundant cloud infrastructure whose data centers are geographically localized in Europe and subject to strict ISO standards (e.g. ISO 27001). Data transfer between your systems and our production servers for Computer Generated Imagery (CGI) and virtual staging takes place exclusively via encrypted connections (end-to-end encryption). This ensures that exclusive project developments are treated strictly confidentially prior to the official market launch (pre-sales phase).

3. Transaction security in NPLs and share deals

In sensitive market phases, such as the handling of non-performing loans (NPL) or discreet off-market transactions, absolute discretion is the top priority. Any data leak can severely weaken the negotiating position of the parties involved. Our services are designed to fit seamlessly into the restrictive requirements of legal due diligence audits.

We implement strict identity and access management (IAM) systems for all delivered digital assets. You retain full control over who accesses which virtual tour or floor plan data and when. Password-protected links, time-limited access tokens and IP whitelisting are standard repertoire in our delivery processes for core assets.

  • NDAs as standard: Confidentiality agreements are mandatory for all our staff and affiliated photographers.
  • Data Sovereignty: Upon completion of a CGI or scanning project, we guarantee the complete deletion of the raw data from our systems upon request.
  • Secure onboarding: API interfaces to your existing CRM and ERP systems meet the highest authentication standards (OAuth 2.0).

4. Data-driven marketing without compromises

The balancing act between maximum market reach and strict data protection does not have to be a contradiction in terms. Thanks to our B2B-focused approach, we enable asset managers to operate data-driven real estate marketing (performance marketing) without taking any regulatory risks. We proactively advise you on the privacy-compliant integration of tracking pixels (e.g. Google Analytics 4, Meta Pixel) within our interactive exposés and web apps in order to measure the ROI of your campaigns in a legally secure manner.

FotoEstate does not see itself purely as a service provider for visualizations, but as a technological sparring partner for the real estate industry. The careful, legally compliant handling of 3D visualization is the foundation on which we jointly develop digital strategies that measurably increase the value of your portfolio. Find out in detail about your rights and our technical protective measures in our privacy policy. Start your project inquiry now.