Menu
Privacy policy for the website “Tri” of Encore + Else S.à r.l. and the use of the building
1. Name and contact details of the controller
Encore + Else S.à r.l. (hereinafter referred to as “we” or ‘Encore’) is the data controller within the meaning of Art. 4 No. 7 of the General Data Protection Regulation (GDPR) for the website at www.tri-munich.com (“website”) and the associated data processing. Furthermore, we are partially responsible for the processing of personal data when using so-called smart building components in the TRÍ building. Our contact details are as follows:
Encore + Else S.à r.l.
34-38 Avenue de la Liberté
L-1930 Luxembourg
Compliance with the applicable data protection regulations is not only a legal obligation for Encore, but also an important factor in building trust. With the following data protection information, we would therefore like to provide you with transparent information about the type, scope, and purpose of the personal data we collect and process when you visit our website and use our building, as well as your rights.
2. Provision of the website and log files
2.1 Description and scope of data processing
Each time you visit our website, our system, i.e. the web server, automatically collects information from your computer or end device and stores it (log files). This includes the following data that we collect:
• Your IP address
• Product and version information about the browser and operating system (known as the user agent) of the device you use to access our website
• The website from which you access our website (known as the referrer)
• Date and time of the request (known as the timestamp)
• HTTP status and the amount of data transferred as part of your request.
2.2 Purpose of data processing
The collection of your IP address by our system is necessary to enable you to use our website. For this purpose, we must inevitably store your IP address for the duration of the session. Your data is stored in the log files to ensure the functionality of our website. In addition, this data is used to optimize the website and to ensure the security of our information technology systems (e.g., for attack detection) as well as to analyze utilization and troubleshoot errors.
2.3 Legal basis for processing
The legal basis for the storage of this data is Art. 6 (1) lit. f) GDPR (balancing of interests). Our legitimate interest is to provide a functional website.
2.4 Duration of storage
The above-mentioned data will be deleted as soon as it is no longer necessary for the purpose for which it was collected. In the case of data collection for the provision of the website, this is the case when the respective session has ended. Storage beyond this is possible for technical reasons. In this case, we will delete or anonymize (hash) your IP address so that it is no longer possible to assign it to the client accessing the website and the data contained therein no longer has any personal reference.
2.5 Necessity of provision
The provision of data is neither required by law nor contractually stipulated. However, the collection of data for the provision of our website and the storage of data in log files is essential for the operation of our website.
Failure to provide the above personal data may result in disadvantages for you. For example, this could mean that you are unable to access our website.
3. Ways to contact us: Contact form / email
3.1 Description and scope of data processing
You can contact us via our contact form and the email address provided. In this case, we process the personal data you provide with your inquiry (e.g., name, address, or email addresses, as well as other information you provide in your contact request). If necessary, we will forward your request to one of our partners and thus transfer personal data to them if your request concerns topics that are handled by these partners. Our partners are:
• LaSalle Investment Management: https://www.lasalle.com/
Privacy policy: https://www.lasalle.com/legal/privacy-statement
• CBRE GmbH: https://www.cbre.de/de-de/
Privacy policy: https://www.cbre.de/de-de/ueber-cbre/datenschutzerklaerung
• Accumulata Real Estate Group GmbH: https://www.accumulata.de/
Privacy policy: https://www.accumulata.de/datenschutz/
3.2 Purpose of processing
The personal data you provide us with when you contact us is used solely for the purpose of processing your enquiry and communicating with you. Any necessary transfer of data to our aforementioned partners is for the purpose of connecting you with the best possible contact person for your enquiry.
3.3 Legal basis for data processing
The legal basis for the processing of your personal data, including the transfer of your personal data to our partners, when you contact us is Art. 6 (1) lit. f) GDPR (balancing of interests). Our legitimate interest is to communicate with you as the enquirer.
3.4 Duration of storage
We will delete your personal data that you have sent us when contacting us once the relevant matter has been conclusively clarified and communication with you has been completed. Please note that after communication with you has been completed, your data may still be stored by us because its processing is necessary for another purpose and/or we can use another legal basis for its storage. Information about the processing of your personal data by our partners can be found in their privacy policy (see section 3.1).
3.5 Necessity of provision
The provision of personal data is neither required by law nor contractually required. If you do not provide your data, we will not be able to (continue to) communicate with you.
4. Disclosure of your data to third parties, recipients of data, and transfer to third countries
4.1 Disclosure to third parties
We disclose your personal data to third parties if this is necessary for the purpose for which it was collected (see section 3.1). In addition, we only disclose your personal data to third parties if you have given us your prior consent (Art. 6 (1) (a) GDPR).
4.2 Recipients of data
To operate our website, we work with selected service providers who process data on our behalf for specific purposes. We only pass on personal data to service providers who have been carefully selected by us and commissioned in writing within the scope of legally permissible order processing. They only receive the data necessary to fulfill the order. This includes the following categories of contractors: hosting providers, technical services such as maintenance of the technical infrastructure, providers of the platform for the smart building components.
4.3 Third country transfer
In the event that recipients of personal data are based in countries without an adequate level of data protection, we have taken measures to ensure appropriate and adequate safeguards for the protection of personal data. For recipients based in the US, we have also concluded EU standard contractual clauses and, where necessary, observe additional measures to protect the rights of data subjects.
5. Cookies
5.1 Use of cookies
Our website uses cookies. Cookies are text files that are stored and/or read on your device (e.g., in your internet browser). These text files contain a characteristic string of characters that enables us to uniquely identify your device during a session and when you return to the website. Encore uses technically necessary cookies.
5.2 Technically necessary cookies
5.2.1 The purpose of using technically necessary cookies is to provide the functionality of our website. For some functions of our website, it is necessary that your browser is recognized even after a page change.
5.2.2 The legal basis for storing and reading information from technically necessary cookies is Section 25 (2) TTDSG. The legal basis for processing your personal data using technically necessary cookies is Art. 6 (1) lit. f) GDPR. Our legitimate interest is to provide a functional website.
5.2.3 So-called “session cookies” are automatically deleted at the end of your visit to our website. The cookies that enable us to recognize your browser on your next visit remain stored on your device.
6. Plugins and tools
6.1 Google Web Fonts
This site uses so-called web fonts provided by Google for the uniform display of fonts. When you visit a page, your browser loads the required web fonts into your browser cache to display texts and fonts correctly.
For this purpose, the browser you are using must connect to Google’s servers. This allows Google to know that this website has been accessed via your IP address. The use of Google Web Fonts is based on Art. 6 (1) lit. f GDPR. The website operator has a legitimate interest in the uniform presentation of the typeface on its website. If corresponding consent has been requested (e.g., consent to the storage of cookies), processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR; consent can be revoked at any time.
If your browser does not support web fonts, a standard font from your computer will be used.
Further information on Google Web Fonts can be found at https://developers.google.com/fonts/faq and in Google’s privacy policy: https://policies.google.com/privacy?hl=de
7. TRÍ building app
We provide building users with a technology-based building platform (“building platform”) via a building app (“TRÍ building app”) to interact with the building’s functions and services.
For this purpose, the TRÍ building is equipped with so-called smart building components. Various sensors and actuators are installed in the building. The building platform collects, processes, and manages data for the digital control of the building, including via a mesh network.
7.1 Description and scope of data processing
We collect data via the sensors (e.g., room temperatures, consumption information on water, electricity, etc.). We can read additional information from commands to actuators, e.g., errors in the blind control system, room temperature adjustment, etc. (collectively referred to as “building data”).
The information from the sensors and actuators is brought together on the building platform, and sensor information and actuator commands are networked with each other. This allows building data to be aggregated and, if necessary, actuator feedback on malfunctions (e.g., non-response of a blind control) to be detected.
Building data may be personally identifiable insofar as the app used, log file data (see section 2.1), and position data of the end device used can be recorded.
We evaluate the building data in terms of energy consumption and efficiency and determine the repair requirements for the building. We do not trace this data back to specific individuals.
In addition, the TRÍ building app offers the option of integrating further smart building functions via interfaces on the building platform. These functions are used by tenants or persons authorized by them (e.g., employees, suppliers, visitors—collectively referred to as “end users”) by downloading and installing various apps on their end device (mobile phone, PC). This can be done using third-party functionalities and apps. Use and scope of use are voluntary. The end users decide on this. Encore merely provides the IT requirements on the building platform. For this purpose, Encore processes personal master data of the contact persons employed by the tenants, such as first and last names and professional contact details (“master data”).
The tenants decide which functions they use and make available to their employees and/or visitors. We have no influence on which personal data tenants collect and process through the use of the TRÍ building app (“usage data”).
7.2 Purpose of data processing
The purpose of collecting and evaluating building data is to operate the building in an energy-efficient and sustainable manner. In addition, networked fault reports on specific building functions enable prompt repairs and thus continuous maintenance of the building. This also increases comfort for tenants. Overall, this data is used to provide functions such as control, monitoring, and automation to enable energy-efficient and secure building management.
We process master data exclusively for the purpose of providing the smart building functionalities requested by the respective end users.
The processing of usage data by tenants, in particular by their employees, visitors, and suppliers, is carried out under their own responsibility and decision in accordance with data protection law and for the purposes specified by them.
7.3 Legal basis
The legal basis for the processing of building data, insofar as it relates to individuals, is Art. 6 (1) lit. f) GDPR (balancing of interests). Our legitimate interest lies in operating the TRÍ building in a sustainable, energy-efficient, and cost-effective manner. Any personal data of users of the building is not available as clear data and would only be traceable to them with great effort. We do not carry out such an assignment.
The legal basis for the processing of master data for the provision of smart building functionalities is Art. 6 (1) lit. b) GDPR (performance of the rental agreement).
7.4 Duration of storage
We store the building data for as long as necessary for the above purposes. The storage of (historical) building data for the purpose of building optimization can be up to 10 years. However, the data required for this purpose is generally no longer personally identifiable.
We process the master data for as long as the purpose of the processing requires. If the tenant or end user stops using the smart building functions and/or the lease agreement is terminated, we delete the master data unless there are further storage obligations.
8. Your rights
Insofar as we process your personal data, you are a “data subject” within the meaning of the GDPR. As a data subject, you have the following rights vis-à-vis Encore. You can assert your rights by sending an informal notification to
Encore + Else S.à r.l.
34-38 Avenue de la Liberté
L-1930 Luxembourg
or by email to info@tri-munich.com.
You have the right to
• obtain information about the personal data we store about you (Art. 15 GDPR),
• request the correction (Art. 16 GDPR) of the personal data we store about you, if it is incorrect;
• to have your personal data deleted (Art. 17 GDPR) and/or
• to restrict the processing of your personal data (Art. 18 GDPR).
Furthermore, you are entitled to
• exercise your right to data portability (Art. 20 GDPR) and
• object to the processing of your personal data that we process on the basis of a legitimate interest (Art. 6 (1) (f) GDPR) (Art. 21 GDPR). If you exercise this right to object, we will no longer process your personal data unless we are legally obliged or entitled to continue processing it.
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement, if you consider that the processing of your personal data by us infringes the GDPR.
As of March 2025