Habyt GmbH and our affiliated subsidiaries (hereinafter jointly referred to as "the company", "we" or "us") take the protection of your personal data seriously and we would like to inform you at this point about the way in which your personal data is processed by us in the context of your visit to our website at www.habyt.com and with regard to booking our living offers..
The controller for the processing of your personal data within the meaning of Art. 4 (7) of the EU General Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR”) is:
Habyt GmbH
Gormannstr. 14
10119 Berlin
phone: +49 15737854920
hello@habyt.com
If you have any questions on the subject of data protection at our company our external data protection officer is available to you. You can reach him under the following e-mail:
datenschutz.hamburg@mazars.de
When you visit our website, a so-called log data record (so-called server log files) is stored temporarily and anonymously on our web server. This consists of:
The processing of log data serves statistical purposes and to improve the quality of our website, in particular the stability and security of the connection as well as purposes of identifying and tracing unauthorised access to the web server and other criminal offences.
The legal basis for the data processing is Art. 6 (1)(1)(f) GDPR. Our legitimate interests for the temporary storage of technical access data are to be able to provide you with a technically functional and user-friendly website and to be able to guarantee the security of our systems.
The recipients of the data are our hosting service providers.
Log file information is stored from the end of your website visit for a maximum of 30 days and is then deleted.
The data processing is necessary for the operation of our website. If you wish to object to data processing, you can do so by not visiting our website.
The provision of personal data is neither legally nor contractually required, but it is necessary for the functioning of our website.
We use cookies on our websites. Cookies are small text files that are assigned to the browser you are using and stored on your hard drive by means of a characteristic character string and through which certain information flows to the body that sets the cookie. Cookies cannot execute programs or transfer viruses to your computer and therefore cannot cause any damage. They serve to make the Internet offer as a whole more user-friendly and effective, i.e. more pleasant for you.
Cookies can contain data that make it possible to recognize the device used. In some cases, however, cookies only contain information on certain settings that cannot be related to a specific person. However, cookies cannot directly identify a user.
A distinction is made between session cookies, which are deleted as soon as you close your browser, and permanent cookies, which are stored beyond the individual session. With regard to their function, a distinction is made between cookies:
Any use of cookies that is not absolutely technically necessary constitutes data processing that is only permitted with your consent pursuant to Art. 6 (1) (1) (a) GDPR. This applies in particular to the use of advertising, targeting or sharing cookies. In addition, we will only share your personal data processed through cookies with third parties if you have given your consent to do so pursuant to Art. 6 (1) (1) (a) GDPR. In the following, we name the legal bases in connection with the respective service.
We only store your data for as long as it is required to fulfil the stated purposes. Afterwards, the cookies will be deleted.
The storage of information on a device used by you and the reading of this information takes place independently of the technology used for this purpose (cookies, object storage, pixels, web beacons, etc.) on the basis of your consent pursuant to Section 25 (1) TTDSG, which you declare by means of an opt-in. You can revoke your consent declared in this way at any time via the cookie settings.
Insofar as your consent pursuant to Art. 6 (1) (1) (a) GDPR constitutes the legal basis for the data processing, you have the right to withdraw your consent at any time. You can do this by deleting the cookies in your browser.
The provision of your personal data is neither legally nor contractually required. However, without the provision, the functionality of our website may not be guaranteed. In addition, it is possible that individual services or services will not be available.
This website uses the following analysis and tracking tools:
We use Google Optimize of the company Google Inc., respectively Google Ireland Limited [Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland; Tel: +353 1 543 1000, Fax: +353 1 686 5660, E-Mail: support-deutschland@google.com ("Google")] on our website.
Google Optimize is a support service of Google Analytics. The service enables us to test design variants of our web pages and determine their effect. Among other things, this serves the purpose of making new web designs, layouts, content and similar presentation options available to certain user groups on a test basis. The tests are evaluated by us via Universal Analytics or Google Analytics 4. The service thus provides us with information on how we can optimize our web offering.
Cookies are used to obtain the above information. These are text files that are stored on your device and allow an analysis of the use, by you visited websites. The following data is processed:
The storage of information on a device used by you and the reading of this information takes place independently of the technology used for this purpose (cookies, object storage, pixels, web beacons, etc.) on the basis of your consent pursuant to Section 25 (1) TTDSG, which you declare by means of an opt-in. You can revoke your consent declared in this way at any time via the cookie settings.
The legal basis for the processing is your consent pursuant to Art. 6 (1) (1) (a) GDPR, which you can withdraw at any time in the cookie settings.
Google deletes your personal data as soon as it is no longer needed for the processing purpose. Information stored in cookies is deleted after two years and 29 days at the latest.
The data transferred to Google LLC is predominantly stored on servers managed by Google Ireland Limited (Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland) in the European Economic Area (EEA). However, it cannot be ruled out that your personal data may also be stored on servers located outside the EEA in the USA. After the EU-US Privacy Shield has ceased to apply, atransfer of data to the USA can at best be based on standard contractual clauses and further guarantees issued by the EU Commission. Although the transfer of personal data is based on standard contractual clauses, this does not rule out the possibility that the U.S. security authorities, which have extensive powers, can access your personal data at any time and without any reason. This applies even if the servers are located in Europe. As a U.S. company, Google may also be required to transfer personal data of EU citizens to the U.S. security authorities that is located on servers in the EU or the EEA. There are no effective legal remedies available to you against this.
Click here to read Google's privacy policy
https://policies.google.com/privacy?hl=de
Click here to read Google's cookie policy
https://policies.google.com/technologies/cookies?hl=de
Click here to opt-out on all Google domains:
https://safety.google/privacy/privacy-controls/
We use Google Analytics 4 to analyze and improve the use of our website.
Google Analytics 4 is a web analytics and tracking service provided by Google LLC ("Google"). Google Analytics 4 may use so-called "cookies" if we activate the cookie function. In addition, Google Analytics 4 uses a standard anonymized user and client ID generated by our website or app as well as Google signals to identify users.
The anonymized user ID is assigned to a logged-in user after the user has been uniquely identified beforehand. With the help of the user ID, users can be identified regardless of the device they are using. For example, if users access the website or app via both smartphones and tablets, we can analyze the user paths using the user ID in a holistic overview of the data.
The client ID is a unique, randomly generated string that acts as a pseudo-anonymized identifier and anonymously identifies a browser instance. It is stored in the browser cookies so that subsequent calls to the same website can be assigned to the same user.
Google signals are session data from websites and apps that Google links to users who are logged into their Google account and have activated personalized advertising. Linking data to these logged-in users enables cross-device reporting, cross-device remarketing, and the export of cross-device usage results (known as "conversions") to Google Ads.
The data processed by Google Analytics 4 is personal data within the meaning of Art. 4 (1) GDPR. Google Analytics 4 collects personal data in the form of user characteristics and event data, among other things. The latter are automatically recorded events (user activities, number of sessions, clicks on ads, which ads are viewed, removal or deletion of credentials, crashes of websites or apps, completion or cancellation of subscriptions, clicks on links, scrolling behavior, ends of videos viewed, etc.), events optimized for analytics (number of sessions, clicks on ads, which ads are viewed, removal or deletion of credentials, crashes of websites or apps, completion or cancellation of subscriptions, clicks on links, scrolling behavior, ends of videos viewed, etc.), events optimized for analytics (page views, scrolls, actuation of external links, website searches, playing videos, file downloads, etc.), recommended (purchase process on the website, travel offers, games), and custom events (events that are neither automatically captured nor recommended). Session data is also collected, such as multiple page views, events (see above), social interactions, and e-commerce transactions.
User properties are attributes of the users who interact with your app or website. They are used to describe user segments such as language preference or geographic location. Some user properties are automatically logged in Google Analytics 4.
The information generated by the cookie, the user ID and Google signals about your use of this website is usually transmitted to a Google server in the USA and stored there. In case of activation of IP anonymization, your IP address will be shortened beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. Google uses this information to evaluate your use of the website, to compile reports on website activity, to make a forecast regarding your future web behavior and to provide other services to the website operator related to website and Internet use. User ID data collected in one website or app cannot be shared or combined with data from another website or app. Data about devices and activities from different sessions on a website or app, on the other hand, can be merged and combined using the User ID or Google signals. Collecting and combining the data is likely to create usage profiles about you.
The storage of information on a device used by you and the reading of this information takes place independently of the technology used for this purpose (cookies, object storage, pixels, web beacons, etc.) on the basis of your consent pursuant to Section 25 (1) TTDSG, which you declare by means of an opt-in. You can revoke your consent declared in this way at any time via the cookie settings.
The legal basis for the processing of data using Google Analytics 4 is your consent pursuant to Art. 6 (1) (a) GDPR.
You can withdraw your consent to the processing of your personal data through the use of Google Analytics 4 at any time by changing your cookie settings accordingly.
You may also refuse the use of cookies by selecting the appropriate settings on your browser, however, please note that if you do this you may not be able to use the full functionality of this website. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link:
tools.google.com/dlpage/gaoptout
You can prevent the collection of your data by Google Analytics by setting an opt-out cookie that will prevent the collection of your data during future visits to this website:
We use Google Analytics with the extension "_anonymizeIp()". This shortens the IP addresses (so-called IP masking).
Our website also uses other services that do not use cookies, but through other technologies, such as Javascript codes, web beacons, tags, other identifiers supported by AI-based technology that read data from or store data in visitors' devices.
On our website, we have integrated functions from Twitter in the form of a button (Twitter plug-ins). Twitter is both a short message service and a social media platform with blog-like functions of the company Twitter Inc, 1355 Market Street, Suite 900, San Francisco, CA 94103, USA with a branch office at One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland. On Twitter, users can exchange short messages or upload text, image or video content and make it visible to an unspecified number of users.
The integration of Twitter functions serves the purpose of offering our services via various channels and communicating with our customers or interested parties.
Cookies are set via Twitter buttons or widgets integrated into websites as soon as you activate the functions. Through the use of cookies, it is possible for Twitter to record your visits to these websites and assign them to your Twitter profile. The following data is collected:
This data is evaluated in particular (also for users who are not logged in) for the display of tailored advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact the respective plug-in provider to exercise this right. The data transfer takes place regardless of whether you have an account with the plug-in provider and are logged in there. If you are logged in to the plug-in provider, your data collected from us will be directly assigned to your existing account with the plug-in provider. If you click the activated button and link to the page, for example, the plug-in provider also saves this information in your user account and shares it publicly with your contacts.
The storage of information on a device used by you and the reading of this information takes place independently of the technology used for this purpose (cookies, object storage, pixels, web beacons, etc.) on the basis of your consent pursuant to Section 25 (1) TTDSG, which you declare by means of an opt-in. You can revoke your consent declared in this way at any time via the cookie settings.
The legal basis for the use of the Twitter plug-in is your consent pursuant to Art. 6 (1) (a) GDPR, which you can withdraw at any time in the cookie settings.
Information about this and the available setting options can be found on the following Twitter support pages:
https://help.twitter.com/de/using-twitter/tailored-suggestions
https://help.twitter.com/de/rules-and-policies/twitter-cookies
Twitter shares your personal data with its processors and third-party service providers that are located outside the European Economic Area ("EEA"), where they set their own cookies, such as Google LLC. These providers process the personal data obtained in this way for their own purposes, e.g. analysis and marketing as well as your usage behavior on external and their own websites. Profiling is also not excluded.
The personal data collected from you and from third-party providers is transmitted to servers managed by Twitter, most of which are located in the USA. Following the discontinuation of the EU-US Privacy Shield, a transfer of data to the USA can at best be based on standard contractual clauses issued by the EU Commission and further guarantees. Although the transfer of personal data is based on standard contractual clauses, this does not rule out the possibility that the U.S. security authorities, which have extensive powers, can access your personal data at any time and without any reason. This applies even if the servers are located in Europe. There are no effective legal remedies available to you against this.
The data collected via our website will be deleted, summarized or otherwise obscured by Twitter after a maximum of 30 days. Twitter may store your personal data until it is no longer useful to the company or there is a legal deadline for deletion.
Our website uses so-called social plugins ("plugins") of the social network Facebook, which is operated by Meta Platforms Inc, 1601 S. California Ave, Palo Alto, CA 94304, USA ("Facebook"). The plugins are marked with a Facebook logo. An overview of the Facebook plug-ins and their appearance can be found here: https://developers.facebook.com/docs/plugins.
When you call up a page of our website that contains such a plug-in, your browser establishes a direct connection to Facebook's servers via cookies stored on your device. The content of the plug-in is transmitted by Facebook directly to your browser and integrated into the page. Through this integration, Facebook receives the information that your browser has accessed the corresponding page of our website, even if you do not have a Facebook profile or are not currently logged into Facebook. This information (including your IP address) is transmitted by your browser directly to a Facebook server in the USA and stored there. If you are logged in to Facebook, Facebook can directly assign your visit to our website to your Facebook profile. If you interact with the plugins, for example by clicking the "Like" button or posting a comment, this information is also transmitted directly to a Facebook server and stored there. The information is also published on your Facebook profile and displayed to your Facebook friends.
The purpose and scope of the data collection as well as the further processing and use of the data by Facebook as well as your rights in this regard and setting options for protecting your privacy can be found in Facebook's privacy policy: http://www.facebook.com/policy.php. If you do not want Facebook to directly assign the data collected via our website to your Facebook profile, you must log out of Facebook before visiting our website. You can also completely prevent the loading of Facebook plugins with add-ons for your browser, e.g.\for
for Mozilla Firefox: https://addons.mozilla.org/de/firefox/addon/facebook-blocker/
for Opera: https://addons.opera.com/de/extensions/details/facebook-blocker/?display=en
for Chrome: https://chrome.google.com/webstore/detail/facebook-blocker/chlhacbfddknadmnmjmkdobipdpjakmc?hl=de
The storage of information on a device used by you and the reading of this information takes place independently of the technology used for this purpose (cookies, object storage, pixels, web beacons, etc.) on the basis of your consent pursuant to Section 25 (1) TTDSG, which you declare by means of an opt-in. You can revoke your consent declared in this way at any time via the cookie settings.
The legal basis is your consent pursuant to Art. 6 (1) (a) GDPR, which you can withdraw at any time in our cookie settings.
There is no legal obligation to provide your data. If you refrain from doing so, you cannot share our content directly via the share buttons.
On our website, we use the Facebook pixel from Facebook (from Meta Platforms Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA, with another branch: Meta Platforms Ireland Limited 4 Grand Canal Square, Grand Canal Harbour, Dublin, D02, Ireland). For this purpose, we have inserted a code on our website. This is a JavaScript code (pixel) that enables certain functions on the page. If you have come to our website via Facebook ads, Facebook can track your usage actions via the Facebook pixel. For example, if you purchase a product on a website, the Facebook pixel is triggered and stores your actions on the website in one or more cookies. The following data is collected in the process:
If you have a Facebook account, it is possible for Facebook to match the data with your Facebook account data. This data collected via Facebook pixel is anonymous for us and only becomes usable for us when we want to place advertisements. If you are logged in as a Facebook user when you call up our website, your visit to our website will be assigned to your Facebook account.
The purpose of using the Facebook pixel is to better tailor our advertising measures to your wishes and interests. This enables us to show you personalized advertising. Facebook collects your data for the purpose of data analysis and tracking as well as to implement its own advertising measures.
The storage of information on a device used by you and the reading of this information takes place independently of the technology used for this purpose (cookies, object storage, pixels, web beacons, etc.) on the basis of your consent pursuant to Section 25 (1) TTDSG, which you declare by means of an opt-in. You can revoke your consent declared in this way at any time via the cookie settings.
The legal basis is your consent pursuant to Art. 6 (1) (a) GDPR, which you can withdraw at any time in our cookie settings.
There is no legal obligation to provide your data. If you refrain from doing so, you cannot share our content directly via the share buttons.
The data processed via the Facebook pixel is partly stored on servers in the European Economic Area ("EEA"). However, the data also reaches servers managed by Meta Platforms in the USA. Following the discontinuation of the EU-US Privacy Shield, a transfer of data to the USA can at best be based on standard contractual clauses issued by the EU Commission and further guarantees. It is true that the transfer of personal data is based on standard contractual clauses under which Meta Platforms undertakes to process personal data in accordance with European data protection standards. However, this does not exclude the possibility that the U.S. security authorities, which are equipped with comprehensive powers, may access your personal data at any time and without any reason. This applies even if the servers are located in Europe. As a U.S. company, Meta Platforms may also be required to transfer personal data of EU citizens to the U.S. security authorities that is located on servers in the EEA. There are no effective legal remedies available to you against this.
Meta Platforms will delete your personal data after 720 days at the latest.
You can get more information about the processing here: https://www.facebook.com/legal/terms/dataprocessing
General information about Facebook's privacy policy can be obtained here: https://www.facebook.com/policy.php
Our website uses so-called social plugins ("plugins") from Instagram, which is operated by Instagram LLC., 1601 Willow Road, Menlo Park, CA 94025, USA ("Instagram"). The plugins are marked with an Instagram logo, for example in the form of an "Instagram camera". An overview of the Instagram plug-ins and their appearance can be found here: http://blog.instagram.com/post/36222022872/introducing-instagram-badges. When you call up a page of our website that contains such a plugin, your browser establishes a direct connection to the servers of Instagram. The content of the plugin is transmitted by Instagram directly to your browser and integrated into the page. Through this integration, Instagram receives the information that your browser has called up the corresponding page of our website, even if you do not have an Instagram profile or are not currently logged in to Instagram. This information (including your IP address) is transmitted by your browser via cookies directly to a server of Instagram and stored there. If you are logged in to Instagram, Instagram can directly assign your visit to our website to your Instagram account. If you interact with the plugins, for example by clicking the "Instagram" button, this information is also transmitted directly to an Instagram server and stored there. The information is also published on your Instagram account and displayed there to your contacts. Instagram processes your personal data for analysis and marketing purposes. Your usage behavior is also evaluated by Instagram.
The storage of information on a device used by you and the reading of this information takes place independently of the technology used for this purpose (cookies, object storage, pixels, web beacons, etc.) on the basis of your consent pursuant to Section 25 (1) TTDSG, which you declare by means of an opt-in. You can revoke your consent declared in this way at any time via the cookie settings.
The legal basis is your consent pursuant to Art. 6 (1) (a) GDPR, which you can withdraw at any time in the cookie settings.
There is no legal obligation to provide your data. If you refrain from doing so, you cannot share our content directly via the share buttons.
The data processed via the Instagram plug-in is stored on servers managed by Meta Platforms in the USA. After the discontinuation of the EU-US Privacy Shield, a transfer of data to the USA can at best be based on standard contractual clauses issued by the EU Commission and further guarantees. It is true that the transfer of personal data is based on standard contractual clauses under which Meta Platforms undertakes to process personal data in accordance with European data protection standards. However, this does not exclude the possibility that the U.S. security authorities, which are equipped with comprehensive powers, may access your personal data at any time and without any reason. This applies even if the servers are located in Europe. As a U.S. company, Meta Platforms may also be required to transfer personal data of EU citizens to the U.S. security authorities that is located on servers in the EEA. There are no effective legal remedies available to you against this.
You can find further data protection information from Instagram here: https://help.instagram.com/155833707900388/.
If you do not want Instagram to directly assign the data collected via our website to your Instagram account, you must log out of Instagram before visiting our website. You can also completely prevent the loading of Instagram plugins with add-ons for your browser, e.g. with the script blocker "NoScript" (http://noscript.net/).
Instagram deletes or anonymizes your data after 90 days at the latest.
When using our contact form, the data transmitted through it are processed (e.g. gender, surname and first name, address, company, email address and the time of transmission).
If the purpose of the contact is to conclude a contract or to ask about an existing contract, the legal basis is Art. 6 (1) (1) (b) GDPR. Otherwise, the data is processed for the purpose of handling your enquiry. In this case, the legal basis of the processing is Art. 6 (1) (1) (f) GDPR.
Insofar as the processing of personal data is based on Art. 6 (1) (1) (f) GDPR, the aforementioned purposes also represent our legitimate interests.
Your data will only be processed for as long as necessary to achieve the processing purposes mentioned above.
Third parties engaged by us will store your data on their system for as long as it is necessary in connection with the provision of the services for us in accordance with the respective order.
There is no legal obligation to provide your data. However, if you do not provide us with your data, it will not be possible to contact you.
We host our website on Amazon Web Services (Amazon Web Services, Inc., 410 Terry Avenue North, Seattle WA 98109, USA, represented by Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, L-1855 Luxembourg).
When you visit our website, your personal data is processed on AWS servers.
The data is stored on servers managed by AWS in the EU or EEA. However, it should be noted that AWS is a US company. Therefore, it cannot be ruled out that your personal data will also be stored on servers located outside the EEA in the US. As a US company, AWS may also be obliged to transfer personal data of EU citizens to the US security authorities which is stored on servers in the EU or the EEA. There are no effective legal measures available to you for this.
AWS acts as a processor for us on a contractual basis and processes the data based on our documented instructions. AWS is integrated by us in a data protection compliant manner in accordance with Art. 28 GDPR.
Further information can be found in the AWS privacy policy: Datenschutzhinweis (amazon.com)
You have the possibility to subscribe to our newsletter on our website, which informs you about Habyt’s latest news, updates, current offers and special promotions.
We use the double-opt-in procedure to register for our newsletter. After you have registered for the newsletter, you will receive an e-mail to the e-mail address provided, in which we ask you to confirm the subscription and to confirm that you are the owner of the corresponding e-mail address. The link provided is valid for 24 hours. If we do not receive a confirmation from you within this time, we will block your information and delete it after one month. When you confirm your e-mail address, we store your IP address and the time of registration and confirmation in order to be able to prove your registration and to clarify possible misuse of your personal data.
In order to send the newsletter, we need your e-mail address as well as first and last name, which we store for this purpose. The legal basis for the data processing is your consent pursuant to Art. 6 (1) (1) (a) GDPR.
We store your data until you withdraw your consent. You can withdraw your consent by clicking on the link provided in every newsletter e-mail, by e-mail to hello@habyt.com or by sending a message to the contact details published in the imprint.
There is no legal obligation to provide your data. However, if you do not provide us with your e-mail address, it will not be possible to subscribe to the newsletter.
We process personal data when you book our living offers.
You can contact us via our website using the e-mail address and telephone number provided by us. If you make use of this option, your personal data transmitted by e-mail or in a telephone call will be processed.
The data processing serves the purpose of processing your enquiry.
If the contact is aimed at the conclusion of a contract, or if it is about an existing contract with you, Art. 6 para. 1 p. 1 lit. b GDPR is the legal basis for the processing.
In other cases, the legal basis for the processing of personal data relating to you is Art. 6 para. 1 p. 1 lit. f GDPR. The legitimate interest results from the necessity of processing your data in order to be able to answer your enquiry.
In the course of processing your enquiry, your data will be transferred to our IT service providers as well as to the relevant employees who process your enquiry.
We only store your data for as long as it is necessary for the purpose, i.e. until we have completely answered your enquiry.
There is no legal obligation to provide your personal data. However, if you do not wish to provide us with your data, it will not be possible to contact you.
If you have any questions about our Living offers, you can also contact us via the "Get in touch" button. If you make use of this option, the personal data you enter in the contact form will be processed by us. This includes the following necessary data:
The data is processed for the purpose of handling your enquiry.
If the purpose of contacting you is to conclude a contract, or if it is about an existing contract with you, Art. 6 para. 1 p. 1 lit. b DSGVO is the legal basis for the processing.
In other cases, the legal basis for the processing of personal data relating to you is Art. 6 para. 1 p. 1 lit. f GDPR. The legitimate interest results from the necessity of processing your data in order to be able to answer your enquiry.
In the course of processing your enquiry, your data will be transferred to our IT service providers as well as to the relevant employees who process your enquiry.
We only store your data for as long as is necessary for the purpose, i.e. until we have completely answered your enquiry. The data is then deleted unless we need it to fulfil legal obligations.
There is no legal obligation to provide your personal data. However, if you do not wish to provide us with your data, it is not possible to contact you.
You have the option of registering for our login area and creating a profile in order to be able to use the full range of functions of our living offers. The following data is collected in connection with registration:
We need the data for the purpose of completing the registration.
The legal basis for the processing is Art. 6 para. 1 p. 1 lit. b GDPR.
Furthermore, your internet service provider (ISP) will store the assigned IP address, the date and time of your registration. We do this because, if necessary, this data enables us to investigate criminal offences that have been committed, so that misuse of our services can be prevented. The legal basis for the processing is Art. 6 para. 1 p. 1 lit. f GDPR.
In the course of processing your request, your data will be transmitted to our IT service providers and to the relevant employees who process your request.
We only store your data for as long as it is necessary for the purpose, i.e. until your profile is deleted. The data will then be deleted unless we need it to fulfil legal obligations.
There is no legal obligation to provide your personal data. However, if you do not wish to provide us with your data, registration is not possible.
We use the Salesforce service of the company salesforce.com Inc, The Landmark @ One Market Street, Suite 300, San Francisco, California 94105, USA, represented by Salesforce.com Germany GmbH, Erika-Mann-Str. 63, 80636 Munich, Germany. This is a service for our customer relationship management (CRM). Among other things, this service enables us to better manage our existing and potential customer relationships and to optimise sales and communication. In addition, the use of Salesforce enables us to analyse the administrative processes in our customer relationships.
When you provide us with personal data, such as when registering, booking or filling in other online forms, we process this data in the Salesforce CRM system by storing this data on the Salesforce Marketing Cloud and linking it to a Salesforce ID.
The data is stored on Salesforce managed servers in the EU or EEA. However, it should be noted that Salesforce is a US company. Therefore, it cannot be ruled out that your personal data will also be stored on servers located outside the EEA in the US. As a US company, Salesforce may also be obliged to transfer personal data of EU citizens to the US security authorities which is stored on servers in the EU or the EEA. There are no effective legal measures available to you for this.
The storage of information on a device used by you and the reading of this information takes place independently of the technology used for this purpose (cookies, object storage, pixels, web beacons, etc.) on the basis of your consent pursuant to Section 25 (1) TTDSG, which you declare by means of an opt-in. You can revoke your consent declared in this way at any time via the cookie settings.
If you transmit your personal data to us, this is done on the basis of your consent pursuant to Art. 6 para. 1 p. 1 lit. a GDPR, which you declare by placing a tick (opt-in) in a checkbox. You can revoke your consent at any time by accessing the cookie settings.
Salesforce acts as a processor for us on a contractual basis and processes the data on the basis of our documented instructions. Salesforce is integrated by us in a data protection-compliant manner in accordance with Art. 28 GDPR.
Further information can be found in the salesforce data protection declaration: Datenschutzerklärung - Salesforce
If you would like to book one of our living offers, we need the following additional information from you:
We need this data to process the contract.
The legal basis for the processing is Art. 6 para. 1 p. 1 lit. b DSGVO.
In the course of processing your enquiry, your data will be transferred to our IT service providers as well as to the relevant employees who process your enquiry.
We only store your data for as long as it is necessary for the purpose, i.e. until the end of the tenancy. The data is then deleted unless we need it to fulfil legal obligations.
There is no legal obligation to provide your personal data. However, if you do not wish to provide us with your data, a booking is not possible.
We use the Eversign service of the company Stack Holdings GmbH (Elisabehtstraße 15/5A+B, 1010 Vienna, Austria). This is a service that enables us to have all required documents digitally and legally signed.
Eversign acts as a processor for us on a contractual basis and processes the data on the basis of our documented instructions. Eversign is integrated by us in a data protection compliant manner in accordance with Art. 28 DSGVO.
For further information, please refer to the Eversign privacy policy: Privacy Policy - eversign
You can pay either by SEPA direct debit or by credit card.
a) Direct debit as payment method
If you pay by SEPA direct debit, the following data will be collected:
The data is processed for the purpose of executing the contract.
The legal basis for the processing is Art. 6 para. 1 p. 1 lit. b GDPR.
We only store your data for as long as it is necessary for the purpose, i.e. until the payment has been completed. The data is then deleted unless we need it to fulfil legal obligations.
To process your payment, we use the Payments platform of the company Stripe, Inc.(354 Oyster Point Boulevard, South San Francisco, California, 94080, USA). You can find the data protection information of Stripe under the following link: https://stripe.com/de/privacy.
b) Credit card as payment method
If you pay by credit card, the following data will be collected:
The data is processed for the purpose of executing the contract.
The legal basis for the processing is Art. 6 para. 1 p. 1 lit. b GDPR.
We only store your data for as long as is necessary for the purpose, i.e. until the payment has been completed. The data is then deleted unless we need it to fulfil legal obligations.
To process your payment, we use the Payments platform of the company Stripe, Inc. (354 Oyster Point Boulevard, South San Francisco, California, 94080, USA). For customers within the EU, Stripe Payments Europe (Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland) is the controller. For this purpose, the data required for the payment process is forwarded to Stripe and stored by Stripe.
Stripe is a global company and the data may be stored in any country in which Stripe operates. Stripe is a US company, so it cannot be ruled out that your personal data may also be stored on servers located outside the EEA, e.g. in the USA. As a US company, Stripe may also be obliged to transfer personal data of EU citizens to the US security authorities, which is stored on servers in the EU or the EEA. There are no effective legal measures available to you for this.
The storage of information on a device used by you by Stripe and the reading of this information takes place independently of the technology used for this purpose (cookies, object storage, pixels, web beacons, etc.) on the basis of your consent pursuant to Section 25 (1) TTDSG, which you declare by means of an opt-in. You can revoke your consent declared in this way at any time via the cookie settings.
If you transmit your personal data to us, this is done on the basis of your express consent pursuant to Art. 6 para. 1 p. 1 lit. a DSGVO, which you declare by placing a tick (opt-in) in a checkbox. You can revoke your consent at any time by accessing the cookie settings.
Stripe acts as a processor for us on a contractual basis and processes the data on the basis of our documented instructions. Stripe is integrated by us in a data protection compliant manner in accordance with Art. 28 DSGVO.
You can find the data protection information of Stripe under the following link: https://stripe.com/de/privacy.
The following categories of recipients, which are usually processors may receive access to your personal data:
In addition, we will only share your personal data with third parties if you have given your consent to do so in accordance with Art. 6 para. 1 p. 1 lit. a GDPR.
For the processing operations carried out by us, we indicate in each case how long the data will be stored by us and when it will be deleted or blocked. If no explicit retention period is specified, your personal data will be deleted or blocked as soon as the purpose or legal basis for the storage no longer applies. In principle, your data will only be stored on our servers in Germany, subject to any transfer that may take place that will be specified elsewhere.
However, storage may take place beyond the specified time in the event of a (threatened) legal dispute with you or other legal proceedings, or if storage is required by legal regulations to which we are subject as the responsible party [e.g. § 257 German Commercial Code (HGB), § 147 German Tax Code (AO)]. If the storage period prescribed by the statutory provisions expires, the personal data will be blocked or deleted unless further storage by us is necessary and there is a legal basis for this.
We use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction, or against unauthorized access by third parties (e.g., TSL encryption for our website), taking into account the state of the art, implementation costs, and the nature, scope, context, and purpose of the processing, as well as the existing risks of a data breach (including its probability and impact) for the data subject. Our security measures are continuously improved in line with technological developments.
We use external domestic and foreign service providers (e.g. for IT, logistics, telecommunications, sales and marketing) to process our business transactions. They will only act on our instructions and have been contractually obligated to comply with the data protection provisions in accordance with Art. 28 GDPR.
If personal data from you is passed on by us to our subsidiaries or is passed on to us by our subsidiaries (e.g. for advertising purposes), this is done on the basis of existing processing relationships.
In the course of our business relationships, your personal data may be transferred or disclosed to third party companies. These may also be located outside the European Economic Area (EEA), i.e. in third countries. Such processing is carried out exclusively for the fulfillment of contractual and business obligations and to maintain your business relationship with us. We will inform you about the respective details of the transfer at the relevant points.
Some third countries are certified by the European Commission through so-called adequacy decisions to have data protection comparable to the EEA standard (a list of these countries as well as a copy of the adequacy decisions can be found here: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en). However, in other third countries to which personal data may be transferred, there may not be a consistently high level of data protection due to a lack of legal provisions. If this is the case, we ensure that data protection is adequately guaranteed. This is possible via binding company regulations, standard contractual clauses of the European Commission for the protection of personal data, certificates or recognized codes of conduct. With regard to the individual services, we will inform you at the appropriate point about the requirements for data transfer to third countries.
We do not ourselves intend to use any personal data collected from you for any automated decision-making process (including profiling).
We do not make the conclusion of contracts with us dependent on you providing us with personal data in advance. As a customer, you are under no legal or contractual obligation to provide us with your personal data; however, we may only be able to provide certain services to a limited extent or not at all if you do not provide the necessary data. If this should exceptionally be the case in the context of the products we offer, you will be informed of this separately.
We may be subject to a specific legal or statutory obligation to provide lawfully processed personal data to third parties, in particular public bodies (Art. 6 (1) (1) (c) GDPR).
You may assert your rights as a data subject regarding your processed personal data at any time by contacting us using the contact details provided at the beginning. As a data subject, you have the right:
Due to changes in legal or official requirements as well as the further development of technical standards and our offer, adjustments to this privacy policy may be necessary, which is why it is regularly reviewed to determine whether it needs to be adapted. The privacy policy can therefore be changed at any time with effect for the future.
This privacy policy is last updated in April 2022.
