Privacy policy

Dear Ladies and Gentlemen,

Thank you for your interest in Wunderflats GmbH and your visit to our website https://wunderflats.com/. In the following data protection declaration, we would like to inform you comprehensively about the data processing that is carried out on the specified website.

1. General information

The term "personal data" means, with reference to the definition of Art. 4 No. 1 of Regulation (EU) 2016/679 (hereinafter referred to as the "General Data Protection Regulation" or "GDPR" for short), all data that can be related to you personally. This includes, for example, your name, address, email address and user behavior. With regard to the other terms, in particular the terms "processing", "controller", "processor" and "consent", we refer to the statutory data protection definitions in Art. 4 GDPR.

We only process personal data insofar as this is necessary to provide a functional website and the content and services we offer. The processing of personal data only takes place regularly if you have given us your consent within the meaning of Art. 6 para. 1 lit. a) GDPR or if the processing is permitted by legal regulations, in particular by one of the legal bases mentioned in Art. 6 para. 1 lit. b) to lit. f) GDPR.

2. Controller

The controller within the meaning of Art. 4 No. 7 GDPR, the other data protection laws applicable in the Member States of the European Union and other provisions and regulations of a data protection nature is

Wunderflats GmbH
legally represented by Jan Hase, Arkadi Jampolski
Rosenstrasse 16
10178 Berlin
E-Mail: admin@wunderflats.com

Further details about the controller can be found in our legal notice.

3. Processing of personal data when using our website for information purposes

If you visit our website without registering or otherwise providing us with information ("informational use"), we collect personal data that your web browser transmits to our server. If you wish to view our website, we collect the following data, which is technically necessary for us to enable you to view our website and to ensure stability and security:

IP address
Date and time of the request
Time zone difference to GMT
Content of the website
Access status (HTTP status)
Amount of data transferred
Website from which you accessed our website
Web-Browser
operating system
Language and version of the browser

The aforementioned data is also stored in log files on our servers. This data is not stored together with your other personal data.

The collection and temporary storage of the IP address is necessary to enable the delivery of our website to your end device. For this purpose, your IP address must be stored for the duration of your visit to our website. The storage of the above-mentioned data in log files serves to ensure the functionality and optimization of our website and to ensure the security of our information technology systems. This data is not analyzed for marketing purposes.

The legal basis for this processing is Art. 6 para. 1 lit. b) GDPR, insofar as the page view occurs in the course of the initiation or execution of a contract, and otherwise Art. 6 para. 1 lit. f) GDPR due to our legitimate interest in enabling website access and the permanent functionality and security of our systems.

The above data for the provision of our website is stored in log files for 30 days and then deleted. The collection of the above data for the provision of our website and the storage of this data in log files is absolutely necessary for the operation of our website.

Further data processing when using our website is described in the following sections. The use of cookies and similar technologies is explained in sections 5 to 9.

4. Further functions and offers of our website

In addition to the informational use of our website described above, we offer various services that you can use if you are interested. This generally requires the provision of further personal data. We require this data to provide the respective service. The above data processing principles apply.

In some cases, we use external service providers who have been carefully selected and commissioned by us to process this data. These service providers are bound by our instructions and are regularly monitored by us. Insofar as personal data is passed on to third parties in the course of services that we offer together with partners, you can find more detailed information in the following descriptions of the individual services. Further information on this can be found in section 11. If these third parties are based in a country outside the European Union, you can find more detailed information on the consequences of this circumstance in the following descriptions of the individual services. Please also refer to section 12.

a) Making contact

If you contact us by e-mail, the personal data you send us with your e-mail will be stored. We also have a contact form on our website that you can use to contact us. The data you enter in the input mask will be transmitted to us and stored:

Salutation
First name
Surname
E-mail address
Telephone number
Content of your request

If we do not use a third-party provider named below to provide the contact function, the data will not be passed on to third parties. We also record your IP address and the time of sending.

Purpose of the processing:
The processing of the above personal data serves solely to process your inquiries. The processing of other personal data that is generated through the use of the contact form on our website serves to prevent misuse and to ensure the security of our information technology systems.

Legal basis:
Insofar as the processing is necessary to fulfill a contract with you or to carry out pre-contractual measures, the legal basis is Art. 6 para. 1 lit. b) GDPR. Otherwise, the legal basis for processing is our legitimate interest in answering or processing your request, Art. 6 para. 1 lit. f) GDPR.

Duration of processing:
The data will be deleted as soon as we have finally processed your request, unless they must be retained due to contractual obligations, statutory retention periods or for evidence purposes.

b) Registration

To use additional functions of our website, we offer the option of registering by providing personal data. The data is entered into an input mask and transmitted to us and stored. The mandatory information requested during registration is marked accordingly and must be provided in full. Otherwise, we will reject the registration. The following data in particular is collected as part of the registration process:

Salutation
First name
Surname
E-mail address
Password

Mandatory fields are highlighted accordingly. At the time of registration, the IP address and the date and time of registration are also stored.

You also have the option of registering with your Google, Facebook, LinkedIn or Apple account. If you register with one of these accounts, please refer to the information in section 7 a) with regard to the data processing that takes place.

Purpose of the processing:
Registration is required for the provision of certain content and services on our website. We use the data entered for the purpose of using the respective offer or service or to provide the services for which you have registered. In the event of important changes to our offers, services or benefits, for example regarding the scope of the offer or in the event of technically necessary changes, we will use the e-mail address provided during registration to inform you of this.

Legal basis:
The legal basis for processing the data required for registration is Art. 6 para. 1 lit. b) GDPR. For all other data, the legal basis is our legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR to enable you to customize, adapt and change your account, or your consent pursuant to Art. 6 para. 1 lit. a) GDPR, insofar as you have given us this.

Duration of processing:
The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. This is the case if the registration on our website is canceled or modified. You have the option of canceling your registration at any time. You can have the data stored about you changed at any time. Statutory retention periods remain unaffected.

c) Booking request

As soon as you request the booking of an apartment, we process the following data in addition to the data mentioned under b):

Information about the requested rental property (e.g. location, monthly rental price, number of beds and rooms)*
Period of the desired booking*
Request for extension option
Name of the main tenant*
Name of the adults moving in
Number of adults moving in*
Number of children moving in
Number and type of pets moving in
Reason for stay (e.g. temporary work assignment away from home)*
Further information on residence (e.g. employer, job title, more detailed explanation of reason for residence)
Information about who pays the rent*
Your telephone number

This data is summarized below as "booking data". Mandatory information is marked with an asterisk (*). At the time of filling out and sending the booking request, the IP address and time of registration are also stored.

You are neither legally nor contractually obliged to provide us with the booking data. However, we cannot process your booking request without the data we have marked as mandatory.

Purpose of processing:
The booking data is processed in order to forward the booking request to a potential landlord and to provide this information for a decision on the request.

In addition, the booking data may be processed for the assertion and defense of legal claims.

Legal basis:
The legal basis for the processing of the mandatory data is the initiation of a contract, pursuant to Art. 6 para. 1 lit. b) GDPR. For all other booking data, the legal basis is our legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR or the legitimate interest of a third party. The landlord has a legitimate interest in making as informed a decision as possible about potential tenants. We have a legitimate interest in processing your telephone number in order to be able to offer customer-friendly and customer-specific support.

Insofar as the booking data is processed for the defense or exercise of legal claims, the legal basis is our legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR in being able to defend ourselves against claims or to assert claims.

Duration of processing:
The booking data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. If the booking does not materialize, the data will be deleted after 3 years, starting at the end of the year in which the booking did not materialize. If the booking data is processed for the assertion and defense of legal claims, it will be deleted after the final conclusion of the legal dispute, whereby enforceable titles can be stored for up to 30 years. If the booking is made, the above-mentioned data will be deleted in accordance with the information in the section "Making a booking".

d) Authentication

As part of the booking process, it is important for us and the landlords that users and potential tenants identify themselves. We therefore ask you to authenticate yourself immediately before completing a booking. However, you can voluntarily decide to carry out authentication at an earlier stage in order to save time at a later stage. As part of the authentication process, you will be asked to hold your ID card up to the camera and

take a photo of the front of your ID document,
take a photo of your face (selfie).

The recordings are made via your camera directly during the authentication process. The data is then analyzed by our service provider. However, only data that is required for identity verification is processed. This includes in particular the first name and surname, date of birth and the period of validity of the ID card. Other data is neither used nor stored by our service provider for the purpose of verification unless it is required for verification.

You are neither legally nor contractually obliged to provide us with the aforementioned data. Without this data, however, authentication is not possible, so we cannot process your booking request.

Purpose of the processing:
The data is processed for the purpose of fraud prevention, the prevention of identity fraud. In addition, the data may be processed for the assertion and defense of legal claims.

Legal basis:
The processing is based on the legitimate interest of the controller or a third party, pursuant to Art. 6 para. 1 lit. f) GDPR. The landlord and we have a legitimate interest in preventing cases of fraud, including cases of identity fraud.

Insofar as the data is processed for the defense or exercise of legal claims, the legal basis is our legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR in being able to defend ourselves against claims or assert claims accordingly.

Duration of processing:
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. Photos of the ID card or face are deleted immediately after authentication has been completed.

If the data is processed for the assertion and defense of legal claims, it will be deleted after the final conclusion of the legal dispute, whereby enforceable titles can be stored for up to 30 years.

Integration of Veriff
We use a service provider to carry out authentication. For this purpose, we use the services of Veriff OÜ, Niine 11, 104014 Tallinn, Estonia ("Veriff"). This serves to prevent fraud, prevent identity fraud and verify the identity of users on our platform. Veriff also uses AI for this. There is also the option of verifying the address or age.

You can find Veriff's privacy policy at: https://www.veriff.com/privacy-notice.

e) Carrying out the booking

If an apartment is booked, the following data will be requested in addition to the booking data

Bank statement
Proof of salary (optional)
Proof of enrollment (for reason for stay: "temporary study visit" or "internship") - (optional)
Confirmation of project assignment (for reason for stay: "temporary work assignment away from home" or "vocational training") - (optional)

Please note:
You can voluntarily decide to provide us with the above data at an earlier stage to save yourself time at a later stage.

Data that is not required to prove your creditworthiness (e.g. sensitive bank transfers) should be blacked out in order to protect your data and any data from third parties.

Information on payment processing in connection with bookings via our platform can be found in the "Payment processing" section.

You are neither legally nor contractually obliged to provide us with this data. Without this data, we cannot verify your creditworthiness and therefore cannot complete your booking requests.

Purpose of processing:
Making a booking via our platform, checking creditworthiness and confirming the information provided in the booking request. In addition, the data may be processed for the assertion and defense of legal claims.

Legal basis:
The legal basis for this processing is Art. 6 para. 1 lit. b) GDPR, insofar as this is absolutely necessary for the fulfillment of the contract. Otherwise, the legal basis is our legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR or the legitimate interest of a third party. The landlord and we have a legitimate interest in properly checking the creditworthiness of tenants, as well as checking the requirements for rentals for temporary use that are in line with the intended purpose.

Duration of processing:
The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. Account statements and salary statements are deleted after 30 days. If the data is processed for the assertion and defense of legal claims, it will be deleted after the final conclusion of the legal dispute, whereby enforceable titles can be stored for up to 30 years.

f) Payment processing

We also process the following data as part of payment processing:

Payment data (e.g. E-Mail address for payment via PayPal)
Bank details (e.g. name of the account holder, IBAN)
Credit card data

If you wish to make your payments for bookings by credit card, you must enter your credit card details on our website or in our application. The credit card details you enter are not stored by us, but by our payment service provider in a certified infrastructure that meets the high security standards of the Payment Card Industry (PCI). We only manage a so-called credit card alias, which is linked to the credit card data at the payment service provider.

You are neither legally nor contractually obliged to provide us with this data. Without this data, however, it is not possible for us to process your payment, meaning that your booking cannot be made.

Purposes of processing:
To process the payment of the service fee for the corresponding bookings and to transmit the payment data as part of the booking process.

In addition, the data may be processed for the assertion and defense of legal claims.

Legal basis:
The legal basis for this processing is Art. 6 para. 1 lit. b) GDPR.

Duration of processing:
The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. Data that is subject to statutory retention periods is stored in accordance with the relevant retention regulations and then deleted.

If the data is processed for the assertion and defense of legal claims, it will be deleted after the conclusion of the legal dispute, whereby enforceable titles can be stored for up to 30 years.

a) What cookies and similar technologies do we use?

We use cookies and similar technologies (collectively referred to as "tools") on our website.

Cookies are small text files that are stored on the storage medium of your end device, for example on a hard disk. The information contained in the cookie can be read by us, for example with the help of JavaScript. Cookies cannot execute programs or transfer viruses to your end device. This website uses the following types of tools, the scope and function of which are explained below.

Cookies that are stored in your web browser:

Transient cookies: These cookies are automatically deleted when you close your web browser. These include session cookies in particular. These store, for example, a so-called session ID, which can be used to assign various requests from your web browser to the shared session.
Persistent cookies: These cookies are automatically deleted after a specified period, which may vary depending on the cookie. Persistent cookies make it possible, for example, to recognize your end device when you return to our website. You can delete these cookies at any time in your web browser settings.

The aforementioned cookies are stored on your device and transmitted to our server or read by us. You can therefore configure the processing of data and information by cookies yourself. You can make appropriate configurations in the settings of your web browser, through which you can, for example, reject third-party cookies or cookies altogether. In this context, we would like to point out that you may then not be able to use all the functions of our website properly. We also recommend that you regularly delete cookies and your browser history manually.

Comparable technologies are in particular web storage (local / session storage), which are stored on your end device, as well as JavaScript, tags or pixels, with which information is read from your end device or passively transmitted. These technologies can also be used to create fingerprints.

b) On what legal basis are tools used?

The processing of personal data by necessary tools serves to make our website more user-friendly and effective for you. Some functions of our website cannot be offered without the use of these tools. In particular, some functions of our website require that your web browser can be identified even after a page change. If you have an account, we use tools to identify you for subsequent visits. This prevents you from having to log in again each time you visit our website. The data processed by tools that are required to provide the functions of our website are not used to create user profiles.

Where optional tools are used for analysis purposes, these are used to improve the quality and user-friendliness of our website, its content and functions. They enable us to understand how the website, which functions are used and how often they are used. This enables us to continuously optimize our offering.

Our legitimate interest in data processing lies in the aforementioned purposes, provided they are necessary tools (section 8). The legal basis in these cases is Art. 6 para. 1 lit. f) GDPR. If the necessary tools are required for the fulfillment of a contract or for the implementation of pre-contractual measures, the legal basis is Art. 6 para. 1 lit. b) GDPR.

Insofar as these are not necessary tools, but functional tools (section 7), analysis tools (section 6) or marketing tools (section 9), we only use these with your express consent, Art. 6 para. 1 lit. a) GDPR.

c) How do we obtain your consent?

To obtain and manage your consent, we use the CookieFirst tool from the provider Digital Data Solutions B.V., Plantage Middenlaan 42a, 1018DH, Amsterdam, Netherlands. This generates a banner that informs you about the data processing on our website and gives you the option of consenting to all, individual or no data processing through optional categories of tools. This banner appears the first time you visit our website and when you call up the selection of your settings again in order to change them or revoke your consent. The banner will also appear on subsequent visits to our website if you have deactivated the storage of cookies or if the cookie or the elements in CookieFirst's local storage have been deleted or have expired.

As part of your website visit, your consent or revocation, your IP address, information about your browser, your end device and the time of your visit are transmitted to Digital Data Solutions. CookieFirst also sets necessary cookies and stores information in local storage in order to retain your consents and revocations. If you delete your cookies or information in local storage, we will ask you for your consent again when you visit the site at a later date.

Data processing by CookieFirst is necessary to provide you with the legally required consent management and to comply with our documentation obligations. The legal basis for the use of CookieFirst is Art. 6 para. 1 lit. f) GDPR, justified by our legitimate interest in fulfilling the legal requirements for cookie consent management.

To revoke your consent, please refer to section 13. You can adjust the tools used under the heading "Privacy settings" at the end of this privacy policy and revoke your consent for them there.

If personal data is transferred to third countries, we refer you to section 12, also with regard to any associated risks. We will inform you if we have concluded standard contractual clauses with the providers of certain tools or if other suitable guarantees apply. If you have given your consent to the use of certain tools, we will (also) transfer the data processed when using the tools to third countries on the basis of this consent (Art. 49 para. 1 lit. a) GDPR)

d) Which social media plugins do we use?

Facebook
Meta Platforms Ireland Limited, Serpentine Avenue, Block J, Dublin 4, Ireland ("Facebook"); further information on data protection can be found here: https://www.facebook.com/privacy/policy/.

Instagram
Meta Platforms Ireland Limited, Serpentine Avenue, Block J, Dublin 4, Ireland ("Instagram"); Further information on data protection can be found here: https://privacycenter.instagram.com/policy/.

LinkedIn
LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland ("LinkedIn"); Further information on data protection can be found here: https://www.linkedin.com/legal/privacy-policy.

6. Analysis tools

We use certain tools to statistically record and analyze general usage behavior based on access data ("analysis tools"). We also use analysis services to evaluate the use of our various marketing channels.

In the following section, we would like to explain these technologies and the providers used for this in more detail. The data collected may include in particular

IP address of the device;
Identification number of a cookie or information in web storage;
Device identifier of mobile devices (device ID, advertising ID);
Referrer URL (previously visited page);
Pages accessed (date, time, URL, title, duration of visit);
Downloaded files;
Clicked links to other websites;
If applicable, achievement of certain goals (conversions);
Technical information: Operating system; Browser type, version and language; Device type, make, model and resolution;
Approximate location (country and city, if applicable).

The legal basis is your consent in accordance with Art. 6 para. 1 lit. a) GDPR. In the event that personal data is transferred to the USA or other third countries, your consent also expressly extends to the data transfer (Art. 49 para. 1 lit. a) GDPR). Please refer to section 12 for the associated risks. Please refer to section 13 to withdraw your consent.

a) Google Analytics

We use "Google Analytics" on our website, a web analytics service provided by Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland (hereinafter referred to as "Google").

Google uses JavaScript and pixels to read information on your end device, as well as cookies, i.e. small text files that are stored on your end device. This enables your use of our website to be analyzed. The information collected about the use of our website is generally transmitted to a Google server in the USA and stored there. As part of the analysis, Google Analytics also uses artificial intelligence such as machine learning to automatically analyze and enrich the data.

Google will use this information to evaluate your use of our website on our behalf, to compile reports on website use and to provide us with other services relating to website use and internet use. Pseudonymous user profiles can be created from the processed data. The IP address transmitted when using Google Analytics is not merged with other Google data. We only use Google Analytics with activated IP anonymization. This means that your IP address is only processed by Google in abbreviated form.

We use Google Analytics for the purpose of analyzing the use of our website and continuously improving individual functions and offers as well as the user experience. By statistically evaluating user behavior, we can improve our offer and make it more interesting for you as a user. In addition, we use target group remarketing through GA Audience.

We have concluded an order processing agreement with Google in order to oblige Google to process the transmitted data only in accordance with our instructions and to comply with the applicable data protection regulations. Your personal data may also be transferred by Google Ireland Limited to Google LLC in the USA. Google LLC has joined the EU-US Data Privacy Framework, which is why the transfer in this case is based on the adequacy decision for the USA in accordance with Art. 45 GDPR.

Further information on the use of data by Google, setting options and data protection can be found on the following Google websites

Terms of use: http://www.google.com/analytics/terms/de.html
Overview of data protection: http://www.google.com/intl/de/analytics/learn/privacy.html
Privacy policy: http://www.google.de/intl/de/policies/privacy
Data use by Google when you use our partners' websites or apps: https://www.google.com/intl/de/policies/privacy/partners
Use of data for advertising purposes: http://www.google.com/policies/technologies/ads
Settings for personalized advertising by Google: http://www.google.de/settings/ads

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. Data at user and event level linked to cookies, user identifiers (e.g. user ID) and advertising IDs (e.g. DoubleClick cookies, Android advertising ID, IDFA [Apple identifier for advertisers]) will be deleted after 14 months at the latest.

The legal basis for this data processing is your consent in accordance with Art. 6 para. 1 lit. a) GDPR. Access to and storage of information in the end device then takes place on the basis of the implementation laws of the ePrivacy Directive of the EU member states, in Germany according to § 25 para. 1 TTDSG.

You can prevent the collection of your data by Google Analytics by clicking on the following link. An opt-out cookie will be set to prevent your data from being collected on future visits to this website: Deactivate Google Analytics. Please note that this setting will be deleted if you delete your cookies.

b) Hotjar

We use "Hotjar" on our website, a web analysis service of Hotjar Ltd, Level 2, St Julian's Business Centre, 3, Elia Zammit Street, St Julian's STJ 1000, Malta (hereinafter referred to as: "Hotjar").

Hotjar uses JavaScript (so-called tracking code) to read information from your end device and, among other things, cookies and local storage, i.e. information that is stored locally in the web browser on your end device. This enables an analysis of your use of our website, including the creation of so-called heat maps, which graphically display your interactions on our site in aggregated form in terms of frequency and duration. The cookies used by Hotjar are stored on your device for different lengths of time, in some cases only during your visit, in others for 365 days. The information collected is transmitted to Hotjar on a server in Ireland and stored there.
The following information is collected by the tracking code: Device-dependent data collected by your end device and your web browser:

IP address of your device (collected and stored in an anonymized format)
Email address including your first and last name, if you have provided this to us via our website
Screen size of your end device
Device type and browser information
Geographical data (country only)
Language used to display our website
User interactions
Mouse commands (movement, position and clicks)
Keyboard entries

Log data that is automatically used by our server when Hotjar is used:

Referring domain
Websites visited
Geographical data (country only)
Language used to display our website
Date and time of access

Hotjar uses this information for the purpose of evaluating your use of our website, compiling reports on its use and providing other services relating to the evaluation of our website. Hotjar also uses third-party services (e.g. Google Analytics and Optimizely) to provide its services. These third-party companies may store or otherwise process information that your browser transmits when you visit our website (possibly including your IP address).

We use Hotjar for the purpose of analyzing the use of our website and continuously improving individual functions and offers as well as the user experience. By statistically evaluating user behavior, we can improve our offer and make it more interesting for you as a user.

In addition to your revocation, you can also prevent the collection of data by Hotjar by setting an opt-out cookie on the following linked website: https://www.hotjar.com/opt-out. Please note that this setting will be deleted if you delete your cookies.

We have concluded a data processing agreement with Hotjar.

Further information on the use of data by Hotjar, setting options and data protection can be found on the following Hotjar website: https://www.hotjar.com/privacy

c) Google Optimize

We use Google Optimize, a service provided by Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland ("Google Optimize"). Google Optimize analyses the use of different variants of the website (e.g. different positions of elements, different colors, fonts, buttons, text lengths, paragraphs, headings, graphics, images) so that we are able to adapt the user-friendliness to the behavior of the website users (e.g. reducing the bounce rate, increasing the length of stay) (so-called A/B test). Google Optimize is a tool integrated into Google Analytics and uses JavaScript and cookies in particular. The IP address received in this way is anonymized immediately after processing. The transmitted IP address is not merged with other Google data.

The legal basis for this data processing is your consent in accordance with Art. 6 para. 1 lit. a GDPR. Access to and storage of information in the end device then takes place on the basis of the implementation laws of the ePrivacy Directive of the EU member states, in Germany according to § 25 para. 1 TTDSG.

We have concluded an order processing agreement with Google Ireland Limited. Your personal data may also be transferred by Google Ireland Limited to Google LLC in the USA. Google LLC has joined the EU-US Data Privacy Framework, which is why the transfer in this case is based on the adequacy decision for the USA in accordance with Art. 45 GDPR.

Further information can be found in Google's privacy policy: https://support.google.com/analytics/answer/6004245.

d) Google Tag Manager

We use "Google Tag Manager" on our website, a service provided by Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland (hereinafter referred to as "Google"). Google Tag Manager enables us as marketers to manage website tags via an interface. The Google Tag Manager tool, which implements the tags, does not itself set any cookies and does not itself collect any personal data.

Google Tag Manager triggers other tags, which in turn may collect data. Google Tag Manager does not access this data. If deactivation has been carried out at domain or cookie level, this remains in place for all tracking tags implemented with Google Tag Manager.

Further information on data protection can be found on the following Google websites

Privacy policy: http://www.google.de/intl/de/policies/privacy
FAQ Google Tag Manager: https://www.google.com/intl/de/tagmanager/faq.html
Google Tag Manager terms of use: https://www.google.com/intl/de/tagmanager/use-policy.html

7. Functional tools

We use certain tools to improve the user experience on our website and to be able to offer you more functions ("functional tools"). Although these are not absolutely necessary for the basic functionality of the website, they can bring significant benefits to users, especially in terms of user-friendliness and the provision of additional communication, display or payment channels.

The legal basis is your consent in accordance with Art. 6 para. 1 lit. a) GDPR. In the event that personal data is transferred to the USA or other third countries, your consent also expressly extends to the transfer of data (Art. 49 para. 1 lit. a) GDPR). Please refer to section 12 for the associated risks. Please refer to section 13 to withdraw your consent.

a) Logging in with social network user accounts (Facebook Login, Google Sign-In, Sign-In with Linkedin, Apple)

Our website offers you the option of logging in with an existing user account of the social networks listed below:

Facebook Login: Meta Platforms Ireland Limited, Serpentine Avenue, Block J, Dublin 4, Ireland (for users outside the USA and Canada) or Meta Platforms Inc, 1601 Willow Road, Menlo Park, California 94025, USA (for all other users) - Privacy Policy
Google Sign-In for Websites: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (for users from the European Economic Area and Switzerland) or Google LLC 1600 Amphitheatre Parkway Mountain View, CA 94043, USA (for all other users) - Privacy Policy
Sign In with LinkedIn: LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland (for persons from the European Economic Area and Switzerland) or LinkedIn Corporation, 2029 Stierlin Ct. Ste. 200 Mountain View, California 94043, USA for all other persons) - Privacy Policy
Sign in with Apple: Apple Inc, 1 Apple Park Way. Cupertino, CA 95014, USA - Data protection information

Once you have logged in with one of your existing user accounts, additional registration is no longer required. If you wish to use the function, you will first be redirected to the relevant social network. There you will be asked to log in with your user name and password. We do not, of course, take any notice of this login data. The server to which a connection is established may be located in the USA or in other third countries.

By confirming the corresponding login button on our website, the relevant social network learns that you have logged in to our site with your user account, and links your user account with your customer account on our website. The following data is also transmitted to us:

Facebook login: e-mail address, public profile information (in particular Facebook ID, name, profile picture), possibly other profile information such as age, date of birth, Facebook friends, gender, place of residence, like information, profile URL, locations, posts, photos, videos; cookies used in particular: "fbsr"
Google Sign-In for Websites: Email address, Google ID, name, profile picture URL
Sign In with LinkedIn: Profile overview (in particular LinkedIn ID, name, job details, number, profile picture URL, number of LinkedIn contacts and other profile details) and - if you allow this in your LinkedIn settings - the primary email address stored on LinkedIn; cookies used in particular. "bsookie" for 2-factor authentication
Sign in with Apple: ID, name, email address, verification code

Your personal data may also be transferred by Meta, Google and LinkedIn to the USA and processed there. Meta Platforms Inc, Google LLC and LinkedIn Corporation have joined the EU-US Data Privacy Framework, which is why the transfer in this case is based on the adequacy decision for the USA in accordance with Art. 45 GDPR. The transfer of your data at Apple is based on your express consent in accordance with Art. 49 para. 1 lit. a GDPR.

b) Twilio

We have integrated functions and content from the Twilio service on our website. The provider is Twilio Inc, 375 Beale Street, Suite 300, San Francisco, CA 94105, USA. These buttons allow you to share a post or a page using Twilio and to contact us via Twilio or to leave us a contact request or we can contact you via Twilio. In addition, we use Twilio to send you an SMS if you have consented to SMS notification. We also use Twilio to validate/confirm your telephone number. We use Twilio to notify you if any action is required on your part during the booking process, such as accepting or rejecting a tenant or signing a contract. Contact details, in particular name and telephone number, are processed for this purpose.

We have concluded an order processing agreement with Twilio Inc. Your personal data may also be transferred by Twilio Inc. to the USA and processed there. Twilio Inc. has joined the EU-US Data Privacy Framework, which is why the transfer in this case is based on the adequacy decision for the USA in accordance with Art. 45 GDPR.

Further information can be found in Twilio's privacy policy at https://www.twilio.com/legal/privacy.

c) Rollbar

We use Rollbar, an error detection, analysis and troubleshooting tool from Rollbar Inc, 665 3rd Street 150, San Francisco, USA ("Rollbar"). Rollbar uses the technical information of your end device together with the visitor ID and the session ID and - if you are logged in - with the user ID in order to recognize errors that occur and to be able to correct them with the help of the transmitted data.

The data is stored for 7 days and then automatically deleted. We have concluded standard contractual clauses with Rollbar.

We have concluded an order processing agreement with Rollbar Inc. Your personal data may also be transferred by Rollbar Inc. to the USA and processed there. Rollbar Inc. has joined the EU-US Data Privacy Framework, which is why the transfer in this case is based on the adequacy decision for the USA in accordance with Art. 45 GDPR.

8. Necessary tools

We use certain tools to enable the basic functions of our website ("necessary tools"). Without these tools, we would not be able to provide our service. Therefore, necessary tools are used without consent on the basis of our legitimate interests pursuant to Art. 6 para. 1 lit. f) GDPR or for the performance of a contract or for the implementation of pre-contractual measures pursuant to Art. 6 para. 1 lit. b) GDPR.

a) Freshworks

We use a CRM system from the provider Freshworks Inc, 2950 S. Delaware Street, Suite 201, San Mateo, CA 94403, USA ("Freshworks"), to process our booking requests. The following data is automatically transmitted by our servers

Last name
first name
e-mail address
telephone number
Employer, if applicable
Job title, if applicable

The use of Freshworks enables us to track and process booking requests in detail.

The data listed is required to communicate with users and is therefore used to fulfill the contract (Art. 6 para. 1 lit. b) GDPR).

We have concluded an order processing contract with Freshworks Inc. Your personal data may also be transferred by Freshworks Inc. to the USA and processed there. Freshworks Inc. has joined the EU-US Data Privacy Framework, which is why the transfer in this case is based on the adequacy decision for the USA in accordance with Art. 45 GDPR.

b) Stripe

We use the services of Stripe Payments Europe Ltd, 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, D02 H210, Ireland for payment processing on our platform in order to receive and process payments made to us on our behalf. The following data is automatically transmitted by us to Stripe

Payment data
Bank details
Credit card details

Stripe also uses JavaScript and cookies for this purpose. We do not store any personally identifiable data or financial information such as credit card numbers. Instead, the payment data (in particular contact and transaction data such as credit card data or bank details) is forwarded directly to Stripe.

The legal basis for the processing of the data is the fulfillment of the contract (Art. 6 para. 1 lit. b) GDPR).

We have concluded an order processing agreement with Stripe Payments Europe Ltd. Your personal data may also be transferred by Stripe Payments Europe Ltd. to Stripe Inc, Corporation Trust Center, 1209 Orange Street, Wilmington, New Castle, DE 19801 in the USA. Stripe Inc. has joined the EU-US Data Privacy Framework, which is why the transfer in this case is based on the adequacy decision for the USA in accordance with Art. 45 GDPR.

Stripe's privacy policy: https://stripe.com/privacy.

c) Klippa

We use Klippa of Klippa App B.V., Laan Corpus den Hoorn 1, 9728 JM Groningen, Netherlands for the purposes of document automation on our platform, including in the context of bookings. In particular, the following categories of data are automatically transmitted by us to Klippa

Bank statements
Employment contract, if applicable

The legal basis for the processing of the data is the fulfillment of the contract (Art. 6 para. 1 lit. b) GDPR).

More about data protection at Klippa at: https://www.klippa.com/de/daten-und-datenschutz/.

d) Azure

We use Azure as a cloud computing platform from Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland to scale our applications.

The legal basis for the processing of the data is the fulfillment of the contract (Art. 6 para. 1 lit. b) GDPR).

Your personal data may also be transferred by Microsoft Ireland Operations Limited to Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399 in the USA. Microsoft Corporation has joined the EU-US Data Privacy Framework, which is why the transfer in this case is based on the adequacy decision for the USA in accordance with Art. 45 GDPR.

Further information on data security can be found here: https://www.microsoft.com/en-us/TrustCenter/Privacy/gdpr/default.aspx

e) Cloudflare

We use the Content Delivery Network of Cloudflare Inc, 101 Townsend St., San Francisco, CA 94107 USA to secure our data and to improve the user experience on our website by caching and thus faster output of content displayed on our website.

Cloudflare offers a globally distributed content delivery network in which copies of our website are created and stored on Cloudflare servers. This ensures that when you visit our website, the content is delivered from the server that can display our website to you the fastest. Cloudflare also blocks threats and limits abusive bots and crawlers that would slow down the retrieval of the website or attack our systems. To use the Content Delivery Network, the data traffic between your browser and our website flows via the Cloudflare infrastructure. When using the Content Delivery Network, Cloudflare receives information about IP addresses and connection protocol data (such as the HTTP header with the user agent information).

You can find more information about the cookies stored by Cloudflare at: https://developers.cloudflare.com/fundamentals/get-started/reference/cloudflare-cookies/.

The legal basis for the processing is our legitimate interest in the fast, secure and proper presentation of our website, Art. 6 para. 1 lit. f) GDPR.

We have concluded an order processing contract with Cloudflare. Your personal data may also be transferred by Cloudflare to the USA and processed there. Cloudflare has joined the EU-US Data Privacy Framework, which is why the transfer in this case is based on the adequacy decision for the USA in accordance with Art. 45 GDPR.
You can find more information on data protection at Cloudflare here: https://www.cloudflare.com/gdpr/introduction/

9. Marketing tools

We use certain tools for advertising purposes ("marketing tools"). Some of the access data collected when you use our website is used for interest-based advertising. By analyzing and evaluating this access data, we are able to show you personalized advertising, i.e. advertising that corresponds to your actual interests and needs, on our website and on the websites of other providers.

In the following section, we would like to explain these technologies and the providers used for this purpose in more detail. The data collected may include in particular

IP address of the device;
Identification number of a cookie or information in web storage;
Device identifier of mobile devices (device ID, advertising ID);
Referrer URL (previously visited page);
Pages accessed (date, time, URL, title, duration of visit);
Downloaded files;
Clicked links to other websites;
If applicable, achievement of certain goals (conversions);
Technical information: Operating system; Browser type, version and language; Device type, make, model and resolution;
Approximate location (country and city, if applicable).

a) Google Ads conversion tracking

We use the online advertising program "Google Ads" on our website and in this context conversion tracking (visit action evaluation). Google Conversion Tracking is an analysis service provided for users from the European Economic Area and Switzerland by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland and for all other users by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (together "Google").

When you click on an advertisement placed by Google, a cookie for conversion tracking is stored on your computer. These cookies have a limited validity. If you visit certain pages of our website and the cookie has not yet expired, Google and we can recognize that you clicked on the ad and were redirected to this page. Each Google Ads customer receives a different cookie. The information obtained with the help of the conversion cookie is used to create conversion statistics. This tells us the total number of users who clicked on one of our ads and were redirected to a page with a conversion tracking tag. We also use Google Ads Conversion Tracking to record other customer actions such as page views, registrations and downloads. In addition to cookies, Google Ads Conversion Tracking also uses JavaScript, pixels and other technologies. Your data may be transferred to the USA.

You can find more information and Google's privacy policy at: https://policies.google.com/privacy.

b) Google Ads Remarketing

We use the remarketing or "similar target groups" function on our website, which is offered for users from the European Economic Area and Switzerland by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland and for all other users by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (together "Google").

The application serves the purpose of analyzing visitor behavior and visitor interests. Google uses cookies to carry out the analysis of website usage, which forms the basis for the creation of interest-based advertisements. Cookies are used to record visits to the website and anonymized data on the use of the website. If you subsequently visit another website in the Google Display Network, you will be shown advertisements that are highly likely to take into account previously accessed product and information areas. In addition to cookies, Google Ads Remarketing also uses JavaScript, pixels and other technologies. Your data may be transferred to the USA.

Your personal data may also be transferred by Google Ireland Limited to Google LLC in the USA. Google LLC has joined the EU-US Data Privacy Framework, which is why the transfer in this case is based on the adequacy decision for the USA in accordance with Art. 45 GDPR.
If you have not consented to the use of Google Ads, Google will only display general advertising that has not been selected based on the information collected about you on this website. In addition to withdrawing your consent, you also have the option of deactivating personalized advertising in Google's advertising settings.

You can find more information about Google Remarketing and the associated privacy policy at: https://www.google.com/privacy/ads/.

c) Google Marketing Platform and Ad Manager (DoubleClick)

Our website uses the Google Marketing Platform and Google Ad Manager, services provided for users from the European Economic Area and Switzerland by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland and for all other users by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (together "Google").

These services use cookies and similar technologies to present you with advertisements that are relevant to you. The use of the services enables Google and its partner websites to display ads based on previous visits to our or other websites on the Internet. In addition, this service is used to create and evaluate reports on advertising campaigns. The service is also used to avoid multiple displays of the same advertisement and to generate commission statements. The data collected in this context may be transferred by Google to a server in the USA for analysis and stored there.

If you have not consented to the use of Google Marketing Platform and Ad Manager, Google will only display general advertising that has not been selected based on the information collected about you on this website. In addition to withdrawing your consent, you also have the option of deactivating personalized advertising in Google's advertising settings.

d) Microsoft Advertising (Bing Ads)

Our online offers also use conversion tracking from Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland. Microsoft Advertising places a cookie on your computer if you have reached our website via a Microsoft Bing ad. In this way, Microsoft and we can recognize that someone has clicked on an ad, has been redirected to our website and has reached a predetermined target page (conversion page). We only learn the total number of users who clicked on a Bing ad and were then redirected to the conversion page. Microsoft Advertising also uses JavaScript and local storage.

The legal basis for this data processing is your consent in accordance with Art. 6 para. 1 lit. a GDPR. The access to and storage of information in the end device then takes place on the basis of the implementation laws of the ePrivacy Directive of the EU member states, in Germany according to § 25 para. 1 TTDSG.

In addition to withdrawing your consent, you also have the option of deactivating personalized advertising in the advertising settings in your Microsoft account.

Further information on data protection and the cookies used by Microsoft Bing can be found on the Microsoft website: https://privacy.microsoft.com/de-de/privacystatement .

e) LinkedIn Analytics and Ads (Insight Tag)

On our website, we use the analysis and conversion tracking technology of the LinkedIn platform, which is offered for persons from the European Economic Area and Switzerland by LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland and for all other persons by LinkedIn Corporation, 2029 Stierlin Ct, Mountain View, CA 94043, USA (hereinafter referred to as "LinkedIn").

With the aforementioned LinkedIn technology, you can be shown more relevant advertising, offers and recommendations based on your interests on LinkedIn (retargeting). We also receive aggregated reports from LinkedIn about advertising activities and information about how you interact with our website (conversion tracking). To do this, LinkedIn uses a JavaScript code (Insight tag), which in turn uses a pixel or uses cookies that are stored in your web browser.

You can find more information about cookies at: https://www.linkedin.com/legal/l/cookie-table.

The LinkedIn Insight tag is used to collect data about the use of our website, including URL, referrer URL, IP address, device and browser characteristics, timestamps and page views. The data collected via the LinkedIn Insight tag is encrypted and anonymized within 7 days. The anonymized data is deleted within 90 days. LinkedIn only provides summarized reports on website audience and ad performance.

In connection with the use of LinkedIn Insight Tag, the information collected is also processed on LinkedIn Corporation servers in the USA.

Your personal data may also be transferred by LinkedIn Ireland Unlimited Company to LinkedIn Corporation in the USA. LinkedIn Corporation has joined the EU-US Data Privacy Framework, which is why the transfer in this case is based on the adequacy decision for the USA in accordance with Art. 45 GDPR.

In addition to your revocation, you can also prevent data collection in particular by clicking on the following opt-out link: https://www.linkedin.com/psettings/enhanced-advertising. Please note that this setting will be deleted if you delete your cookies.

Further information on data protection at LinkedIn can be found here: https://de.linkedin.com/legal/privacy-policy.

f) Meta Pixel

We use the "Meta Pixel" service on our website, which is offered for persons outside the USA and Canada by Meta Platforms Ireland Ltd, Serpentine Avenue, Block J, Dublin 4, Ireland and for persons from the USA and Canada by Meta Platforms Inc, 01 Willow Road, Menlo Park, California 94025, USA (hereinafter referred to as "Meta Platforms"), to analyze the general use of our websites and to track the effectiveness of Facebook advertising ("conversion tracking"). We also use Meta Pixel to display personalized advertising messages in Meta Platforms' social networks (such as Facebook and Instagram) based on your interest in our products ("retargeting"). This also includes target group remarketing through Custom Audience.

Meta Pixel enables Meta Platforms to display our ads on Facebook and Instagram only to users who have visited our website, in particular those who have shown an interest in our online offering or in certain topics or products. Meta Pixel makes it possible to check whether a user has been redirected to our website after clicking on our advertisement.

Among other things, Meta Pixel uses cookies, i.e. small text files that are stored locally in the web browser on your end device. If you are logged in to Facebook or Instagram with your user account, the visit to our online offer will be noted in your user account. Meta Platforms can also link this data to your user account there. We have no influence on the scope and further use of data collected by Meta Platforms through the use of Meta Pixel. In addition to cookies, Meta Pixel also uses JavaScript and other technologies.

Meta Platforms processes the following data in particular with Meta Pixel:

HTTP header information such as information about the browser used (e.g. user agent, language);
information on events such as "page view", other object properties and buttons clicked by visitors to the website
Online identifiers such as IP addresses and, where provided, Facebook business-related identifiers or device IDs (such as advertising IDs for mobile operating systems) and information on the status of deactivation/restriction of ad tracking.

To the best of our knowledge, Meta Platforms receives the information that you have accessed the relevant part of our website or clicked on an advertisement from us. If you have a user account with Facebook or Instagram and are registered, Meta Platforms can assign the visit to your user account. Even if you are not registered with Facebook or Instagram or have not logged in, it is possible for Meta Platforms to find out and store your IP address and any other identifying features.

We use Meta Pixel for marketing and optimization purposes, in particular to place relevant and interesting ads for you on Facebook and thus improve our offer, make it more interesting for you as a user and avoid annoying ads.

You can make settings regarding which types of advertisements are displayed to you within Facebook on the following Facebook website: https://www.facebook.com/settings?tab=ads. You can prevent the linking of data collected outside Instagram to display personalized advertising in Instagram as follows: https://de-de.facebook.com/help/instagram/2885653514995517?locale=de_DE. Please note that this setting will be deleted if you delete your cookies.

The legal basis for this data processing is your consent in accordance with Art. 6 para. 1 lit. a GDPR. Access to and storage of information in the end device is then carried out on the basis of the implementation laws of the ePrivacy Directive of the EU member states, in Germany according to § 25 para. 1 TTDSG.

Your personal data may also be transferred by Meta Platforms Ireland Ltd. to Meta Platforms Inc. in the USA. Meta Platforms Inc. has joined the EU-US Data Privacy Framework, which is why the transfer in this case is based on the adequacy decision for the USA in accordance with Art. 45 GDPR.

Further information from the third-party provider on data protection can be found on the following Facebook website: https://www.facebook.com/about/privacy. Information on Facebook Pixel can be found on the following Facebook website: https://www.facebook.com/business/help/651294705016616

10. Storage duration

In principle, we only store personal data for as long as necessary to fulfill the purposes for which we collected the data. Thereafter, we delete or anonymize the data immediately, unless we still need the data for evidence purposes until the statutory limitation period for civil law claims expires or due to statutory retention obligations.

For evidentiary purposes, we must retain contractual data for three years from the end of the year in which the business relationship with you ends. Any claims expire at the earliest at this time in accordance with the statutory limitation period.

Even after this time, we must still store some of your data for accounting reasons. We are obliged to do so due to statutory documentation obligations, which may arise, for example, from the German Commercial Code, the German Fiscal Code, the German Banking Act, the German Money Laundering Act and the German Securities Trading Act. The periods specified there for the retention of documents are two to ten years. Insofar as we store your data to fulfill such legal obligations, this is done on the legal basis of Art. 6 para. 1 lit. c) GDPR in conjunction with the respective specific retention obligation.

Additional information on the storage period can be found in individual sections of this privacy policy.

11. Forwarding of data

The data collected by us will only be passed on if:

you have given your express consent to this in accordance with Art. 6 para. 1 lit. a) GDPR,
the disclosure pursuant to Art. 6 para. 1 lit. f) GDPR is necessary for the assertion, exercise or defense of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data
we are legally obliged to disclose your data in accordance with Art. 6 para. 1 lit. c) GDPR, in particular if this is necessary for legal prosecution or enforcement due to official requests, court orders and legal proceedings, or
this is legally permissible and required under Art. 6 para. 1 lit. b) GDPR for the performance of contractual relationships with you or for the implementation of pre-contractual measures taken at your request.

Part of the data processing may be carried out by our service providers. In addition to the service providers mentioned in this privacy policy, these may include, in particular, data centers that store our website and databases, software providers, IT service providers that maintain our systems, agencies, market research companies, group companies and consulting firms. If we pass on data to our service providers, they may only use the data to fulfill their tasks. The service providers have been carefully selected and commissioned by us. They are contractually bound by our instructions, have suitable technical and organizational measures in place to protect the rights of the data subjects and are regularly monitored by us.

12. Data transfer to third countries

As explained in this privacy policy, we use services whose providers are partly located in so-called third countries (outside the European Union or the European Economic Area) and/or process personal data there, i.e. countries whose level of data protection does not correspond to that of the European Union. If this is the case and the European Commission has not issued an adequacy decision for these countries (Art. 45 GDPR), we have taken appropriate precautions to ensure an adequate level of data protection for any data transfers. These include the standard contractual clauses of the European Union or binding internal data protection regulations.

Where this is not possible, we base the data transfer on exceptions under Art. 49 GDPR, in particular your express consent or the necessity of the transfer for the fulfillment of the contract or for the implementation of pre-contractual measures.

If a transfer to a third country is planned and there is no adequacy decision or suitable guarantees, it is possible and there is a risk that authorities in the respective third country (e.g. secret services) may gain access to the transferred data in order to collect and analyze it, and that the enforceability of your data subject rights cannot be guaranteed. When obtaining your consent via the cookie banner, you will also be informed of this.

13. Your rights

In accordance with the General Data Protection Regulation (GDPR), you have the following rights, which you are welcome to assert via our contact form or alternatively by post. If the respective legal requirements are met, we will comply with your data protection request.

Right to information
In accordance with Article 15 of the GDPR, you have the right to request information about the processing of your data by us. This includes information on processing purposes, categories of data, recipients, storage duration, legal claims such as correction, deletion or restriction, rights of appeal, data origin (if not collected by us) as well as information on automated decision-making and profiling, if applicable.

Right to rectification
In accordance with Article 16 of the GDPR, you can request the immediate correction of your data stored by us if it is incorrect or incomplete.

Right to erasure
In accordance with Article 17 of the GDPR, you can request the erasure of your data stored by us, unless the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defense of legal claims.

Right to restriction of processing
In accordance with Article 18 of the GDPR, you have the right to request the restriction of the processing of your data, for example if the accuracy of the data is disputed or the processing is unlawful.

Right to data portability
In accordance with Article 20 of the GDPR, you have the right to receive the data you have provided to us in a structured, commonly used and machine-readable format or to have it transmitted to another controller (data portability).

Right to object
In accordance with Article 21 of the GDPR, you may object to the processing of your data, in particular if the processing is not necessary for the performance of a contract (Article 6(1)(e) or (f) of the GDPR). If it is not an objection to direct marketing, we ask you to inform us of the reasons for your objection. In the event of a justified objection, we will either terminate or adapt the data processing and provide you with compelling reasons worthy of protection for continuing the processing.

Right of revocation
In accordance with Article 7(3) of the GDPR, you can withdraw your consent to data processing at any time, provided that you have given such consent. If you withdraw your consent, we will no longer be permitted to carry out the data processing based on this consent in the future.

Right to lodge a complaint
In accordance with Article 77 of the GDPR, you have the right to complain to a data protection supervisory authority about the processing of your personal data in our company. You can assert this right, for example, with a supervisory authority in the Member State of your place of residence, your place of work or the place of the alleged infringement. The supervisory authority responsible for us is

Berlin Commissioner for Data Protection and Freedom of Information
Alt-Moabit 59-61
10555 Berlin
Entrance Alt-Moabit 60
Phone: +49 30 13889-0
Fax: +49 30 2155050
E-mail: mailbox@datenschutz-berlin.de

14. Questions about data protection

If you have any questions about data protection in connection with our products/services or the use of our website, you can also contact our data protection team at any time atdatenschutz@wunderflats.com . You can also contact our data protection officer at at the postal address below and at the e-mail address provided (keyword: "Attn. data protection officer"). We expressly point out that when using this e-mail address, the contents are not exclusively taken note of by our data protection officer. If you wish to exchange confidential information by e-mail, please contact us directly via this e-mail address first.

E-Mail: datenschutz@wunderflats.com
Wunderflats GmbH
Rosenstrasse 16
10178 Berlin
Phone: + 49 (0) 30 120 862 259

Используйте кнопки ниже, чтобы загрузить данные пользователя или полностью удалить их.

Мы используем файлы cookie и аналогичные технологии, необходимые для работы нашего сайта, а также инструменты, необходимые для оценки эффективности и маркетинга.

Privacy policy

1. General information

2. Controller

3. Processing of personal data when using our website for information purposes

4. Further functions and offers of our website

5. Processing of personal data by cookies and similar technologies (tools) and social media plugins

6. Analysis tools

7. Functional tools

8. Necessary tools

9. Marketing tools

10. Storage duration

11. Forwarding of data

12. Data transfer to third countries

13. Your rights

14. Questions about data protection

Предпочтения конфиденциальности