Data Protection Statement
For Berlinovo Apartment GmbH, protection of your private sphere is of the utmost importance. For this reason we comply with the statutory regulations on data protection as a matter of course. It is also important for us that you know at all times when we store what data and how we use it. For us it is especially important to protect the personal data that you entrust to us, such as your name, address, telephone number and e-mail address, and that we handle this responsibly. This also includes data created in the background during your use of the Internet, the so-called protocols. Berlinovo Apartment GmbH guarantees that your disclosures are handled confidentially, in keeping with the applicable European and German data-protection regulations.
1 Controller of the Data Processing
The controller, in accordance with article 4 para. 7 of EU- General Data Protection Regulation (= GGDPR) is
Berlinovo Apartment GmbH
Hallesches Ufer 74 - 76, 10963 Berlin
Management: Silke Andresen-Kienz
Fon: +49 (0)30 25 441 - 0
Fax: +49 (0)30 25 441 - 662
2 Contact to the Data Protection Officer
You can contact our data protection officer under email@example.com or using our postal address with the addition, "Data Protection Officer".
3 Collection of Personal Data During a Visit to Our Website
In cases of use of the website merely for information purposes, i.e. when you do not register or otherwise transfer information to us, we collect only such personal data as is sent to our server by your browser. Whenever you decide to take a look at our website, we collect the following data that is technically necessary for us to be able to show you our website and to guarantee its stability and security. The legal basis for this is article 6 para. 1 lit. f of GDPR:
IP address, date and time, sought-after URL (method, resource, protocol), referrer, user agent string.
3.1 Applying Online – Form
If you apply online for an apartment using our website, we collect various items of data that are necessary for preparation of contract and for conclusion of contract. The legal basis is Article 6 para. 1 lit. b GDPR. The data is stored for the period of the contract and in accordance with statutory obligations.
The data collected via this form is processed and stored solely within of the EU.
3.2 Use of Share Links
On our website there are so-called share links from Twitter, Facebook and Google+ integrated. On clicking these the user is connected to the respective services. Perpetual tracking (despite the user's being logged on) does not take place. This first begins after any active sharing of page contents. After clicking the integrated graphics you are passed on to the site of the respective provider, i.e. only then is user information transferred to the respective provider.
For information on the handling of your personal data in connection with use of these web pages, please see the data-protection provisions of the respective provider.
When using our website, cookies are stored on your computer. Cookies are small text files that are stored on your hard disk by the browser used by you and through which the body that set the cookie is provided with certain information. Cookies cannot execute any programs or transfer viruses to your computer. They serve to make the Internet offer generally more user-friendly and more effective.
This website uses the following types of cookies, whose extent and functioning are explained in what follows:
3.3.1 Persistent Cookies
These cookies are automatically deleted after a preset period of time, which may vary depending on the cookie. You can delete the cookies in the security settings of your browser at any time.
3.3.2 Prevention Cookies
You can configure your browser settings according to your preferences and, for example, refuse to accept third-party cookies or all cookies. Please note that you may then not be able to use all the functions of this website.
3.3.3 Google reCAPTCHA
This website makes use of reCAPTCHA v2, a web service from Google Inc. ("Google", Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland). It serves to prevent abusive automated entries in web forms and thus to protect the technical systems of the host.
When you visit one of our websites, in which reCAPTCHA is integrated and you agree to the use, a connection to the servers of Google is established. A Cookie of reCAPTCHA is set. Your IP address will be transmitted to Google.
In addition, reCAPTCHA records the following data by using „fingerprinting“:
- used Browser-Plugins
- Cookies which have been set for the last 6 months
- the number of mouse clicks and touches you have made on this screen
- CSS information for the requested page
- Objects of java script
- the date
- language oft he browser.
Where personal data is transferred to Google in the United States, this is done under the EU-US Privacy Shield on the basis of the European Commission's Appropriateness Decision. You can download the certificate here.
It is used for that purpose and so the legal basis is section article 6 para. 1 lit. a GDPR.
You can revoke this at any time with effect for the future. If consent is not given, the contact form in particular cannot be used. However, the request can alternatively be sent by e-mail to firstname.lastname@example.org.
3.3.4 Web Fonts by Adobe Typekit
We use Adobe Typekit for the uniform display of fonts on our website. Adobe Typekit is a service that provides access to a font library and is provided by Adobe Systems Incorporated, 345 Park Avenue, San Jose, CA 95110-2704, USA (Adobe). When you view a page, your browser loads the required web fonts into your browser cache to display text and fonts correctly. No cookies are placed or used to provide the fonts in the course of providing the Typekit service.
For this purpose, the browser you use must connect to the Adobe Typekit servers. This allows Adobe Typekit to know that your IP address has been used to access our website. The use of Adobe Typekit Web Fonts is in the interest of a uniform and attractive presentation of our online offers. This represents a legitimate interest in the sense of article 6 para. 1 lit. f GDPR. If your browser does not support web fonts, a standard font will be used by your computer.
Further information can be found on the information page here: https://www.adobe.com/de/privacy/policies/adobe-fonts.html and https://www.adobe.com/de/privacy/policy.html.
3.3.5 Google Maps Plug-In
This site uses the map service Google Maps. Google Maps is a map service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
In order to use the functions of Google Maps, information, including the IP address and the address entered as part of the route function, may be transmitted to the provider's servers. This information is usually transferred to a Google server in the USA and stored there. When you visit a website that contains Google Maps, your browser establishes a direct connection with the Google servers, whereby the map content is sent to your browser and integrated by it. The provider of this site has no influence on this data transmission. According to current knowledge, this includes the following data:
- the date and time of the visit to the relevant website,
- Internet address or URL of the web page called up,
- IP address, entered (start) address during route planning
If you are a member of Yelp and do not want Yelp to collect information about you through our website and link it to your membership information held by Yelp, you must log out of Yelp before visiting our website.
4 Contact by e-mail or Contact Form
On your contacting us by e-mail or via a contact form, the data given by you (your e-mail address and, where applicable, your name and telephone number) will be stored by us so we can respond to your enquiries. If we request input, via our contact form, that is not necessary for establishing contact, such details are always indicated as being voluntary. Disclosures of such details are explicitly made on a voluntary basis and with your consent, article 6 para. 1 a GDPR. Where these details have to do with channels of communication (such as e-mail address, or telephone number) you also consent to our contacting you via these channels of communication, to answer your enquiry. You can, of course, revoke this consent at any time without any need to give reasons, and with effect as to the future.
We will delete the data acquired in this connection once its storage is no longer necessary, or we will restrict the processing in the event of statutory filing obligations.
5 Data processing by tenants and prospective tenants
5.1 Which personal data do we use?
If you have an enquiry, have us prepare an offer or conclude a contract with us, we will process your personal data. In addition, we process your personal data, among other things, to fulfil legal obligations, to protect a legitimate interest or on the basis of a consent given by you.
Depending on the legal basis, the categories of personal data are as follows:
- name, surname
- communication data (telephone, e-mail-address)
- date of birth
- contract master data, especially contract number, duration, period of notice, type of contract
- invoice data / turnover data
- creditworthiness data
- payment data / account data
In the course of contract initiation, we also use data provided to us by third parties. Depending on the type of contract, the following categories of personal data are involved:
- information on creditworthiness (via a credit agency)
- convictions concerning the law of property or criminal law
5.2 From which sources does the data come?
We process personal data that we receive from our customers, service providers and oursuppliers and we also obtain your data from the following sources:
- Credit agency: Creditreform
- Publicly accessible sources: commercial or association registers, debtor registers, land registers
- Data base: LexisNexis (https://www.lexisnexis.com/global/privacy/de/article-14bis.page)
- other group companies
5.3 For what purposes do we process your data and on what legal basis?
We process your personal data in particular in compliance with the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG) as well as all other relevant laws.
5.3.1 Data processing on the basis of a consent given by you (Art. 6 para. 1 lit. a GDPR)
If you have given us your voluntary consent to the collection, processing or transfer of certain personal data, then this consent forms the legal basis for the processing of this data.
In the following cases, we process your personal data on the basis of your consent:
- Sending an e-mail newsletter
- Transfer of the communication data to external service providers for the purpose of arranging appointments (e.g. removal of rental defects, renovations)
5.3.2 For the performance of a contract (Art. 6 para. 1 lit. b GDPR)
In particular, the obligations arising from the following contracts come into consideration here:
- Lease / rental agreement
- Property management
5.3.3 To fulfil legal obligations (Art. 6 para. 1 lit. c GDPR) or in the public interest (Art. 6 para. 1 lit. e GDPR)
AAs a company, we are subject to various legal obligations. The processing of personal data may be necessary to fulfil these obligations.
- Control and reporting obligations
- Creditworthiness, age and identity checks
- Prevention of criminal acts
- DScreening activities according to GwG
5.3.4 On the basis of a legitimate interest of the controller (Art. 6 para. 1 lit. f GDPR)
In certain cases, we process your data to protect our legitimate interests or that of third parties:
- Measures for building and plant safety
- Consultation and data exchange with credit agencies
- To determine creditworthiness and default risks
- Ensuring IT security and operation
- Repair and maintenance measures
- Screening activities according to EU denial orders
- Obligations to let tenants inspect the bills of the statement on operating costs
5.3.5 To whom will your data be passed on?
In order to fulfil our contractual and legal obligations, we will pass on your data to different public and internal places, as well as external service providers.
External Service Providers:
- T service providers (e.g. maintenance service providers, hosting service providers)
- Service provider for file and data destruction
- Printing services
- Payment service providers
- Service Provider for Marketing or Sales
- Credit agencies
- Authorized dealers
- Service provider for telephone support (Call-Center)
- Web hosting service provider
- Letter shops
- Auditors and accountants
- Caretaker service
Public bodies and authorities:
Furthermore, we may also be obliged to transfer you data to other recipients, such as public authorities to fulfil legal notification obligations.
- Tax authority
- Social insurance agency
- Job centre
- District authorities
- Housing offices
- Other tenants of Berlinovo who are allowed to check the bills of the statement on operating costs. If they make use of this right and an anonymization of this data is not allowed, they can see personal data of other tenants (cf. BGH judgment of 07.02.2018, Az. VIII ZR 189/17)
5.3.6 Is there an obligation to provide your personal data?
In order to enter into a business relationship, you must provide us with the personal data that is necessary for the execution of the contractual relationship or that we are required to collect by law. If you do not provide us with this data, it is not possible for us to carry out and process the contractual relationship.
6 Data processing in video surveillance
Where video surveillance is carried out at/in rental or administrative buildings and accesses to parking spaces, the legal basis is Article 6 para. 1 lit. f GDPR. Legitimate interests are the protection of domestic rights, the detection and prosecution of criminal offences and the enforcement of civil law claims. In this case, a weighing of interests reveals that the legitimate interests of Berlinovo outweigh the interests of the persons concerned. A change in these purposes is not planned.
The records are only evaluated if there is a suspicion of a breach of domestic law or a criminal offence. In such cases, the relevant data may be transferred to law enforcement authorities, courts and lawyers. We also use service providers by way of order processing in the provision of services, in particular for the provision, maintenance and servicing of IT systems.
Recordings of video surveillance systems on administrative buildings and accesses to parking lots are regularly deleted after five days at the latest, recordings of systems on residential buildings after 72 hours at the latest. If a criminal offence is suspected, relevant data is stored until the conclusion of criminal and civil proceedings.
7 Your Rights
Regarding personal data relating to you, you have the following rights with respect to us:
7.1 Rights in General
You have a right to information Art. 15 GDPR, right of correction Art. 16 GDPR, right of deletion Art. 17 GDPR, right of limitation of the processing Art.18 GDPR and right of objection to the processing Art. 21 GDPR. The right of information and the right of deletion are subject to the restrictions according to §§ 34 and 35 BDSG.
7.2 Right of objection
You can object to the use of your data for advertising purposes at any time, without incurring any costs other than the transmission costs according to the basic tariffs.
What right do you have in the event of data processing because of your legitimate or public interest?
In accordance with article 21 para. 1 of GDPR, you have the right, for reasons arising from your particular situation, to object at any time to the processing of personal data relating to you that takes place on the basis of article 6 para. 1 lit. e GDPR (data processing in the public interest) or on the basis of article. 6 para. 1 lit. f of GDPR (data processing for safeguarding a legitimate interest). This also applying to any profiling based on this regulation. In the event of objection, we will no longer process your personal data, unless we can provide compelling legitimate grounds for the processing that override your interests, rights and freedoms, or the processing serves the assertion, exercising or defence of legal entitlements.
What right do you have in the event of data processing for direct marketing purposes?
If we process your personal data in order to conduct direct advertising you have the right, in accordance with article 21 para. 2 of GDPR, to object at any time to the processing of the personal data relating to you for purposes of such advertising; this also applies to profiling, to the extent that it is connected to such direct advertising.
In the event of your objection to the processing for purposes of direct advertising we will no longer process your personal data for this purpose.
7.3 Revocation of consent
Where processing requires your consent, you have the right to revoke this, with respect to us, with effect as to the future.
7.4 Other rights
You may request that we make all personal data you have provided us with available to either you or a person or company of your choice, subject to the conditions of Art. 20 GDPR, in a structured, common and machine-readable format.
You also have the right to complain to a relevant data-protection supervisory authority about our processing of your personal data (Art. 77 GDPR and § 19 BDSG).
7.5 Exercising your rights
To exercise your rights, you can contact the person responsible or the data protection officer at the contact details provided. We will process your enquiries immediately and in accordance with the legal requirements and inform you about the measures we have taken.
8 Data Transfer
On principle, a transfer of your data to a third party does not take place, unless we are legally obliged to do so, or the passing-on of the data is necessary for the implementation of the contractual relationship, or you have previously consented, explicitly, to the passing-on of your data.
External service providers will only receive your data as far as this is necessary for processing the contractual relationship with you. In such cases, though, the scope of the data transferred is limited on the necessary minimum. If our service providers come into contact with your personal data, we make sure, in the context of the order processing in accordance with article 28 of GDPR, that they also comply in the same way with the regulations of data protection law. Please also note the respective information on data protection of the providers. As to the contents of external services, the respective service provider is personally responsible, whereby we, within the framework of reasonableness, check the services to ensure compliance with the statutory requirements.
We attach importance to the processing of your data within the EU / EEA.
That's why we deploy, for the data of tenants, only service providers within the EU.
It can, however, prove necessary for us to deploy service providers, that process the data outside the EU / EEA. In such cases we make sure, before transferring your personal data, that an appropriate level of data protection exists at the recipient's. What is meant by this is that, via EU standard contracts or an adequacy decision, such as the EU-US Privacy Shield, a level of data protection is achieved that is comparable to the standards applied within the EU.
9 Storage duration
We store your personal data as long as it is necessary to fulfil our legal and contractual obligations.
If storage of the data is no longer necessary for the fulfilment of contractual or legal obligations, your data will be deleted, unless their further processing is necessary for purposes such as the following:
- fulfilment of commercial and tax law retention obligations of 6 or 10 years according to § 257 AO, §§ 138, 147 HGB
- preservation of evidence within the framework of the legal statute of limitations: according to the statutes of limitation of the German Civil Code (BGB), these periods of limitation can in some cases be up to 30 years; the regular period of limitation is three years
- preservation of evidence in the case of rejected applicants in the event of actions under the AGG: 6 months
- storage obligation according to § 8 GwG: 5 years
10 Data Security
We have taken extensive technical and operational protective measures to safeguard your data against accidental or intentional manipulation, loss, destruction and access by unauthorized persons. Our security procedures are regularly checked and adapted to allow for technological progress.
11 Automated decision making or profiling
As a matter of principle, we do not use exclusively automated decision making or other profiling within the meaning of Art. 22 GDPR to establish and conduct the business relationship.
12.1 Changes to this
Should the purpose or manner of processing your personal data change significantly, we will update this information in good time and inform you of the changes in good time.
Status: June 2020
12.2 Information on VSBG [Resolution of Consumer Disputes Act]
Berlinovo Apartment GmbH is neither willing nor obligated to participate in dispute-resolution procedures before a consumer-protection body.