Privacy Policy

Data protection information for visiting our website

When you visit our website, various data, including personal data, is collected. We treat your personal data (definition according to Art. 4 (1) DSGVO) confidentially and according to the legal data protection regulations. This privacy policy explains what data we collect, what we use it for, how and for what purpose. This is done primarily to provide you with convenient and secure access to our information and offers. Of course, we also pursue economic interests with our website, with which we want to strengthen both our image and our sales. For reasons of fairness and transparency, we are happy to inform you about this in detail below in accordance with the EU Data Protection Regulation (GDPR):

Who is responsible for data collection?

Responsible for the data collection during your visit to this website is the Bürgermeister-Reuter-Stiftung https://www.brst.de/impressum/ as website operator.

How do we collect your data?

On the one hand, your data is automatically collected by the IT systems used when you visit the website. This is mainly technical data (e.g. Internet browser, operating system or time of page view). This data is collected automatically as soon as you visit our website. Other data is collected when you provide it to us. This can be, for example, data that you enter in a contact form.

What do we use your data for?

Part of the data is collected to ensure error-free provision of the website. We explain further details in the following sections.

TLS encryption

This site uses TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or requests that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line. If TLS encryption is activated, the data you transmit to us cannot be read by third parties.”

Your contact to our data protection officer

We have appointed the company mb-Datenschutz GmbH https://mb-datenschutz.de/ as our data protection officer.
Please send your inquiries regarding data protection to the e-mail address dsb@brst.de.
(For all other inquiries, please use the following e-mail address: info@brst.de .)

Data collection on our website

Cookies

Our website uses so-called cookies. These serve to make our offer more user-friendly, more effective and safer. Cookies are text files that are stored in the browser on your end device.

Cookies do not cause any damage to your computer and do not contain viruses. A distinction is made between so-called “session cookies” and “persistent cookies”. The former are automatically deleted at the end of your visit. Other cookies remain stored on your terminal device until they expire or are deleted. These cookies make it possible to recognize your browser on your next visit and to apply the settings you have previously made for you. You can set your browser so that you are informed about the setting of cookies and only allow them in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If you disable cookies, the functionality of this website may be limited.

Session cookies, which are required to carry out the electronic communication process, are stored on the basis of Art. 6 (1) lit. f DSGVO. The website operator has a legitimate interest in storing cookies for the technically error-free and optimized provision of its services. Insofar as other cookies (e.g. for the analysis of your surfing behavior) are stored, these are treated separately in this privacy policy.

Server log files

The provider of our website automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. The data in the log files include:

the operating system used and its interface
the IP address (anonymized),
estimated location (based on the network address),
Device type (PC or Mobile),
the time of the server request
the Http status code – access status,
the amount of data transferred.

The storage period is max. 90 days (for technical analysis purposes in case of errors), otherwise max. 30 days. A combination of this data with other data sources is not made.

The legal basis for data processing is Art. 6 para. 1 lit. f DSGVO, which allows the processing of data for optimal presentation and security of the website based on our legitimate interest.

Matomo with cookies

For anonymous reach measurement (website statistics) we use the open source software Matomo. Matomo is hosted and evaluated by us. In order for Matomo to be able to measure, Matomo places cookies on your end device, which remain there until you delete them. Your IP address is anonymized for the measurement. Since, according to the current, uncertain legal situation, even anonymous analysis techniques such as these presumably require your consent, we only start the coverage measurement when you activate it through the cookie banner.

DSGVO legal basis: Art. 6 (1) a Your consent:

If you have already consented via the cookie banner and now (hopefully not) change your mind, you can object to our reach measurement by Matomo directly here:

Your objection generates an opt-out cookie in your browser that prevents Matomo from storing usage data. If you delete cookies, the Matomo opt-out cookie will also be deleted. You can find more information at: https://matomo.org/docs/privacy

Visitor interaction with our website

Contact form

If you send us inquiries via the contact form, your data from the contact form, including the contact data you provided there, will be stored by us for the purpose of processing the inquiry and in case of follow-up questions. We do not pass this data on to third parties without your consent.

The processing of the data entered in the contact form is usually carried out on the legal basis of Art. 6 para. 1 lit. b DSGVO (contract initiation or execution). Your data will remain with us until you request us to delete it or the purpose for storing the data no longer applies (e.g. after processing your request has been completed). If we have to comply with legal retention periods, we delete them after their expiry.

Company pages in social media

Privacy policy for our Facebook page

The goals of our Facebook page are

direct contact with our online visitors with the aim of customer acquisition and retention and the associated offer of contemporary communication channels,
references to our posts and offers,
statistical analyses for our own market research purposes.

According to Art. 6 (1) f DSGVO, the use of this social media channel is in our legitimate interest. Nevertheless, it is important to us to inform you transparently here as far as possible about the data protection-relevant things for which we bear active joint responsibility.

When you visit our Facebook page, Facebook collects, among other things, your IP address and other information that is present in the form of cookies on your terminal device. This information is used to provide us, as the operator of the Facebook page, with statistical information about the use of our page. If you would like to avoid this, log out of Facebook or disable the stay logged in function and configure your browser so that cookies are not set or are deleted promptly. You can find more information about Facebook’s use of cookies in their cookie policy. You can also influence the way Facebook uses your data to a small extent in the advertising settings and in the general settings.

For the basic functions, you can find Facebook’s privacy policy here: https://www.facebook.com/privacy/explanation

The data collected about you in this context is processed by Facebook Ltd. and may be transferred to countries outside the European Union. Facebook describes in general terms what information it receives and how it is used in its data usage guidelines.

What rights do you have under the EU GDPR?

The EU GDPR aims to give you, as the data subject, the greatest possible control over your personal data. All data that can be directly or indirectly related to you as a person is considered personal data. In order for you to effectively exercise control over your data, you have the following rights vis-à-vis us:

the right to information according to Art. 15 EU-DSGVO,
the right to rectification according to Art. 16 EU-DSGVO,
the right to deletion according to Art. 17 EU-DSGVO,
the right to restriction of processing according to Art. 18 EU-DSGVO and
the right to object under Art. 21 EU-DSGVO as well as
the right to lodge a complaint with a supervisory authority pursuant to Art. 77 EU-DSGVO if you believe that we are processing your data unlawfully. You can find the supervisory authority responsible for our company here: https://www.bfdi.bund.de/DE/Home/home_node.html

The right to data portability according to Art. 20 would only be relevant when visiting our website if you had the possibility to create a profile (e.g. applicant profile, member profile or similar) or enter corresponding information about yourself.

Status: 19.05.2022

Processing of your tenant data in the reservation portal

Processing of your The following information refers to our reservation portal on the subdomain request.home-in-berlin.de

For the management of prospective tenants and tenants, we process the data with the help of technical US service providers, among others. These service providers (US service provider: Microsoft) enable us to offer you convenient digital processes and residential services both during the initiation and during the rental period. At the same time, this is the only way we can organize our administration economically and efficiently and offer you this good rental price.

EU law requires that we inform you transparently about this before you send us your data and that you consent to this processing. This is because the EU currently considers the level of data protection in the U.S. to be inadequate, as the use of U.S. service providers poses the risk that U.S. authorities could access your data and neither we, nor the respective service provider, nor you can defend against this. To minimize the risk of access by US authorities, we process your data within Europe. We have concluded appropriate data protection contracts with all service providers, which we have carefully selected without exception.

Our rental portal is operated on a Microsoft server in the European Union. For technical reasons, your IP address is transmitted to this and other Microsoft servers when you open the portal request.home-in-berlin.de in your browser. Further personal data will only be transmitted to our Microsoft server by yourself after your consent with the booking request.

For the booking portal to work, we need to set two cookies (ARAffinity and ARAffinitySameSite). The cookies only serve to correctly allocate your browser session and expire automatically at the end of the session. The risk for you, according to the ECJ (C311/17 “Schrems 2”), is that US authorities could gain access to your IP address and you cannot defend yourself against this in court. We have reduced the data export to the minimum.

Consent must be confirmed by a check mark in the reservation process. Your consent is voluntary and you can revoke it at any time with effect for the future. The lawfulness of the processing up to the time of the revocation remains unaffected. Without your consent, we can not technically manage your data economically, which would result in an increase in your rent by about 30%.

If you do not consent, please contact us at vermietung@brst.de. If you leave the reservation portal at request.home-in-berlin.de, your previously made entries will be automatically deleted.

Information on the digital signature function via DropboxSign

We have integrated a service provider into the process of concluding the rental agreement for convenient, digital signatures. Your signature is encrypted and transmitted to the company Dropbox International Unlimited Company, USA and stored only temporarily and only for the purpose of data processing (signing the lease) in the USA. Immediately after signing, your data will be automatically deleted there. EU law requires that we inform you transparently and that you consent to the transfer of your data to the USA. This is because the EU currently considers the level of data protection in the U.S. to be inadequate, as the use of U.S. service providers entails the risk that U.S. authorities could access your data and neither we, nor the service provider, nor you can defend against this. To minimize the risk of access, we have concluded appropriate contracts and guarantees with the service providers. Without this service provider we can not offer you this convenient signing.

The consent must be confirmed in the reservation process by ticking the box. Your consent is voluntary. Without your consent, we can not manage your data technically economically, which would result in an increase of your rental price by about 30%.

If you do not agree, please contact us at vermietung@brst.de or send us the signed rental contract by mail or sign it directly at our office. You still have to pay your deposit.

Payment function with PAYONE

We offer you the following payment methods via PAYONE on our site: Credit card (Visa, American Express, Master Card), SEPA direct debit. Provider of this payment service is PAYONE GmbH, Lyoner Straße 9, 60528 Frankfurt am Main, Germany, (hereinafter “PAYONE”). Payment transactions are made exclusively via an encrypted SSL or TLW connection. After clicking on “Buy” you will be redirected to the SSL encrypted website of PAYONE. Your payment data entered there will be transmitted to PAYONE. You can recognize an encrypted connection by the fact that the address line of the browser changes from http:// to https:// and by the lock symbol in your browser line. With encrypted communication, the payment data you transmit cannot be read by unauthorized third parties.

If you choose payment via PAYONE, the payment data you enter will be transmitted to PAYONE. Data protection information from PAYONE can be found here: https://www.payone.com/DE-de/dsgvo

Status: December 2022