Privacy Policy

Privacy policy

Data protection information regarding visits to our websites

General notes and mandatory information

When you visit our website, various data, including personal data, is collected. We treat your personal data (definition according to Art. 4 (1) DSGVO) confidentially and according to the legal data protection regulations. This privacy policy explains what data we collect, what we use it for, how and for what purpose this is done. This is done primarily to provide you with convenient and secure access to our information and offers. Of course, we also pursue economic interests with our web presence, with which we want to strengthen both our image and our sales. For reasons of fairness and transparency, we are happy to inform you about this in detail below in accordance with the EU Data Protection Regulation (GDPR):

Who is responsible for data collection?

The Bürgermeister-Reuter-Stiftung https://www.brst.de/impressum/ as website operator is responsible for the data collection based on your visit to this website.

How do we collect your data?

On the one hand, your data is automatically collected by the IT systems used when you visit the website. This is mainly technical data (e.g. internet browser, operating system or time of page view). This data is collected automatically as soon as you enter our website. Other data is collected when you provide it to us. This can be, for example, data that you enter in a contact form.

What do we use your data for?

Part of the data is collected to ensure error-free provision of the website. We explain further details in the following sections.

TLS encryption

This site uses TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or enquiries that you send to us as the site operator. You can recognise an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line. If TLS encryption is activated, the data you transmit to us cannot be read by third parties.”

Your contact to our data protection officer

We have appointed the company mb-Datenschutz GmbH https://mb-datenschutz.de/ as data protection officer.

Please direct any queries regarding data protection to the e-mail address dsb@brst.de.

(For all other inquiries please use the following e-mail address: info@brst.de).

Data collection on our website

Cookies

Our website uses so-called cookies. These serve to make our offer more user-friendly, effective and secure. Cookies are text files that are stored in the browser on your terminal device.

Cookies do not cause any damage to your computer and do not contain viruses. A distinction is made between so-called “session cookies” and “persistent cookies”. The former are automatically deleted at the end of your visit. Other cookies remain stored on your terminal device until they expire or are deleted. These cookies make it possible to recognise your browser on your next visit and to apply the settings you have previously made for you. You can set your browser so that you are informed about the setting of cookies and only allow them in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If you deactivate cookies, the functionality of this website may be limited.

Session cookies, which are required to carry out the electronic communication process, are stored on the basis of Art. 6 (1) lit. f DSGVO. The website operator has a legitimate interest in storing cookies for the technically error-free and optimized provision of its services. Insofar as other cookies (e.g. for the analysis of your surfing behaviour) are stored, these are treated separately in this data protection declaration.

Server log files

The provider of our website automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. The data in the log files include:

  • the referrer URL (the website you came from),
  • the browser type, browser version and language,
  • the operating system used and its interface,
  • the IP address (anonymized),
  • the time of the server request,
  • the http status code – access status,
  • the amount of data transferred,

The storage period is 7 days. This data is not merged with other data sources.

Art. 6 (1) lit. f DSGVO is the legal basis for data processing, which permits the processing of data for the optimal presentation and security of the website based on our legitimate interest.

Visitor interaction with the website

Reservation mask

If you send us your reservation request, your details from the enquiry form, including the contact details you provide there, will be stored by us for the purpose of processing the enquiry and in the event of follow-up questions. We do not pass on this data to third parties without your consent.

The processing of the data entered in the enquiry form is generally carried out on the legal basis of Art. 6 Para. 1 lit. b DSGVO (contract initiation or implementation). Your data will remain with us until you request us to delete it or the purpose for storing the data no longer applies (e.g. after processing your enquiry has been completed). If we have to comply with legal retention periods, we delete them after their expiry.

Comment function on this website

For the comment function on this site, in addition to your comment, information on the time of the creation of the comment, your e-mail address and, if you do not post anonymously, the username you have chosen will be stored.

The storage of comments is based on your consent (Art. 6 para. 1 lit. a DSGVO), which you can revoke at any time. For this purpose, an informal communication by e-mail to us is sufficient. The legality of the data processing operations carried out until then remains unaffected by the revocation.

Our comment function stores the IP addresses of users who post comments until the commented content has been completely deleted or the comments have to be deleted for legal reasons (e.g. offensive comments). We need this data to be able to take action against the author in the event of legal violations. The legal basis is our legitimate interest (Art. 6 para. 1 lit. f DSGVO). Independently of this, we check the comments on our site before activating them. If we are requested by investigating authorities to hand over data due to infringing comments, this is done on the legal basis of the legal obligation to hand over data (Art. 6 para. lit. c DSGVO).

Company pages in social media

Privacy policy for our Facebook presence

The goals of our Facebook page are

  • direct contact with our online visitors with the aim of customer acquisition and retention and the associated offer of contemporary communication channels,
  • references to our contributions and offers,
  • statistical analyses for our own market research purposes.

According to Art. 6 (1) f DSGVO, the use of this social media channel is in our legitimate interest. Nevertheless, it is important to us to inform you transparently here as far as possible about the data protection-relevant matters for which we bear active joint responsibility.

When you visit our Facebook page, Facebook collects, among other things, your IP address and other information that is available in the form of cookies on your terminal device. This information is used to provide us, as the operator of the Facebook page, with statistical information about the use of our page. If you would like to avoid this, log out of Facebook or disable the option “remain logged in” and configure your browser so that cookies are not set or are deleted promptly. For more information on Facebook’s use of cookies, please see their Cookie Policy. You can also influence the way Facebook uses your data to a small extent in the advertising settings and in the general settings.

For the basic functions, you can find Facebook’s privacy policy here: https://www.facebook.com/privacy/explanation

The data collected about you in this context is processed by Facebook Ltd. and may be transferred to countries outside the European Union. Facebook describes in general terms what information it receives and how it is used in its data use policy.

What rights do you have under the EU-DSGVO?

The EU Data Protection Regulation aims to ensure that you, as the data subject, have the greatest possible control over your personal data. All data that can be directly or indirectly related to you as a person is considered personal data. In order for you to effectively exercise control over your data, you have the following rights vis-à-vis us:

  • the right to information according to Art. 15 EU-DSGVO,
  • the right to rectification according to Art. 16 EU-DSGVO,
  • the right to deletion according to Art. 17 EU-DSGVO,
  • the right to restriction of processing pursuant to Art. 18 EU-DSGVO and
  • the right of objection from Art. 21 EU-DSGVO as well as
  • the right to lodge a complaint with a supervisory authority pursuant to Art. 77 EU-DSGVO if you believe that we are processing your data unlawfully. You can find the supervisory authority responsible for our company here: https://www.bfdi.bund.de/DE/Home/home_node.html

The right to data portability according to Art. 20 would only be relevant when visiting our website if you had the possibility to create a profile (e.g. applicant profile, member profile or similar) or to enter corresponding information about yourself.

Status: 15.09.2021

Data protection information regarding Handling of the Data of Tenants and Prospective Tenants

Collection of personal data when initiating and processing rental agreements

Dear tenant, dear prospective tenant,

in the course of the EU General Data Protection Regulation (EU-DSGVO), information obligations are imposed on us as the controller of personal data. According to Art. 13 and Art. 14 EU Data Protection Regulation, we therefore inform you about the following points:

Responsible body
The responsible body of processing is
Bürgermeister-Reuter-Stiftung
Wichmannstr. 6
10787 Berlin
Phone: +49 30 491022-0
Email: info@brst.de

Internet
On our homepage www.brst.de you will find further information about our company in the imprint, details of the persons authorised to represent us and also further contact options.


Website: https://www.brst.de/impressum
Contact person / data protection officer


The company mb-Datenschutz GmbH is the data protection officer.

Legal bases and purposes for processing your data:

  • The EU-DSGVO Art. 6 (1) a) allows us to process your data based on your consent for certain purposes, e.g. subscribing to our newsletter.
  • The EU-DSGVO Art. 6 (1) b) covers data processing, which is necessary for the fulfillment of a contract (rental contract) as well as for pre-contractual measures.
  • The EU-DSGVO Art. 6 (1) c) allows us to process your data on the basis of a legal obligation, e.g. due to retention obligations under financial and tax law.
  • Art. 6 (1) f) EU-DSGVO allows us to process your personal data if we or a third party have legitimate interests in this processing and your interests, fundamental rights or freedoms do not conflict with this, e.g. for:
    o internal evaluations and marketing analyses,
    o the avoidance of injury and/or liability to the company by taking appropriate measures,
    o the assertion, exercise or defense of legal claims
    o the video surveillance for exercising our house right.

Duration of data storage:
General storage period:
After the purpose of the data processing has ceased and the legal retention periods have expired, your personal data will be deleted. As a rule, there are 6- or 10-year retention obligations for companies.

Special storage period:
– for video recording 72 hours
If the storage is based on your consent, we will delete your personal data if you revoke your consent.


Recipients of your personal data:
In our company, only those employees who need to access your personal data in order to perform their duties are granted access to the extent necessary.
Employed service providers may receive your data to fulfil the purposes described if they comply with the confidentiality requirements under data protection law. These can be, for example, companies in the categories: IT services, printing and shipping services, market research companies, call centers, logistics companies, companies that perform data destruction for us. These service providers are so-called AV service providers (order processors), which are contractually specifically obliged according to legal requirements.
If, in our opinion, a credit check appears to be necessary prior to the conclusion of the rental agreement, data will be transmitted to corresponding credit agencies in Germany.
If you have given us a SEPA mandate for the collection of your rent, our house bank will receive your data for the execution of the direct debit collection from your account.
Your data will be passed on to public authorities if there is a legal obligation to do so.
Your data will only be passed on to recipients outside the EU/EEA if this is necessary for communication with you (your provider’s registered office is outside the European Union) or if you have given us the name of a bank outside the EU/EEA for the repayment of your deposit.

Data we receive about you from others:
If a credit check is carried out before the start of the contract, we will receive data about you from the relevant credit agency.

If you have booked your apartment via an online portal, we will receive personal data from this portal.
Your privacy rights:

You have

  • the right to information according to Article 15 EU-DSGVO,
  • the right of rectification in accordance with Article 16 EU GDPR,
  • the right to deletion according to Article 17 EU-DSGVO,
  • the right to restriction of processing pursuant to Article 18 EU-DSGVO as well as
  • the right to object under Article 21 EU GDPR.

In addition, you have a right of appeal to a data protection supervisory authority in accordance with Article 77 EU-DSGVO.

Latest update: September 15th, 2021

The following information is in regard of the process of  reservation at the subdomain portal.home-in-berlin.de

Consent to the Processing of your Tenants’ Data:

For the management of prospective and existing tenants, we process data with, inter alia, the aid of US technical service providers. These service providers (US provider: Microsoft) enable us to offer you comfortable digital processes and residential services, both in the initiation phase as well as during the tenancy period. At the same time this is the only way enabling us to  handle our management processes economically and efficiently and consequently offer you such a good rental price.

EU law demands that we explain this to you clearly before you send your data to us and that you consent to the processing. The reason for this is that the EU considers the data protection level in the USA to be not appropriate at the present, as the use of US service providers brings with it the risk that US authorities could access your data and neither we nor the respective provider or you would be able to defend you(rself) against that. In order to minimise the risk of access by US authorities, we process your data in Europe. We have carefully selected all service providers and concluded appropriate data protection contracts with them.

Your consent will be required during the process of reservation. Your consent is voluntary and you may revoke it at any time. Without your consent, we cannot manage your data technically in an economic manner, the consequence of which would be an increase of your rent by appx. 30 %.

Should you choose not to consent, please contact us via vermietung@brst.de. Once you leave this website, the data you previously entered will be deleted automatically.

Consent to the Digital Signing Function using HelloSign:

For convenient, digital signing, we have integrated a service provider into the process for the conclusion of the tenancy agreement. Your signature will be sent in encrypted form  to the Company JN Projects, Inc. dba HelloSign in Delaware, USA and stored only temporarily and solely for the purpose of data processing (signing the tenancy agreement) in den USA. Immediately after the signing, your data will be deleted there automatically. EU law demands that we explain this to you clearly before you send your data to us and that you consent to your data being transmitted to the USA. The reason for this is that the EU considers the data protection level in the USA to be not appropriate at the present, as the use of US service providers brings with it the risk that US authorities could access your data and neither we nor the respective provider or you would be able to defend you(rself) against that. In order to minimise the risk of access, we have concluded appropriate contracts and guarantees. Without this service provider, we would not be able to offer you this convenient signing procedure.

Your consent will be required during the process of reservation. Your consent is voluntary and you may revoke it at any time. Without your consent, we cannot manage your data technically in an economic manner, the consequence of which would be an increase of your rent by appx. 30 %.

Should you choose not to consent, please contact us via vermietung@brst.de, or return the tenancy agreement, signed, to us by post or sign it directly in our office. You must nonetheless make your deposit in the next step.

Payment Function using PAYONE

On our website, we offer you the following payment methods via PAYONE: Credit card (Visa, American Express, Master Card), SEPA direct debit. The provider of this payment service is PAYONE GmbH, Lyoner Straße 9, D-60528 Frankfurt am Main, (hereinafter referred to as “PAYONE”). Payment transactions are carried out exclusively via an encrypted SSL or connection. After clicking on “Buy,” you will be forwarded to the SSL-encrypted website of PAYONE. The payment data you entered there will be transmitted to PAYONE. You recognise an encrypted connection by the fact that the address line of your browser changes from http:// to https:// and also by the lock symbol in your browser line. In encrypted communication, the payment data that you transmit cannot be read by unauthorised third parties.

If you select payment via PAYONE, the payment data entered by you will be sent to PAYONE. PAYONE’s data protection information is to be found here

Latest update: Februrary 15th, 2022