Log in
Get started

Data sharing policy for landlords (Shared Data Policy)

  1. Purpose of this policy

This policy describes how prospective tenants and tenants (‘users’) can voluntarily and independently transfer personal data to landlords or the platforms they use via the rentcard platform.

  1. Definitions

Landlords: Includes landlords, estate agents, property managers, real estate companies and service providers commissioned by them.

Platforms: Includes real estate portals, CRM/ERP systems and other digital solutions used by landlords to process rental enquiries.

  1. Principle of data sharing

Data is only shared via rentcard in accordance with the principle of voluntary, informed and self-determined data sharing by the user.

This complies with the principles of the GDPR, in particular the principles:

  • of data minimisation (Art. 5(1)(c) GDPR),
  • purpose limitation (Art. 5(1)(b) GDPR),
  • transparency (Art. 5(1)(a) GDPR)
  • and consent as the legal basis (Art. 6(1)(a) GDPR).

No data is transferred without active consent.
Revocation is only effective for the future.

  1. Categories of data that can be shared

Depending on the user’s selection, the following categories may be transferred:

  • Contact and basic data
  • Information from the self-disclosure
  • Verified income or rent payment information (e.g. through open banking or uploaded documents; no account statements or raw data)
  • Result of the identity check (‘verified’ / ‘not verified’, if applicable with the full name in the identity document)
  • Creditworthiness information in the form of a traffic light display (green, yellow, red; no score, no detailed claims)
  • Result of the sanctions list check (‘possible match with link’, ‘no match’)
  • Other documents that the user actively selects (e.g. employment contract, proof of income)

The following data will not be disclosed:

  • Bank access data
  • TAN/2FA data
  • Complete account statements or transaction data
  • ID photos or video files from the identity check
  • Raw data from open banking
  1. Responsibilities

User

  • Decides on the type, scope and recipient of the data release
  • Remains responsible for the release decision
  • Can revoke releases with future effect at any time

rentcard

  • Provides the technical infrastructure
  • Transmits data only after active release
  • Clearly marks verified information
  • Does not use data for other purposes

Landlords/platforms

  • May only access data with valid user authorisation
  • Are responsible parties themselves within the meaning of the GDPR
  • May only process the data for the purpose of selecting tenants
  • Must delete data when the purpose of processing no longer applies
  1. Scope of transmission

Only data that the user has selected and authorised in each individual case is transmitted. There is:

  • no automatic transfer
  • no silent or implicit approvals
  • no transfer in the background
  1. Transparency towards the user

Before each approval, the user is clearly informed about:

  • which data categories are transferred
  • to which landlords or platforms
  • and for what purpose
  1. Revocation of approval

The user can revoke any approval at any time with effect for the future.
No further transfers will take place after the revocation.

  1. Reference to the data protection provisions

This policy supplements the legal information in our privacy policy.
Details on the legal basis, storage periods, rights of data subjects and the processing of personal data by rentcard can be found in our data protection provisions at: https://www.rentcard.app/privacy-policy.

Scroll to Top