In the context of the use of this website, personal data of you will be processed by us as the data controller and stored for the duration necessary to fulfill the specified purposes and legal obligations. In the following, we inform you about what data is involved, how it is processed and what rights you have in this regard.
Personal data is, according to Art. 4 No. 1 of the General Data Protection Regulation (GDPR), any information relating to an identified or identifiable natural person (hereinafter “user”).
1. Name and contact details of the controller according to §5 TMG / §14 GDPR
Leopoldstraße 169 a
Phone: +49 89 2154576
Dr. Hendrik Braun, Martin Diessner
Munich, Munich District Court
Commercial register number: HRB283986
You can contact us directly at email@example.com at any time with questions about data protection law or your data subject rights.
2. Storage period of the personal data
In principle, your personal data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected.
The data from your user account will be stored as long as the user account has not been deleted.
Insofar as we are subject to statutory retention periods, we store the data until their expiry. Upon termination of the contractual relationship, we will block your user account.
At the latest after six (6) months from the termination of the contract, we will permanently delete your user account including all personal data.
This does not apply if we still need the data in question to enforce claims against you or if we are legally or contractually obliged to retain the data. If the user’s data is not deleted in order to comply with contractual or legal obligations, its processing will be restricted.
The data will be blocked accordingly and not processed for other purposes. This applies, for example, to user data that must be retained for reasons of commercial or tax law.
3. Processing of personal data and purposes of processing
For the provision of this website, we use the web hosting service Google Cloud EMEA Limited (70 Sir John Rogerson’s Quay, Dublin 2, Ireland) in the data center in 9909 TA Eemshaven (hereinafter “Google”).
The provision of a website requires the commissioning of a web hosting service. The use of Google is in accordance with Art. 6 para. 1 p. 1 lit. f DSGVO due to our legitimate economic interest to provide our offer on this website. In connection with the hosting, Google processes personal data on our behalf, which is generated during the use of the website.
We have concluded an order processing contract with Google. Through this contract, the service provider assures that it processes the data in accordance with the General Data Protection Regulation and ensures the protection of the rights of the data subject.
3.2 When visiting the website
You can access the website www.rentcard.app without having to disclose any information about your identity. The browser used on your terminal device only automatically sends information to the server of our website (e.g. date and time of access, name and URL of the file accessed, browser type and version, website from which access is made (referrer URL)).
This also includes the IP address of your requesting end device. This is temporarily stored in a so-called log file and automatically deleted after 12 weeks:
The processing of the IP address is carried out for technical and administrative purposes of connection establishment and stability, in order to ensure the security and functionality of our website and to be able to pursue any illegal attacks on this if necessary.
The legal basis for the processing of the IP address is Art. 6 para. 1 p. 1 lit. f DSGVO. Our legitimate interest follows from the aforementioned security interest and the necessity of a trouble-free provision of our website.
We cannot draw any direct conclusions about your identity from the processing of the IP address in the log file.
3.3 When ordering a rentcard
You have the option to create a digital tenant passport with us.
For the order processing, we need the following information from you:
* first name, last name, phone number as well as
* a valid e-mail address.
We only store your personal data if you have voluntarily given us your consent to do so in accordance with Art. 6 (1) p. 1 lit. a DSGVO.
Your data for further use will be automatically deleted as soon as the purpose of storage ceases to apply. unless we are obliged to store it for a longer period of time according to Art. 6 para. 1 p. 1 lit. c DSGVO due to tax and commercial law retention and documentation obligations (from HGB, StGB or AO) or you have consented to the storage beyond this according to Art. 6 para. 1 p. 1 lit. a DSGVO.
3.4 Usage of the account information service of finAPI GmbH
We use an account information service (hereinafter “AIS”) for the creation of your tenant passport, which has a corresponding PSD2 license.
To retrieve your bank data, you need the access data to your respective bank accounts (“Access Data”), which you enter directly at your bank via a corresponding interface. This gives us access to your account data, i.e. data on incoming and outgoing payments of your bank, credit card and/or payment service accounts activated by you on the platform by providing your bank details or access data are made available to us on the basis of your consent to your account-holding institution.
We process this data, as well as any related information, in order to provide the services you have requested in connection with the creation of the tenant pass, e.g.
- to issue the tenant pass you have ordered
- to provide it to you for your information
- to make it available to our cooperation partners, if this is necessary for the provision of further services requested by you.
In order to fully utilize the features we offer, we also require the following information from you to verify your account:
The provision of the AIS is carried out by finAPI GmbH as the responsible party within the meaning of the DSGVO.
3.5 When creating the rentcard (account postings)
In order to create the rentcard, the creditworthiness and account data provided by you in the context of your use and the account entries read in via this are used.
This is done in such a way that an automatic algorithm selects payment transactions such as salary receipts and rent payments and their frequency in the past three to twelve months from the account entries and uses them to create totals and/or average values.
rentcard will store an electronic copy of the tenant’s passport for a maximum of six months after the expiration of the statutory limitation period (§ 195 BGB), calculated from the expiration of 90 days, and will then delete the copy within a further month.
This data processing is necessary for the fulfillment to create the rentcard, Art. 6 para. 1 p. 1 lit. B DSGVO.
3.6 Use of the self-disclosure in the rentcard
To create the tenant passport, additional data is also processed within the scope of a tenant self-disclosure and rentcard uses the personal master data provided by you.
In order to be able to fully use the self-disclosure in the tenant pass, we also require personal information from you (personal master data), such as:
- Number of rooms
- Net household income
- Smoking habits
- Telephone number
rentcard will store an electronic copy of the tenant self-disclosure no longer than six months after the expiration of the statutory limitation period (§ 195 BGB) calculated from the expiration of 90 days and will then delete the copy within a further month. This data processing is necessary for the fulfillment to create the tenant self-disclosure, Art. 6 para. 1 p. 1 lit. B DSGVO.
After expiry of the deadline, your data will be automatically deleted for further use, unless we are obliged to store it for a longer period of time according to Article 6 para. 1 p. 1 lit. c DSGVO due to tax and commercial law retention and documentation obligations (from HGB, StGB or AO) or you have consented to the storage beyond this according to Art. 6 para. 1 p. 1 lit. a DSGVO.
3.7 When registering for a newsletter
If you have expressly consented in accordance with Art. 6 para. 1 p. 1 lit. a DSGVO, we will use your e-mail address to send you our newsletter on a regular basis. For the receipt of the newsletter, the specification of an e-mail address is sufficient.
You can unsubscribe at any time by clicking on the “Unsubscribe” link at the end of the newsletter. Alternatively, you can also send your unsubscribe request at any time by e-mail to firstname.lastname@example.org.
3.8 When using our contact form
We offer you the possibility to send us general inquiries via the contact form provided online. Here we collect the following mandatory information:
- e-mail address
- Your personal message
We need your name to know from whom the request originates. We need your e-mail address to be able to answer your request.
This data processing is carried out in the context of answering the contact request on the basis of our legitimate interest pursuant to Art. 6 (1) lit. f DSGVO.
The personal data collected by us for the use of the contact form will be deleted, provided that your request has been finally answered and the deletion is not contrary to any statutory retention obligations.
3.9 When using your user account (“Account”)
In order to be able to use our services to the full extent, you have the possibility to register with us on the platform (Website: www.rentcard.app). To do this, you must open an account and enter your e-mail address and password.
The use of this data by us takes place,
- to set up your user account and
- to check the plausibility of the data entered.
You can supplement or change your profile information in your account with further personal details. Your profile information will be stored by us for the duration described in section 2.
4. Data sharing
Your personal data will not be transferred for purposes other than those listed below.
a) We process and use the data that you transmit to us as part of the order via www.rentcard.app to the extent that this is necessary for the provision and billing of the respective services.
b) For other purposes
In addition, we will only share your personal information with third parties if:
- you have given your express consent in accordance with Art. 6 para. 1 p. 1 lit. a DSGVO;
- in the event that there is a legal obligation for the disclosure pursuant to Art. 6 para. 1 p. 1 lit. c DSGVO.
5. Cookies and Pixel-tags
In the cookie, information is stored that arises in each case in connection with the specific end device used. However, this does not mean that we gain direct knowledge of your identity.
We use pixel tags (also called tracking pixels) as part of our online offering. Pixels are small graphics that are embedded in the HTML code of our site. The pixel tag itself does not store or change any information on your end device, so pixels do not cause any damage to your end device, do not contain viruses, Trojans or other malware.
The pixels send your IP address, the referrer URL of the website visited, the time at which the pixel was viewed, the browser used, and previously set cookie information to a web server. This enables us to carry out reach measurements and other statistical evaluations, which serve to optimize our offer.
In addition, we also use temporary cookies to optimize user-friendliness, which are stored on your terminal device for a certain fixed period of time. If you visit our site again to use our services, it is automatically recognized that you have already been with us and which entries and settings you have made so that you do not have to enter them again.
The data processed by cookies is necessary for the aforementioned purposes to protect our legitimate interests and those of third parties in accordance with Art. 6 (1) p. 1 lit. f DSGVO.
Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer or a notice always appears before a new cookie is created. However, the complete deactivation of cookies may mean that you cannot use all the functions of our website. You can prevent the use of pixels on our pages by using appropriate tools or browser add-ons (e.g. the “AdBlock” add-on for the Firefox browser).
You can find further opt-out options in the following information about the tools we use.
6. Web Analytics
The tracking and targeting measures listed below and used by us are carried out on the basis of Art. 6 (1) p. 1 lit. f DSGVO.
With the tracking measures used, we want to ensure a needs-based design and continuous optimization of our website. On the other hand, we use the tracking measures to statistically record the use of our website and to evaluate it for the purpose of optimizing our offer for you.
By means of the targeting measures used, we want to ensure that you are only shown advertising on your end devices that is oriented to your actual or presumed interests.
These interests are to be regarded as legitimate within the meaning of the aforementioned provision.
The respective data processing purposes and data categories can be found in the corresponding tracking and targeting tools.
6.1 Google Analytics
We use Google Analytics on our website, a web analytics service provided by Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereinafter “Google”). In this context, pseudonymized usage profiles are created and cookies are used (see section 4). The information generated by the cookie about your use of this website such as:
* browser type/version,
* operating system used,
* referrer URL (the previously visited page),
* host name of the accessing computer (IP address),
* time of the server request,
are transmitted to a Google server in the USA and stored there. Google complies with the data protection provisions of the “US Privacy Shield” and is registered with the “US Privacy Shield” program of the US Department of Commerce. In addition, we have concluded an order processing agreement[HR27] with Google for the use of Google Analytics. Through this contract, Google assures that they process the data in accordance with the General Data Protection Regulation and ensure the protection of the rights of the data subject.
The information is used to evaluate the use of the website, to compile reports on website activity and to provide other services related to website and internet usage for the purposes of market research and demand-oriented design of these internet pages.
This information may also be transferred to third parties if this is required by law or if third parties process this data on our behalf. Under no circumstances will your IP address be merged with other Google data. The IP addresses are anonymized so that an assignment is not possible (IP masking).
You can prevent the installation of cookies by selecting the appropriate settings on your browser software. However, we would like to point out that in this case not all functions of this website can be used to their full extent.
You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing a browser add-on.
As an alternative to the browser add-on, especially for browsers on mobile devices, you can also prevent the collection by Google Analytics by clicking on this link. An opt-out cookie will be set, which prevents the future collection of your data when visiting this website. The opt-out cookie is only valid in this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you must set the opt-out cookie again.
Further information on data protection in connection with Google Analytics can be found, for example, in the Google Analytics Help.
6.2 Google AdWords Conversion Tracking
We use Google Conversion Tracking of Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter: “Google”) on our website to statistically record the use of our website and to evaluate it for the purpose of optimizing our offer for you. Google AdWords sets a cookie on your computer if you have accessed our website via a Google ad.
These cookies lose their validity after 30 days. If the user visits certain pages of the AdWords customer’s website and the cookie has not yet expired, Google and the customer can recognize that the user clicked on the ad and was redirected to this page.
The information generated by the cookie about your use of this website is transmitted to a Google server in the USA and stored there. Google observes the data protection provisions of the “US Privacy Shield” and is registered with the “US Privacy Shield” program of the US Department of Commerce. In addition, we have concluded an order processing agreement with Google for the use of Google AdWords. Through this contract, Google assures that they process the data in accordance with the General Data Protection Regulation and ensure the protection of the rights of the data subject.
Each AdWords customer receives a different cookie. Cookies can therefore not be tracked via the websites of AdWords customers. The information obtained using the conversion cookie is used to create conversion statistics for AdWords customers who have opted for conversion tracking. We learn the total number of users who clicked on their ad and were redirected to a page tagged with a conversion tracking tag. However, you will not receive any information that personally identifies users.
If you do not wish to participate in the tracking process, you can also refuse the setting of a cookie required for this – for example, via a browser setting that generally disables the automatic setting of cookies. You can also disable cookies for conversion tracking by setting your browser to block cookies from the “www.googleadservices.com” domain.
6.3 Google DoubleClick
On our website, information is collected and evaluated using cookies to optimize advertising. For this purpose, we use targeting technologies of Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (Double Click, Double Click Exchange Buyer, Double Click Bid Manager).
These technologies enable us to target you with individually interest-based advertising. The cookies used record, for example, which of our content you were interested in. Based on this information, we can also show you offers on third-party sites that are specifically geared to your interests, as determined by your previous user behavior. The collection and analysis of your user behavior is exclusively pseudonymous and does not allow us to identify you.
The cookie is automatically deleted after 30 days.
You can also make settings for the display of interest-based advertising via Google’s ad settings manager.
6.4 Google Tag Manager
The Tag Manager tool itself (which implements the tags) is a cookie-less domain. The tool takes care of triggering other tags, which in turn may collect data. Google Tag Manager does not access this data. If a disable has been set at the domain or cookie level, it will remain in place for all tracking tags implemented with Google Tag Manager.
6.5 Google Dynamic Remarketing
We use the functions of Google Dynamic Remarketing in conjunction with the cross-device functions of Google AdWords and Google DoubleClick.
This function makes it possible to link the advertising target groups created with Google Dynamic Remarketing with the cross-device functions of Google AdWords and Google DoubleClick. In this way, interest-based, personalized advertising messages that have been adapted to you depending on your previous usage and surfing behavior on one end device (e.g. cell phone) can also be displayed on another of your end devices (e.g. tablet or PC).
If you have given Google the corresponding consent, Google will link your web and app browsing history with your Google account for this purpose. In this way, the same personalized advertising messages can be served on every end device on which you log in with your Google account.
To support this feature, Google Analytics collects Google-authenticated IDs of users that are temporarily linked to our Google Analytics data to define and create audiences for cross-device ad targeting.
We use the analysis tool “Mouseflow” from Mouseflow ApS, Denmark (www.mouseflow.com), on our website and in our applications to record randomly selected individual visits (only with anonymized IP address). This creates a log of mouse movements, mouse clicks and scroll movements as well as keyboard interaction, with the intention of randomly replaying individual visits to this website as so-called session replays as well as evaluating them in the form of so-called heatmaps and deriving potential improvements for our website from them.
The data collected by Mouseflow is not personal and will not be passed on to third parties. The storage and processing of the collected data takes place within the EU. If you do not wish to have your data collected by Mouseflow, you can object to this on all websites that use Mouseflow by clicking on the following link: https://mouseflow.com/opt-out/. An opt-out cookie will be set that prevents future collection of your visits to websites that use Mouseflow. The opt-out cookie is only valid in this browser and is placed on your device. If you delete the cookies in this browser or use a different terminal device, you must set the opt-out cookie again. You can find more information about data protection at Mouseflow at https://mouseflow.com/privacy/
7. Data subject rights
You have the right:
* in accordance with Art. 7 (3) DSGVO to revoke your consent once given to us at any time. This has the consequence that we may no longer continue the data processing based on this consent for the future;
* to request information about your personal data processed by us in accordance with Art. 15 DSGVO. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data have been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of complaint, the origin of your data if it has not been collected by us, as well as the existence of automated decision-making, including profiling, and, if applicable, meaningful information about its details;
* pursuant to Art. 16 DSGVO, to request without undue delay the correction of inaccurate or completion of your personal data stored by us;
* pursuant to Art. 17 DSGVO, to request the erasure of your personal data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defense of legal claims;
* pursuant to Art. 18 DSGVO, to request the restriction of the processing of your personal data, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you object to its erasure and we no longer need the data, but you need it for the assertion, exercise or defense of legal claims or you have objected to the processing pursuant to Art. 21 DSGVO;
* pursuant to Art. 20 DSGVO, to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request that it be transferred to another controller; and
* complain to a supervisory authority in accordance with Art. 77 DSGVO. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our company headquarters for this purpose.
8. Information about your right to object according to Art. 21 DSGVO
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6(1)(e) DSGVO (data processing in the public interest) and Article 6(1)(f) DSGVO (data processing on the basis of a balance of interests); this also applies to profiling based on this provision of Article 4 No. 4 DSGVO.
If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims.
If your objection is directed against processing of data for the purpose of direct marketing, we will immediately stop the processing. In this case, it is not necessary to specify a particular situation. This also applies to profiling, insofar as it is related to such direct advertising.
If you wish to exercise your right to object, an e-mail to email@example.com is sufficient.
9. Data security
All data transmitted by you personally is encrypted using the generally accepted and secure standard TLS (Transport Layer Security). TLS is a secure and proven standard that is also used, for example, in online banking. You can recognize a secure TLS connection, among other things, by the appended s to http (i.e. https://..) in the address bar of your browser or by the lock symbol in the lower area of your browser.
We also use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.