Privacy Policy
1. General information on data processing
1.1. Scope of the processing of personal data
In principle, we only collect and process our users’ personal data if this is required to provide a functioning website, or to provide our content and services. Normally, our users’ personal data is only collected and used with their consent. An exception may apply in instances where it is not possible to seek prior consent for specific reasons and where the data processing is permitted by law.
1.2. Disclosure of personal data
Your data is not disclosed further.
1.3. Legal basis for processing personal data
Providing we seek the data subject’s consent for processing their personal data, Art. 6(1)(a) EU General Data Protection Regulation (GDPR) serves as the legal basis.
In the event that we process personal data to fulfil a contract to which the data subject is party, Art. 6(1)(b) GDPR is the legal basis. This also applies to processing required for steps prior to entering into a contract. If personal data is processed so that our company can meet a legal obligation to which it is subject, Art. 6(1)(c) GDPR is the legal basis.
In the case that processing is necessary in order to protect the vital interests of the data subject or another natural person, Art. 6(1)(d) GDPR is the legal basis.
If the processing serves to protect a legitimate interest pursued by our company or a third party and this interest is not overridden by the interests, fundamental rights and freedoms of the data subject, Art. 6(1)(f) GDPR is the legal basis for processing.
1.4. Data erasure and duration of storage
The data subject’s personal data will be erased or made inaccessible as soon as the purpose for which it is being stored no longer applies. It may be stored beyond this point if this is foreseen by European or national legislators in regulations, laws or other provisions under European Union law to which the controller is subject. Data is also made inaccessible or erased if the storage duration stipulated in the above norms has expired, unless the data needs to be stored for longer so that a contract can be entered into or executed.
2. Provision of the website and creation of log files
2.1. Description and scope of data processing
Every time our website is accessed, our system automatically records data and information about the system used by the computer accessing the website.
The following data is collected in the process:
- The browser type and version used
- The user’s operating system
- The user’s internet service provider
- The user’s IP address
- The data and time of access
The websites from which the user’s system accessed our website
The websites that were accessed by the user’s system via our website
The log files contain IP addresses or other pieces of data that can be associated with a user. This may be the case if, for instance, the link to the website from which the user accesses our website or the link to the website to which the user then proceeds contains personal data.
The data is also stored in our system’s log files. This data is not stored with other personal data concerning the user.
The data is also stored in our system’s log files. This does not relate to the user’s IP address or other data that enables the data to be associated with a user. This data is not stored with other personal data concerning the user.
2.2. Legal basis for data processing
The legal basis for the temporary storage of the data and log files is Art. 6(1)(f) GDPR.
2.3 Purpose of data processing
The IP address needs to be temporarily stored by the system so the website can be delivered to the user’s computer. To this end, the user’s IP address has to be stored for the duration of the session.
Data is stored in log files to ensure the functionality of the website. In addition, the data enables us to optimise the website and to ensure the security of our IT system. The data is not evaluated for marketing purposes in this context.
This also represents our legitimate interest in data processing under Art. 6(1)(f) GDPR.
2.4 Duration of storage
Your data is erased as soon as it is no longer required for the purpose for which it was collected. If the data is collected to deliver the website, this is the case when the relevant session has come to an end.
Should the data be stored in log files, this is the case after a maximum of seven days. It is possible that data will be stored for longer. In this instance, the users’ IP addresses will be erased or anonymised so that they can no longer be associated with the client accessing the site.
2.5 Objection and elimination options
The data needs to be recorded in order for the website to be delivered; data is stored in log files, as this is necessary for the operation of the website. As a result, users cannot object to this.
3. Use of cookies
3.1 Description and scope of data processing (analysis of browsing behaviour)
On our website, we use cookies that enable users’ browsing behaviour to be analysed. The following data may be transmitted by cookies:
- Search terms entered
- Frequency of page access
- Usage of website features
Users’ data collected in this way is pseudonymised via technical methods. As a result, the data cannot be associated with the user accessing the site. The data is not stored with other personal data from users.
In addition, you can manage the installation of cookies yourself at any time by changing your browser settings and/or deleting all cookies. [cookies_revoke]
3.2 Data collection by Google Analytics
Our website uses Google Analytics, a web analytics service provided by Google Inc. Google Analytics uses ‘cookies’. These text files are stored on your computer and enable your use of the website to be analysed. For instance, cookies record information on your operating system, browser, IP address, the website previously accessed by you (referrer URL) and the data and time of your visit to our website. The information on your use of our website generated by this text file is transmitted to a Google server in the USA and stored there. Google will use this information to evaluate your use of our website, to compile reports on website activity for website operators and to provide other services associated with website use and internet use. Google will also disclose this information to third parties if this is required by law or if third parties process this data on behalf of Google. The data is used in anonymised or pseudonymised form. Further information can be found via Google: click here.
3.3 Use of remarketing or the ‘Similar Audiences’ feature provided by Google Inc.
On our website, we use the remarketing or ‘Similar Audiences’ feature provided by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; ‘Google’.) This feature analyses visitor behaviour and visitor interests.
Google uses cookies to analyse website usage; this analysis lays the groundwork for creating interest-based advertising. The cookies record website visits and anonymised data on website usage. Website visitors’ personal data is not stored. If you subsequently visit a different website in the Google Display Network, you will see advertisements that likely take into account the products and information you accessed previously.
Your data may also be transmitted to the USA in the process. A European Commission adequacy decision is in place for the transmission of data to the USA.
Processing occurs on the basis of Art. 6(1)(f) GDPR and the legitimate interest in offering website visitors targeted advertising by displaying personalised, interest-based advertisements to website users when they visit other websites in the Google Display Network.
You have the right to object at any time, on grounds relating to your particular situation, to this processing of personal data concerning you under Art. 6(1)(f) GDPR.
You can permanently deactivate the use of cookies by Google by following the below link and downloading and installing the plugin available there: https://support.google.com/ads/answer/7395996?hl=de
Alternatively, you can deactivate the use of cookies by third-party providers by accessing the Network Advertising Initiative deactivation site and following the opt-out information there: https://www.networkadvertising.org/choices/
Further information on Google remarketing and the associated privacy policy can be found at https://www.google.com/privacy/ads/
3.4 Google Maps
This site uses an API from the maps service Google Maps, provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Your IP address needs to be saved in order for you to use the Google Maps feature. This information is usually transmitted to and stored on a Google server in the USA. The provider of this page does not have any control over this data transmission.
We use Google Maps in the interests of depicting our online offering in an attractive fashion and making it easy to find the places that we list on the website. This represents a legitimate interest within the meaning of Art. 6(1)(f) GDPR.
More information on the handling of users’ data can be found in Google’s Privacy Policy: https://www.google.de/intl/de/policies/privacy/.
3.5 Legal basis for data processing
The legal basis for the processing of personal data relating to the use of cookies is Art. 6(1)(f) GDPR.
3.6 Purpose of data processing
Analytics cookies are used to improve the quality of our website and its content. These analytics cookies show us how the website is being used so we can continuously optimise our offering.
This also represents our legitimate interest in processing personal data under Art. 6(1)(f) GDPR.
3.7 Duration of storage, objection and elimination options
Cookies are stored on the user’s computer and transmitted to our site. As a result, you, as the user, are in full control of the use of cookies. You can deactivate or limit the transmission of cookies by changing your internet browser’s settings. Cookies that have previously been stored can be deleted at any time; this can also be done automatically. You may no longer be able to use all the features of the website in full if cookies have been deactivated for our website.
You cannot prohibit the transmission of Flash cookies via your browser settings; instead, you need to change the settings for Flash Player.
4. Registration
4.1. Description and scope of data processing
Users have the option of registering on our website by providing their personal data. To this end, the data is entered via an encrypted input screen, then transmitted to a service provider and stored. The following data is collected during the registration process:
- User name, password
- Language
- Title, first name, surname, street, town/city, post code
- Country
- Phone number
- Credit card type, credit card number, expiry date, cardholder’s name
The following data is also stored at the point of registration:
- The user’s IP address
- Date and time of registration
Users’ consent to the processing of this data is also collected as part of the registration process.
4.2 Legal basis for data processing
The legal basis for data processing in the event that the user has consented to this is Art. 6(1)(a) GDPR.
If the registration serves to fulfil a contract with a user or to facilitate steps prior to entering into a contract, the additional legal basis for the data processing is Art. 6(1)(b) GDPR.
4.3 Purpose of data processing
Users are required to register so that a contract with the user can be fulfilled or steps prior to entering into a contract can be implemented.
The registration data is used for room bookings.
4.4 Duration of storage
Your data is erased as soon as it is no longer required for the purpose for which it was collected.
This is the case during the registration process to fulfil a contract or to implement steps prior to entering into a contract if the data is no longer required to execute the contract. Even after the contract has been concluded, it may be necessary to store personal data concerning the contractual partner in order to meet legal or contractual obligations.
4.5 Objection and elimination options
As a user, you have the opportunity to terminate the registration process at any time. You can change the data stored about you at any time.
Notice of withdrawal can be sent via email or post to:
DieApart GmbH
Behrenstrasse 1C
10117 Berlin
Tel.: +49 (30) 200757 – 0
Email: info@apartments-mitte.de
If the data is required to fulfil a contract or to implement steps prior to entering into a contract, the data can only be erased ahead of time if there are no contractual or legal obligations that conflict with this erasure.
5. Contact form and contact via email
5.1 Description and scope of data processing
Our website contains a contact form that can be used for contacting us electronically. If a user takes up this opportunity, the data entered into the form will be transmitted to us and stored. This data is as follows:
- Title
- First name and surname
- Phone number
- Address
- Mobile number
- Message
In addition, the following details are stored when the message is sent:
- The user’s IP address
- Date and time of registration
Your consent to the processing of the data will be collected as part of the transmission process and you will be referred to this Privacy Policy.
Alternatively, contact can be made via the email address provided. In this instance, the user’s personal data that is transmitted with the email will be stored.
No data is disclosed to third parties in this context: the data is solely used for processing the conversation.
5.2 Legal basis for data processing
The legal basis for data processing in the event that the user has consented to this is Art. 6(1)(a) GDPR.
The legal basis for processing data transmitted in the course of sending an email is Art. 6(1)(f) GDPR. If the goal of the email contact is to enter into a contract, the additional legal basis for the processing is Art. 6(1)(b) GDPR.
5.3 Purpose of data processing
The personal data collected from the input screen is solely used for processing the contact being made. If contact is made via email, this also represents the necessary legitimate interest in processing the data.
The other personal data is processed during transmission to prevent the abuse of the contact form and to ensure the security of our IT systems.
5.4 Duration of storage
Your data is erased as soon as it is no longer required for the purpose for which it was collected. This is the case for personal data from the input screen in the contact form and data sent via email if the conversation with the user has come to an end. The conversation is deemed to have come to an end if the circumstances suggest that the matter at hand has been conclusively clarified.
The additional personal data collected during the transmission process is erased after seven days, at most.
5.5 Objection and elimination options
The user has the opportunity to withdraw their consent to the processing of personal data at any time. If the user contacts us via email, they can object to the storage of their personal data at any time. If this occurs, it will not be possible to continue the conversation.
Notice of withdrawal can be sent via email or post to:
DieApart GmbH
Behrenstrasse 1C
10117 Berlin
Tel.: +49 (30) 200757 – 0
Email: info@apartments-mitte.de
All personal data stored in the process of the interaction will then be erased.
6. Social Media
6.1 Facebook
Our website contains plugins from the social network Facebook, provided by Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA. The Facebook plugins can be identified by means of the Facebook logo or the ‘Like’ button on our page. An overview of Facebook plugins can be found here: developers.facebook.com/docs/plugins/.
When you visit our website, the plugin creates a direct connection between your browser and Facebook’s server. This notifies Facebook that you have visited our page with your IP address. If you click the Facebook ‘Like’ button while logged into your Facebook account, you can link the content on our pages to your Facebook profile. This enables Facebook to associate your visit to our website with your user account. We should point out that, as the provider of the website, we receive no knowledge of the content of the data transmitted or its usage by Facebook. Further information to this end can be found in Facebook’s privacy policy: de-de.facebook.com/policy.php
If you do not want Facebook to associate your visit to our website with your Facebook user account, please log out of your Facebook user account.
6.2 Twitter
Our websites include features from Twitter, a service provided by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. When you use Twitter and the ‘re-tweet’ feature, the website you visit can be connected to your Twitter account and shared with other users. This involves data being transferred to Twitter. We should point out that, as the provider of the website, we receive no knowledge of the content of the data transmitted or its usage by Twitter. Further information can be found in Twitter’s Privacy Policy, available at twitter.com/privacy.
You can change your Twitter privacy settings in your account settings at
twitter.com/account/settings.
7. Rights held by the data subject
The following list details all the rights held by a data subject under the GDPR. Rights that are not relevant for our own website do not need to be included in this list, which enables it to be shortened.
If your personal data is being processed, you are the data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller.
7.1 Right of access
You can request confirmation from the controller as to whether personal data concerning you is being processed by us.
If this is the case, you can request information on the following points from the controller:
- The purposes for which personal data is processed;
- The categories of personal data being processed;
- The recipients or categories of recipients to which personal data concerning you has been, or will be, disclosed;
- The envisaged period for which the personal data concerning you will be stored or, if it is not possible to provide specific information in this regard, the criteria used to determine the duration of storage;
- The existence of a right to have personal data concerning you rectified or erased, a right to the restriction of processing by the controller or the right to object to this processing;
- The existence of the right to lodge a complaint with a supervisory authority;
- All the information available about the source of the data, where the personal data was not collected from the data subject;
- The existence of automated decision-making, including profiling, under Art. 22(1) and (4) GDPR and – at least in these cases – meaningful information about the logic involved, as well as the significance and the envisaged consequences of processing of this nature for the data subject.
You are entitled to request information as to whether the personal data concerning you is transmitted to a third country or to an international organisation. In this context, you can request information on the appropriate safeguards associated with the transmission pursuant to Art. 46 GDPR.
7.2 Right to rectification
You have a right to rectification and/or completion vis-à-vis the controller if the personal data concerning you that is being processed is incorrect or inaccurate. The controller must undertake this rectification without delay.
7.3 Right to restriction of processing
You can request that the processing of personal data concerning you be restricted in the following situations:
- If you contest the accuracy of the personal data concerning you; in this instance, processing will be restricted for a period that enables the controller to check the accuracy of the personal data;
- If the processing is unlawful and if you oppose the erasure of the personal data and instead request that the use of the personal data be restricted;
- The controller no longer requires the personal data for the purposes of processing, but you need it to establish, exercise or defend legal claims; or
- If you have objected to processing under Art. 21(1) GDPR, pending verification as to whether the controller’s legitimate interests override your own.
If the processing of the personal data concerning you has been restricted, this data may only be processed – aside from its storage – with your consent or to establish, exercise or defend legal claims, to protect the rights of another natural or legal person or for reasons of important public interest for the European Union or a member state.
If the processing was restricted under the above conditions, you will be notified by the controller before this restriction is lifted.
8. Right to erasure
8.1 Erasure obligation
You can ask the controller to erase the personal data concerning you immediately. The controller is obliged to do so if one of the following grounds applies:
- The personal data concerning you is no longer required for the purposes for which it was collected or processed in any other way.
- You withdraw the consent on which the processing was based under Art. 6(1)(a) or Art. 9(2)(a) GDPR and there is no other legal basis for the processing.
- You object to the processing under Art. 21(1) GDPR and there are no overriding legitimate interests for the processing, or you object to the processing under Art. 21(2) GDPR.
- The personal data concerning you was processed unlawfully.
- The personal data concerning you has to be erased to fulfil a legal obligation under European Union law or member-state law to which the controller is subject.
- The personal data concerning you was collected in relation to the offer of information society services under Art. 8(1) GDPR.
8.2 Disclosure of information to third parties
If the controller has made personal data concerning you public and is obliged to erase it under Art. 17(1) GDPR, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers that are processing the personal data that you, as the data subject, have requested the erasure by such controllers of any links to, or copy or replication of, this personal data.
8.3 Exceptions
The right to erasure does not exist if the processing is required:
- To exercise the right to freedom of expression and information;
- For compliance with a legal obligation that requires the processing pursuant to European Union law or member-state law to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
- For reasons of public interest in the area of public health under Art. 9(2)(h) and (i) and Art. 9(3) GDPR;
- For archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Art. 89(1) in so far as the right referred to in section a) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
- For the establishment, exercise or defence of legal claims.
8.4 Right to notification
If you have asserted your right to rectification, erasure or restriction of processing towards the controller, they are obliged to notify all recipients to whom the personal data concerning you was disclosed of the rectification or erasure of the data, or of the restriction of processing, unless this is impossible or associated with disproportionate effort.
You have the right to receive information on these recipients from the controller.
8.5 Right to data portability
You have the right to receive the data concerning you that you provided to the controller in a structured, commonly used and machine-readable format. In addition, you have the right to transmit this data to a different controller without hindrance from the controller to whom the personal data was provided, if
- the processing was based on consent under Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR or a contract under Art. 6(1)(b) GDPR and
- the processing was carried out by automated means.
When exercising this right, you also have the right to request that the personal data concerning you is transmitted directly from one controller to another, providing this is technically feasible. This shall not adversely affect the rights and freedoms of others.
The right to data portability does not apply to the processing of personal data required for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
8.6 Right to object
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you and which is undertaken under Art. 6(1)(e) or (f) GDPR. This also applies to profiling based on these provisions.
The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing that override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
Where personal data concerning you is processed for direct marketing purposes, you shall have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.
If you object to processing for the purposes of direct advertising, the personal data concerning you shall no longer be processed for these purposes.
Notwithstanding Directive 2002/58/EC, you can exercise your right to object in connection with the use of information society services by automated means using technical specifications.
8.7 Right to withdraw the declaration of consent regarding data protection
You have the right to withdraw your declaration of consent regarding data protection at any time. Withdrawing your consent does not impact the legality of the processing undertaken up to the point in time at which the withdrawal was issued.
8.8 Automated decision-making in individual cases, including profiling
You have the right to not be subject to a decision solely based on automated processing – including profiling – that produces legal effects concerning you or similarly significantly impacts you. This does not apply if the decision
- is necessary for entering into or performing a contract between you and the controller,
- is authorised under European Union or member-state law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests,
- or if it is based on your explicit consent.
However, these decisions may not be based on special categories of personal data under Art. 9(1) GDPR, provided that Art. 9(2)(a) or (g) GDPR does not apply and suitable measures to safeguard your rights, freedoms and legitimate interests have not been put in place.
In the cases referred to in 1 and 3, the controller shall take appropriate measures to protect your rights, freedoms and legitimate interests, including, at least, the right to obtain human intervention on the part of the controller, to express your point of view and to contest the decision.
8.9 Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you shall have the right to lodge a complaint with a supervisory authority, in particular in the member state of your habitual residence, place of work or place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR.
The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 GDPR.