DATA PRIVACY
I.
Controller
Controller
according to the General Data Protection Regulation (GDPR) and other national
data privacy laws of member states, as well as other data privacy regulations
is
Studentkompanie
Betriebs-GmbH
Rheinstrasse
4c
55116 Mainz
You can contact
our data protection officer at dsb@clarius.legal.
II.
General Information on Data Privacy
Categorically,
we collect and use our users‘ personal data only as far as it is necessary to
operate a functional website as well as to provide our contents and services.
The collection and use of personal data are carried out periodically only after
obtaining the user’s consent. There is an exception to this in such cases where
obtaining consent ahead of time is not possible for practical reasons and the
processing of data is permitted per legal provisions.
Where
we obtain the data subject’s consent for processing operations for personal
data, Article 6(1) lit. a of the EU General Data Protection Regulation
(GDPR) serves as legal basis for the processing of personal data. When
processing personal data as part of fulfilling a contract of which the data
subject is a contracting party, Article 6(1) lit. b GDPR serves as legal
basis. This also applies to processing operations essential to the
implementation of precontractual measures. Where the processing of personal data
is necessary for compliance with a legal obligation which our business is
subject to, Article 6(1) lit. c GDPR serves as legal basis.
If
the processing is necessary to the preservation of a legitimate interest held
by our business or a third party and the data subject’s interests,
constitutional rights and fundamental freedoms do not outweigh this, Article
6(1) lit. f GDPR serves as legal basis for the processing.
The
data subject’s personal data will be deleted or made unavailable as soon as
they are no longer necessary for fulfilling the purpose of their collection.
The recording of data can also occur when it is provided for by European or
national legislature in Union law regulations, laws, or other provisions which
the data subject is subject to (e.g. in accordance with German Tax Code in
certain cases for up to 10 years). Data blocking or deletion will also occur if
a storage period required by the mentioned standards expires unless there is a
necessity for the continued storage of the data for the conclusion or the
fulfilment of a contract.
III.
Operating the Website
With
every visit to our website, our system will automatically collect data and
information from the visiting computer’s operating system.
The
following data will be collected:
• Information about the type and version
number of the used browser
• The user’s operating system
• The user’s internet service provider
• The user’s IP address
• Date and time of the visit
• Websites from which the user’s system enters
our website
• Websites to which the user’s system exits our
website
Article
6(1) lit. f GDPR serves as legal basis for the temporary storage of data.
Temporarily storing the IP address is necessary to ensure the website is
delivered to the user’s computer. Therefore, the user’s IP address needs to be
stored for the duration of the session. The data is deleted as soon as it no
longer needed to achieve the purpose of its storage. In the case of the data
recorded for the delivery of the website, this will occur when the respective
session has ended.
IV.
Cookies
Our
website uses cookies. Cookies are text files that are saved in the internet
browser or by the internet browser in the user’s operating system. When a user
visits a website, the cookie can be saved in the user’s operating system. This
cookie contains a distinctive character sequence which enables an exact
identification of the browser on re-visiting the website.
We
use session cookies to make our website more user-friendly. Some elements of
our website require for the visiting browser to also be identifiable after
changing pages (e.g. for saving a user’s language settings).
Article
6(1) lit. f GDPR serves as legal basis for the processing of personal data
by using cookies. The purpose of using technically necessary cookies is to
simplify the use of websites for the user. Some functions of our website cannot
be operated without the use of cookies. For those, it is necessary for the
browser to also be identifiable after changing pages. User data recorded by
technically necessary cookies is not used to set up user profiles.
Cookies
are stored on the user’s computer and transmitted from there to our website.
Therefore, you as a user have full control over the use of cookies. You can
deactivate or restrict the transmission of cookies by changing your internet
browser’s settings. Previously saved cookies can be deleted at any time. This
can also be automated. If cookies are deactivated for our website, not all
functions may be fully operational.
V.
Third Party-Cookies
In
addition, the website uses the third-party cookies described below. These are
cookies from other businesses that we have allowed to be used on our website to
improve the usability of our services. When accessing the website, the user
will be informed about the cookies' use for analytics purposes, among other
things, and their consent to the processing of the personal data used in this context
will be obtained.
1. Cloudflare
We
use the Content Delivery Network (CDN) technology Cloudflare to ensure a
shorter loading time of our website. Provider of the technology is Cloudflare,
Inc., 101 Townsend St, San Francisco, CA 94107, USA.
When
visiting our website, the following data is transferred to Cloudflare:
·
Your IP address
·
Security fingerprints
·
DNS protocol data
·
Performance data for websites
We
use this technology to create a pleasant user experience and to make it easier
for you to contact us. The legal basis for the use of Cloudflare is Art. 6(1)
S. 1 lit. a GDPR. You can find further information here: https://www.cloudflare.com/privacypolicy/.
2. Usercentrics
This
website uses Usercentrics' cookie-consent-technology to obtain your consent to
the storage of certain cookies on your device and to document these in a data
protection-compliant manner. The provider of this technology is Usercentrics
GmbH, Rosental 4, 80331 Munich, Germany, website: https://usercentrics.com (hereinafter
referred to as "Usercentrics").
When you access our website, the following personal
data is transferred to Usercentrics:
·
Your consent(s) or the revocation of your consent(s)
·
Your IP address
·
Information about your browser
·
Information about your device
·
Time of your visit to the website
Furthermore,
Usercentrics stores a cookie in your browser in order to be able to allocate
the consents granted to you or their revocation. The data collected in this way
is stored until you request us to delete it, delete the Usercentrics cookie
itself or until the purpose for which the data is stored no longer applies.
Mandatory statutory storage obligations remain unaffected.
Usercentrics
is used to obtain the legally required consent for the use of cookies. The
legal basis for this is Art. 6(1) S. 1 lit. c GDPR.
We
have concluded a contract for data processing with Usercentrics. This is a
contract which is required by data protection law and ensures that Usercentrics
processes the personal data of our website visitors only in accordance with our
instructions and in compliance with the GDPR.
Further
information on data protection can be found at: https://usercentrics.com/privacy-policy.
3. WPML
We
use the plugin WPML. This serves to display the website in several languages.
It saves the language chosen by the user. WPML is a service provided by
OnTheGoSystems Limited, located at 22/F, 3 Lockhart Road, Wanchai, Hong Kong,
websites: https://wpml.org and https://www.onthegosystems.com.
This
is used to improve the user experience and to make the contents of the website
available to the user in an understandable way at all times. The legal basis is
Art. 6(1) S. 1 lit. f GDPR. Our legitimate interest lies in the
interest of the analysis, as well as the optimisation of our offering.
Further
information on data protection can be found at: https://wpml.org/documentation/privacy-policy-and-gdpr-compliance.
VI.
Social media presences
We
maintain online presences in social networks and on platforms in order to
communicate with the customers, prospects, and users active there and to inform
them about our services.
We
hereby inform you that you use these pages and their functions on your own
responsibility. This applies in particular to the use of the interactive
functions (e.g. commenting, sharing, rating). Alternatively, you can also view
the information we offer on our website www.the-urbanclub.com.
By
clicking on the link on our website, the respective provider of the website
records your IP address and other information that is available on your PC in
the form of cookies. The data collected about you in this context is processed
by the respective provider and may be transferred to countries outside the
European Union. Which information the service providers receive and how this
information is used is described in general terms in their respective data use
guidelines. There you will also find information about contact options as well
as setting options for advertisements.
Also,
in the case of requests for information and the assertion of user rights, we
would like to point out that these can most effectively be asserted with the
providers. Only the providers have access to the data of the users and can
directly take appropriate measures and provide information. Should you
nevertheless require assistance, you can of course contact us.
You
can also find us at:
·
www.Facebook.com. We
use the technical platform and services of Facebook Ireland Ltd, 4 Grand Canal
Square, Grand Canal Harbour, Dublin 2, Ireland for the information service
offered there. The complete data guidelines of Facebook can be found here: https://www.facebook.com/full_data_use_policy.
VII.
Instagram Plugin
Social plugins for instagram.com have been embedded on
this website. Instagram.com is a service by Instagram Inc., 1601 Willow Road,
Menlo Park, CA 94025, USA.
If you are logged into your Instagram account, you can
link the website contents with your Instagram profile by clicking the Instagram
button. Hereby, Instagram can amalgamate your visit on this website with your
user account. Please note that the operator of this website does not receive
information about the content of the transmitted data nor their use by
Instagram.
We use social media plugins for improved customer
communications and for marketing purposes, especially in order to allow you to
share relevant and interesting content on various platforms. This also includes
our legitimate interest in the processing of data described above by the
third-party providers. Article 6(1) S. 1 lit. 1 GDPR serves as legal
basis.
Find further information in Instagram’s data privacy
notice: http://instagram.com/about/legal/privacy/.
VIII.
“Book now” function
On
our website we offer you the option to apply for our apartments via a
"Book Now" contact form. For this purpose, we use the service
provider REOS GmbH, Amsinckstraße 28, 20097 Hamburg, Germany, website:
https://www.reos-software.com/ (in the following: "REOS"). This makes
it easier for you to contact us in order to conclude a contract. If the
"Book Now" contact form is used, the following data will be
transmitted to us and stored:
• Name (required field)
• Email address (required field)
• All information you enter into the
“message” field
Additionally:
• The user’s complete IP address
• Date and time of the message
The
processing of the personal data from the contact form serves us only to process
the contact. For this purpose, the data will be transmitted to REOS and
processed there.
REOS
needs the personal data to prepare the initial housing application, so that it
can then be evaluated by the landlord. A copy of the identity card and other
personal documents are automatically deleted by the system as soon as the
rental agreement is signed by both parties and is therefore binding. All other
information that is important for the contact is of course stored in the
system, such as the email address. When a tenant moves out, this information is
also removed after a short retention period.
The
complete REOS privacy policy can be found at: https://www.reos-software.com/en/74/data-protection.
The
legal basis for the use of the “Book now” contact form and the associated data
processing is Art. 6(1) lit. b GDPR. The processing of personal data from
the contact form serves us solely to process your request. The other personal
data processed during the sending process serves to prevent misuse of the form
and to ensure the security of our information technology systems.
The
data will be deleted as soon as they are no longer necessary for the purpose
for which they were collected.
We
have concluded a contract for data processing with REOS. This is a data
protection contract which guarantees that REOS processes the personal data of
our website users only in accordance with our instructions and in compliance
with the DSGVO.
IX.
Service Contact Forms and Email Communications
You
can fill out a contact form on our website. We use such contact forms in order
to simplify communications. If a user chooses this option, the following data
is transmitted to us and stored:
• Name (required field)
• Email address (required field)
• All information you enter into the “message”
field
Additionally:
• The user’s complete IP address
• Date and time of the message
Alternatively,
you can contact us at the provided email address. In that case the user’s
personal data transmitted via the email will be stored. In this context, no
data will be disclosed to third parties. The data will be exclusively used for
processing the conversation.
Article
6(1) lit. f GDPR serves as legal basis for the processing of data which
has been transmitted as part of an email. If the email communications aim for
the signing of a contract, Article 6(1) lit. b GDPR serves as additional
legal basis for the processing.
The
processing of personal data from the input screen is solely used to facilitate
communications. In the case of email communications, this also includes the
necessary legitimate interest in the processing of data. Any other personal
data processed during the submission process is used to prevent misuse of the
contact form and to ensure the security of our information technology systems.
The
data will be deleted as soon as they are no longer necessary for fulfilling the
purpose of their collection.
X.
Rights of Data Subjects
If
your personal data is being processed, you are the data subject in accordance
with the GDPR and you have the following rights against the controller:
·
You are entitled to information from the controller on whether any personal data
concerning you is being processed by us.
·
You have a right to rectification, completion, restriction, and erasure of your
personal data against the controller.
·
You have a right to receive the personal data
concerning you, which you have provided to the controller, in a structured,
commonly used, and machine-readable format (right
to data portability).
·
You have the right to object, on grounds relating to your particular situation, at any
time to processing of personal data concerning you which is based Article 6(1)
lit. e or lit. f GDPR.
·
You have the right
to withdraw your consent at any time with regards to Article 7(3) GDPR.
·
Without prejudice to any other administrative or
judicial remedy, you have the right to
lodge a complaint with a supervisory authority, in particular in the Member
State of your habitual residence, your place of work or the place of the
alleged infringement if you consider the processing of personal data relating
to you infringes the GDPR.
If
you want to assert any of your rights, you can contact us at dsb@clarius.legal or via the
contact persons stated in the legal notice.