I. Name and address of controller
The controller as defined by the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is:
MPC Micro Living Services GmbH
II. Name and address of data protection officer
The data protection officer of the controller is:
Wandsbeker Zollstr. 5
III. General information on data processing
1. Scope of personal data processing
As a rule, we collect and utilise our users’ personal data only if this is required to provide a functional website as well as our content and services. Personal data of our users are regularly gathered and used only on a statutory basis. One exception applies in cases in which there is no apparent statutory basis and processing of the data can only be legitimised by means of consent.
2. Legal basis for processing of personal data
If we obtain consent for processing of personal data from the data subject, point (a) of Article 6 (1) of the EU General Data Protection Regulation (GDPR) serves as the legal basis.
In the event of processing of personal data that is required for fulfilment of a contract to which the data subject is party, point (b) of Article 6 (1) GDPR serves as the legal basis. This also applies to processing measures that are required in order to perform pre-contractual actions.
If processing of personal data is required in order to fulfil a legal obligation that is incumbent upon our company, point (c) of Article 6 (1) GDPR serves as the legal basis.
In the event that vital interests of the data subject or of another natural person necessitate the processing of personal data, point (d) of Article 6 (1) GDPR serves as the legal basis.
If processing is required in order to uphold a legitimate interest of our company or of a third party and the interests, fundamental rights and freedoms of the data subject do not override the former interest, point (f) of Article 6 (1) GDPR serves as the legal basis for processing.
3. Erasure of data and period stored
The personal data of the data subject are erased or blocked as soon as the purpose of storage ceases to apply. Storage can additionally be carried out if the European or national legislature has made provisions for this in Union regulations, acts or other rules to which the controller is subject. Blocking or erasure of the data is also carried out if a storage period specified by the aforementioned standards expires, unless it is necessary to continue storing the data in order to conclude or fulfil a contract.
IV. Provision of the website and creation of log files
1. Description and scope of data processing
Each time our website is accessed, our system automatically records data and information from the computer system of the accessing computer.
The following data are gathered here:
Information on the browser type and the version used
- The user’s operating system
- The user’s IP address
- The data and time of access
- Websites from which the user’s system reaches our website
- Websites that are accessed by the user’s system via our website
The data are also stored in the log files of our system. These data are not stored together with other personal data of the user.
To ensure communication with you remains confidential, we employ TLS encryption for data transmission. The 128-bit encryption this affords is considered secure based on the current state of technology. All new-generation browsers afford this level of security. You may need to update your PC’s browser to the latest version.
Employees of MPC Capital Group companies are bound to uphold data privacy regulations pursuant to Section 5 of the Federal Data Privacy Act. Our data-processing and security technologies are upgraded on an ongoing basis to meet the latest standards and requirements.
2. Legal basis for data processing
The legal basis for temporary storage of the data and log files is point (f) of Article 6 (1) GDPR.
3. Purpose of data processing
Temporary storage of the IP address by the system is necessary in order to enable delivery of the website to the user’s computer. To this end, the user’s IP address must be stored for the duration of the session.
Storage in log files is carried out in order to ensure that the website works properly. In addition, we use the data to help us optimise the website and to ensure the security of our IT systems. No evaluation of the data for marketing purposes is performed in connection with this.
These purposes also account for our legitimate interest in data processing as per point (f) of Article 6 (1) GDPR.
4. Period saved
The data are erased as soon as they are no longer needed to fulfil the purpose for which they were gathered. In the event of data recording for provision of the website, this is the case when the respective session is ended.
In the event of data storage in log files, this is the case after no more than 365 days.
IP addresses are fully logged for a maximum of 24 hours. Thereafter, anonymisation is performed by erasing the last octet so that it is no longer possible to associate with the accessing client.
5. Option of objection and rectification
Data recording to provide the website and storage of data in log files are absolutely essential to operation of the website. Consequently, there is no possibility of objection on the part of the user.
V. Web analysis by means of Google Analytics
1. Description and scope of personal data processing
Please note that on the Google Analytics website, the code “gat._anonymizeIp();” has been added in order to ensure anonymised collection of IP addresses (IP masking).
Our website uses Google conversion tracking. If you have reached our website via an advertisement delivered by Google, a cookie is deposited on your computer by Google AdWords. The cookie for conversion tracking is deposited if a user clicks on an advert delivered by Google. These cookies become invalid after 30 days and are not used for personal identification. If the user visits specific pages of our website and the cookie has not yet expired, we and Google can detect that the user has clicked on the advert and been forwarded to this page. Every Google AdWords customer receives another cookie. Therefore, cookies cannot be tracked via the websites of AdWords customers. The information obtained by means of the conversion cookies is used in preparing conversion statistics for AdWords customers who have opted for conversion tracking. The customers find out the total number of users who have clicked on their advert and been forwarded to a site provided with a conversion tracking tag. However, they do not receive any information with which users can be personally identified.
If you do not want to participate in tracking, you can reject the depositing of a cookie that is required for this – for instance via a browser setting that deactivates all automatic depositing of cookies, or by configuring your browser in such a way that cookies from the domain “googleleadservices.com“ are blocked.
By using our web pages, you declare your consent to the processing by Google of the data gathered about you, and to the aforementioned manner of data processing as well as the stated purpose. You can prevent storage of cookies by configuring your browser software accordingly; however, please note that in this case, you may not be able to use all functions of our website to their full extent. In addition, you can prevent the data generated by the cookies and relating to your use of the web pages from being sent to Google and prevent Google from processing these data by downloading and installing the browser plug-in available at https://support.google.com/ads/answer/7395996. Alternatively, you can deactivate the DoubleClick cookies on the site of the Digital Advertising Alliance via the following link (optout.aboutads.info/#!/).
2. Legal basis for processing of personal data
The legal basis for processing of the users’ personal data is point (f) of Article 6 (1) GDPR. Our legitimate interest consists of measuring and improving user acceptance of our website, and serves to make our advertising more effective.
According to Article 45 (3) GDPR, Google ensures that the IP address is transmitted with a level of data security that largely corresponds to EU standards. Google is certified under the Privacy Shield decision of the European Commission: www.privacyshield.gov/participant?id=a2zt000000001L5AAI
The US Department of Commerce has the certification documents. The adequacy decision of the European Commission regarding the Privacy Shield guarantees minimum standards for the protection of personal data of Europeans that are stored or processed in the USA.
IP anonymisation is active on this website. On behalf of the operator of this website, on the basis of a contract pursuant to Article 28 GDPR, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide the website operator with further services associated with website use and internet use.
3. Purpose of data processing
Processing of the users’ personal data enables us to analyse our users’ surfing behaviour. Evaluating the extracted data allows us to compile information on the use of individual components of our website. This helps us to constantly improve our website and make it more user-friendly.
These purposes also account for our legitimate interest in processing the data as per point (f) of Article 6 (1) GDPR. The users’ interest in protection of their personal data is sufficiently taken into account through anonymisation of the IP address. The IP address sent from your browser in the context of Google Analytics is not combined with other Google data.
4. Period saved
The data are erased as soon as they are no longer needed for our record-keeping purposes.
The cookie “_ga“ from Google Analytics that is stored on your computer has a maximum lifetime of 2 years. After this, it will be automatically erased.
5. Option of objection and rectification
On our website, we give our users the opportunity to opt out of the analysis process. To do this, you must follow the relevant link. In this way, a further cookie is deposited on their system, telling our system not to store the user’s data. If the user erases the corresponding cookie from their own system in the meantime, they must deposit the opt-out cookie again.
In addition, to prevent the data generated by the Google Analytics cookie and relating to use of the website (including your IP address) from being sent to Google and prevent Google from processing these data, you can download and install the browser plug-in available via the following link: tools.google.com/dlpage/gaoptout?hl.
If you prevent your browser from accepting cookies, this means that the deactivation cookie cannot be deposited either.
If you erase the cookies on your computer, you must also deposit the deactivation cookie again by clicking on the link provided above.
VI. Social media and plug-ins
This website uses social plug-ins from the following companies:
1. Facebook, Google+ and YouTube
Social plug-ins from Facebook and Google (Google+ and YouTube) are used on this website. These are provided by the US companies Facebook and Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”)).
When you visit a page that has a plug-in of this kind, your browser establishes a connection to Facebook/YouTube and Google and the content is loaded from these pages. Your visit to this website may therefore be tracked by Facebook/YouTube and Google even if you do not actively use the function of the social plug-in. If you have a Facebook or Google account, you can use a social plug-in of this kind and thus share information with your friends. Staytoo has no influence on the content of the plug-ins or transmission of information.
Facebook/YouTube and Google provide detailed information on the scope, nature, purpose and further processing of your data on their websites. You will also find further information on your rights and configuration options to protect your privacy.
In addition, this website uses Twitter buttons. They are operated by Twitter Inc. (795 Folsom St., Suite 600, San Francisco, CA 94107, USA). If you visit a page that contains a button of this kind, a direct connection is established between your browser and the Twitter servers. Therefore, the website operator has no influence at all over the nature and scope of the data that the plug-in sends to the servers of Twitter Inc.
According to Twitter Inc., only your IP address is gathered and stored here. Information on how Twitter Inc. handles personal data can be found here: twitter.com/en/privacy
Furthermore, plug-ins of the social network Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA (“Instagram”) are integrated in this website. The Instagram plug-in can be identified from the Instagram button on our site.
Furthermore, plug-ins of the social network Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA (“Pinterest”) are integrated in this website. The Pinterest plug-in can be identified from the Pin It button on our site.
In addition to the social plug-ins, the following plug-ins and services of third-party providers are incorporated in the website:
1. Zendesk (plug-in)
5. Easy Square
Digitalised moving-in and moving-out reports:
A cookie is a small text file stored on your computer by the operator of a website. Cookies are mainly intended to make visits to the website safer, faster and more convenient.
You have the option to change your browser settings in such a way that cookies are blocked as required or approved on an individual basis. If you block the storage of cookies, you may not be able to make full use of the interactive functions on this or another website.
Legal basis for data processing
The legal basis for processing of personal data with the use of technically essential cookies is point (f) of Article 6 (1) GDPR.
Purpose of data processing
The user data gathered by means of technically essential cookies are not used to create user profiles.
The analysis cookies are used for the purpose of improving the quality and content of our website. From the analysis cookies, we learn how the website is used, enabling us to constantly optimise our offering.
These purposes also account for our legitimate interest in processing personal data as per point (f) of Article 6 (1) GDPR.
|staytoo.de||super_session||deleted after current browser session (Session)||This cookie is used in the current session to display the contact form and newsletter form to the user.||HTTP||Essential|
|staytoo.de||wpml_browser:redirect_test||deleted after current browser session (Session)||Remembers language settings for current session to improve user experience.||HTTP||Functionality|
|zopim.com||_cfduid||This cookie expires in 364 days||Zopim (Zendesk) tracking code.||HTTP||Advertising|
|google.com||NID||This cookie expires in 182 days||Google advertising cookie used to personalize ads in Google search pages.||HTTP||Advertising|
|staytoo.de||AWSALB||This cookie expires in 6 days||Used by Zopim live chat to get in touch via the website.||HTTP||Marketing|
|staytoo.de||_zlcmid||This cookie expires in 364 days||ZenDesk (formerly Zopim) tracking cookie.||HTTP||Marketing|
|staytoo.de||_ga||This cookie expires in 729 days||Used to distinguish users.||HTTP||Analytics|
|staytoo.de||_gid||deleted after current browser session (Session)||Used to distinguish users.||HTTP||Analytics|
|staytoo.de||_gat:UA53372709-9||deleted after current browser session (Session)||Used to throttle request rate.||HTTP||Analytics|
|youtube.com||YSC||deleted after current browser session (Session)||Register a unique ID to keep statistics of YouTube videos that the user has seen.||HTTP||Advertising|
|youtube.com||Visitor_info1_live||This cookie expires in 179 days||Used by YouTube (Google) for storing user preferences and other unspecified purposes – https://www.google.com/policies/privacy||HTTP||Advertising|
|youtube.com||PREF||This cookie expires in 243 days||The PREF cookie remembers basic preferences, such as choice of language, format of search results, how to display information, so the visitor don’t need to set preferences each time he use the site. https://www.google.com/policies/privacy||HTTP||Advertising|
|staytoo.de||time||deleted after current browser session (Session)||Used by YouTube (Google) for storing user preferences and other unspecified purposes – https://www.google.com/policies/privacy||HTTP||Advertising|
|Facebook.com||fr||This cookie expires in 89 days||The Facebook advertising cookie used to measure and improve the relevance of advertisements.||HTTP||Advertising|
|Staytoo.de||cp-impression-added-forcp_id_ce8c3||deleted after current browser session (Session)||Show latest news and important information via a pop-up on the display.||HTTP||Marketing|
VII. Rights of the data subject
You have the right:
- pursuant to Article 15 GDPR to request information on your personal data that is processed by us. In particular, you may request information on the purposes of the processing, on the categories of personal data, on the categories of recipients to whom your personal data have been or will be disclosed, on the envisaged period stored, on the existence of the right to request rectification, erasure, restriction of processing or to object, on the existence of the right to lodge a complaint, on the source of your data if they are not collected by us and on the existence of automated decision-making, including profiling and any meaningful information about the particulars thereof;
- pursuant to Article 16 GDPR to request prompt rectification of inaccurate personal data or completion of your personal data that is stored by us;
- pursuant to Article 17 GDPR to request the erasure of your personal data that are stored by us, provided that processing is not required for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims;
- pursuant to Article 18 GDPR to request the restriction of processing of your personal data, if you contest the accuracy of the data, if the processing is unlawful but you oppose its erasure and we no longer need the data but you require them for the establishment, exercise or defence of legal claims or if you have objected to processing pursuant to Article 21 GDPR;
- pursuant to Article 20 GDPR to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request transmission to another controller;
- pursuant to Article 7 (3) GDPR to withdraw the consent you have already granted us at any time. The result of this will be that we are no longer permitted to continue the data processing that was based on this consent in future and
- pursuant to Article 77 GDPR to lodge a complaint with a supervisory authority. To do so, you may generally contact the supervisory authority of your habitual residence or place of work or our company headquarters.
1. Right to object (to advertising)
Provided that your personal data are processed based on the legitimate interests under point (f) of Article 6 (1) GDPR, you have the right pursuant to Article 21 GDPR to object to the processing of your personal data to the extent that there are grounds for this relating to your particular situation or if the objection is to direct marketing. In the latter case, you have a general right to object that will be enforced by us without specifying a particular situation.
If you would like to assert your right to withdraw or object, it is sufficient to send an email to firstname.lastname@example.org.
2. Changes to data protection standards
If any change to these data protection standards become necessary in future, you will always be able to find the latest version here.