as per the GDPR
I. Name and address of controller
The controller as defined by the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is:
Staytoo Living Holding GmbH
II. General information on data processing
1. Scope of personal data processing
As a rule, we collect and utilise our users’ personal data only if this is required to provide a functional website as well as our content and services. Personal data of our users are regularly gathered and used only on a statutory basis. One exception applies in cases in which there is no apparent statutory basis and processing of the data can only be legitimised by means of consent.
2. Legal basis for processing of personal data
If we obtain consent for processing of personal data from the data subject, point (a) of Article 6 (1) of the EU General Data Protection Regulation (GDPR) serves as the legal basis.
In the event of processing of personal data that is required for fulfilment of a contract to which the data subject is party, point (b) of Article 6 (1) GDPR serves as the legal basis. This also applies to processing measures that are required in order to perform pre-contractual actions.
If processing of personal data is required in order to fulfil a legal obligation that is incumbent upon our company, point (c) of Article 6 (1) GDPR serves as the legal basis.
In the event that vital interests of the data subject or of another natural person necessitate the processing of personal data, point (d) of Article 6 (1) GDPR serves as the legal basis.
If processing is required in order to uphold a legitimate interest of our company or of a third party and the interests, fundamental rights and freedoms of the data subject do not override the former interest, point (f) of Article 6 (1) GDPR serves as the legal basis for processing.
3. Erasure of data and period stored
The personal data of the data subject are erased or blocked as soon as the purpose of storage ceases to apply. Storage can additionally be carried out if the European or national legislature has made provisions for this in Union regulations, acts or other rules to which the controller is subject. Blocking or erasure of the data is also carried out if a storage period specified by the aforementioned standards expires, unless it is necessary to continue storing the data in order to conclude or fulfil a contract.
III. Provision of the website and creation of log filess
1. Description and scope of data processing
Each time our website is accessed, our system automatically records data and information from the computer system of the accessing computer.
The following data are gathered here:
Information on the browser type and the version used
- The user’s operating system
- The user’s IP address
- The data and time of access
- Websites from which the user’s system reaches our website
- Websites that are accessed by the user’s system via our website
The data are also stored in the log files of our system. These data are not stored together with other personal data of the user.
To ensure communication with you remains confidential, we employ TLS encryption for data transmission. The 128-bit encryption this affords is considered secure based on the current state of technology. All new-generation browsers afford this level of security. You may need to update your PC’s browser to the latest version.
Employees of the Staytoo Living Holding GmbH are bound to uphold data privacy regulations pursuant to Section 5 of the Federal Data Privacy Act. Our data-processing and security technologies are upgraded on an ongoing basis to meet the latest standards and requirements.
2. Legal basis for data processing
The legal basis for temporary storage of the data and log files is point (f) of Article 6 (1) GDPR.
3. Purpose of data processing
Temporary storage of the IP address by the system is necessary in order to enable delivery of the website to the user’s computer. To this end, the user’s IP address must be stored for the duration of the session.
Storage in log files is carried out in order to ensure that the website works properly. In addition, we use the data to help us optimise the website and to ensure the security of our IT systems. No evaluation of the data for marketing purposes is performed in connection with this.
These purposes also account for our legitimate interest in data processing as per point (f) of Article 6 (1) GDPR.
4. Period saved
The data are erased as soon as they are no longer needed to fulfil the purpose for which they were gathered. In the event of data recording for provision of the website, this is the case when the respective session is ended.
In the event of data storage in log files, this is the case after no more than 365 days.
IP addresses are fully logged for a maximum of 24 hours. Thereafter, anonymisation is performed by erasing the last octet so that it is no longer possible to associate with the accessing client.
5. Option of objection and rectification
Data recording to provide the website and storage of data in log files are absolutely essential to operation of the website. Consequently, there is no possibility of objection on the part of the user.
IV. Web analysis by means of Google Analytics
1. Description and scope of personal data processing
Please note that on the Google Analytics website, the code “gat._anonymizeIp();” has been added in order to ensure anonymised collection of IP addresses (IP masking).
Our website uses Google conversion tracking. If you have reached our website via an advertisement delivered by Google, a cookie is deposited on your computer by Google AdWords. The cookie for conversion tracking is deposited if a user clicks on an advert delivered by Google. These cookies become invalid after 30 days and are not used for personal identification. If the user visits specific pages of our website and the cookie has not yet expired, we and Google can detect that the user has clicked on the advert and been forwarded to this page. Every Google AdWords customer receives another cookie. Therefore, cookies cannot be tracked via the websites of AdWords customers. The information obtained by means of the conversion cookies is used in preparing conversion statistics for AdWords customers who have opted for conversion tracking. The customers find out the total number of users who have clicked on their advert and been forwarded to a site provided with a conversion tracking tag. However, they do not receive any information with which users can be personally identified.
If you do not want to participate in tracking, you can reject the depositing of a cookie that is required for this – for instance via a browser setting that deactivates all automatic depositing of cookies, or by configuring your browser in such a way that cookies from the domain “googleleadservices.com“ are blocked.
By using our web pages, you declare your consent to the processing by Google of the data gathered about you, and to the aforementioned manner of data processing as well as the stated purpose. You can prevent storage of cookies by configuring your browser software accordingly; however, please note that in this case, you may not be able to use all functions of our website to their full extent. In addition, you can prevent the data generated by the cookies and relating to your use of the web pages from being sent to Google and prevent Google from processing these data by downloading and installing the browser plug-in available at https://support.google.com/ads/answer/7395996. Alternatively, you can deactivate the DoubleClick cookies on the site of the Digital Advertising Alliance via the following link (optout.aboutads.info/#!/).
2. Legal basis for processing of personal data
The legal basis for processing of the users’ personal data is point (f) of Article 6 (1) GDPR. Our legitimate interest consists of measuring and improving user acceptance of our website, and serves to make our advertising more effective.
According to Article 45 (3) GDPR, Google ensures that the IP address is transmitted with a level of data security that largely corresponds to EU standards. Google is certified under the Privacy Shield decision of the European Commission: www.privacyshield.gov/participant?id=a2zt000000001L5AAI
The US Department of Commerce has the certification documents. The adequacy decision of the European Commission regarding the Privacy Shield guarantees minimum standards for the protection of personal data of Europeans that are stored or processed in the USA.
IP anonymisation is active on this website. On behalf of the operator of this website, on the basis of a contract pursuant to Article 28 GDPR, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide the website operator with further services associated with website use and internet use.
3. Purpose of data processing
Processing of the users’ personal data enables us to analyse our users’ surfing behaviour. Evaluating the extracted data allows us to compile information on the use of individual components of our website. This helps us to constantly improve our website and make it more user-friendly.
These purposes also account for our legitimate interest in processing the data as per point (f) of Article 6 (1) GDPR. The users’ interest in protection of their personal data is sufficiently taken into account through anonymisation of the IP address. The IP address sent from your browser in the context of Google Analytics is not combined with other Google data.
4. Period saved
The data are erased as soon as they are no longer needed for our record-keeping purposes.
The cookie “_ga“ from Google Analytics that is stored on your computer has a maximum lifetime of 2 years. After this, it will be automatically erased.
5. Option of objection and rectification
On our website, we give our users the opportunity to opt out of the analysis process. To do this, you must follow the relevant link. In this way, a further cookie is deposited on their system, telling our system not to store the user’s data. If the user erases the corresponding cookie from their own system in the meantime, they must deposit the opt-out cookie again.
In addition, to prevent the data generated by the Google Analytics cookie and relating to use of the website (including your IP address) from being sent to Google and prevent Google from processing these data, you can download and install the browser plug-in available via the following link: tools.google.com/dlpage/gaoptout?hl.
If you prevent your browser from accepting cookies, this means that the deactivation cookie cannot be deposited either.
If you erase the cookies on your computer, you must also deposit the deactivation cookie again by clicking on the link provided above.
V. Social media and plug-ins
This website uses social plug-ins from the following companies:
1. Facebook, Google+ and YouTube
Social plug-ins from Facebook and Google (Google+ and YouTube) are used on this website. These are provided by the US companies Facebook and Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”)).
When you visit a page that has a plug-in of this kind, your browser establishes a connection to Facebook/YouTube and Google and the content is loaded from these pages. Your visit to this website may therefore be tracked by Facebook/YouTube and Google even if you do not actively use the function of the social plug-in. If you have a Facebook or Google account, you can use a social plug-in of this kind and thus share information with your friends. Staytoo has no influence on the content of the plug-ins or transmission of information.
Facebook/YouTube and Google provide detailed information on the scope, nature, purpose and further processing of your data on their websites. You will also find further information on your rights and configuration options to protect your privacy.
In addition, this website uses Twitter buttons. They are operated by Twitter Inc. (795 Folsom St., Suite 600, San Francisco, CA 94107, USA). If you visit a page that contains a button of this kind, a direct connection is established between your browser and the Twitter servers. Therefore, the website operator has no influence at all over the nature and scope of the data that the plug-in sends to the servers of Twitter Inc.
According to Twitter Inc., only your IP address is gathered and stored here. Information on how Twitter Inc. handles personal data can be found here: twitter.com/en/privacy
Furthermore, plug-ins of the social network Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA (“Instagram”) are integrated in this website. The Instagram plug-in can be identified from the Instagram button on our site.
Furthermore, plug-ins of the social network Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA (“Pinterest”) are integrated in this website. The Pinterest plug-in can be identified from the Pin It button on our site.
In addition to the social plug-ins, the following plug-ins and services of third-party providers are incorporated in the website:
1. Zendesk (plug-In)
5. Easy Square
Digitalised moving-in and moving-out reports:
A cookie is a small text file stored on your computer by the operator of a website. Cookies are mainly intended to make visits to the website safer, faster and more convenient.
You have the option to change your browser settings in such a way that cookies are blocked as required or approved on an individual basis. If you block the storage of cookies, you may not be able to make full use of the interactive functions on this or another website.
Legal basis for data processing
The legal basis for processing of personal data with the use of technically essential cookies is point (f) of Article 6 (1) GDPR.
Purpose of data processing
The user data gathered by means of technically essential cookies are not used to create user profiles.
The analysis cookies are used for the purpose of improving the quality and content of our website. From the analysis cookies, we learn how the website is used, enabling us to constantly optimise our offering.
These purposes also account for our legitimate interest in processing personal data as per point (f) of Article 6 (1) GDPR.