Privacy & Cookie Policy
as per the GDPR

I. Name and address of controller

The controller as defined by the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is:

MPC Micro Living Development GmbH
Palmaille 67
22767 Hamburg
Germany

Tel.: +49 (0) 40 3 80 22 – 4200
E-Mail: privacy@staytoo.com
Website: www.staytoo.de


II. General information on data processing

1. Scope of personal data processing
As a rule, we collect and utilise our users’ personal data only if this is required to provide a functional website as well as our content and services. Personal data of our users are regularly gathered and used only on a statutory basis. One exception applies in cases in which there is no apparent statutory basis and processing of the data can only be legitimised by means of consent.

2. Legal basis for processing of personal data
If we obtain consent for processing of personal data from the data subject, point (a) of Article 6 (1) of the EU General Data Protection Regulation (GDPR) serves as the legal basis.

In the event of processing of personal data that is required for fulfilment of a contract to which the data subject is party, point (b) of Article 6 (1) GDPR serves as the legal basis. This also applies to processing measures that are required in order to perform pre-contractual actions.

If processing of personal data is required in order to fulfil a legal obligation that is incumbent upon our company, point (c) of Article 6 (1) GDPR serves as the legal basis.

In the event that vital interests of the data subject or of another natural person necessitate the processing of personal data, point (d) of Article 6 (1) GDPR serves as the legal basis.

If processing is required in order to uphold a legitimate interest of our company or of a third party and the interests, fundamental rights and freedoms of the data subject do not override the former interest, point (f) of Article 6 (1) GDPR serves as the legal basis for processing.

3. Erasure of data and period stored
The personal data of the data subject are erased or blocked as soon as the purpose of storage ceases to apply. Storage can additionally be carried out if the European or national legislature has made provisions for this in Union regulations, acts or other rules to which the controller is subject. Blocking or erasure of the data is also carried out if a storage period specified by the aforementioned standards expires, unless it is necessary to continue storing the data in order to conclude or fulfil a contract.


III. Provision of the website and creation of log files
s

1. Description and scope of data processing
Each time our website is accessed, our system automatically records data and information from the computer system of the accessing computer.

The following data are gathered here:

Information on the browser type and the version used

  • The user’s operating system
  • The user’s IP address
  • The data and time of access
  • Websites from which the user’s system reaches our website
  • Websites that are accessed by the user’s system via our website

The data are also stored in the log files of our system. These data are not stored together with other personal data of the user.

Security
To ensure communication with you remains confidential, we employ TLS encryption for data transmission. The 128-bit encryption this affords is considered secure based on the current state of technology. All new-generation browsers afford this level of security. You may need to update your PC’s browser to the latest version.
Employees of MPC Capital Group companies are bound to uphold data privacy regulations pursuant to Section 5 of the Federal Data Privacy Act. Our data-processing and security technologies are upgraded on an ongoing basis to meet the latest standards and requirements.

2. Legal basis for data processing
The legal basis for temporary storage of the data and log files is point (f) of Article 6 (1) GDPR.

3. Purpose of data processing
Temporary storage of the IP address by the system is necessary in order to enable delivery of the website to the user’s computer. To this end, the user’s IP address must be stored for the duration of the session.

Storage in log files is carried out in order to ensure that the website works properly. In addition, we use the data to help us optimise the website and to ensure the security of our IT systems. No evaluation of the data for marketing purposes is performed in connection with this.

These purposes also account for our legitimate interest in data processing as per point (f) of Article 6 (1) GDPR.

4. Period saved
The data are erased as soon as they are no longer needed to fulfil the purpose for which they were gathered. In the event of data recording for provision of the website, this is the case when the respective session is ended.

In the event of data storage in log files, this is the case after no more than 365 days.

IP addresses are fully logged for a maximum of 24 hours. Thereafter, anonymisation is performed by erasing the last octet so that it is no longer possible to associate with the accessing client.

5. Option of objection and rectification
Data recording to provide the website and storage of data in log files are absolutely essential to operation of the website. Consequently, there is no possibility of objection on the part of the user.


IV. Web analysis by means of Google Analytics

1. Description and scope of personal data processing
This website uses Google Analytics, a web analysis service of Google Inc. (“Google”). Google Analytics uses cookies, text files that are stored on your computer and enable analysis of your use of the website. The information generated by the cookie regarding your use of this website is usually sent to a Google server in the USA and stored there. However, if IP anonymisation is activated on this website, Google shortens your IP address beforehand within member states of the European Union or in other countries that are signatories to the Agreement on the European Economic Area. The full IP address is only sent to a Google server in the USA and shortened there in exceptional cases.

Further information on conditions of use, data processing measures and data protection can be found at www.google.com/analytics/terms/gb.html and at support.google.com/analytics/answer/6004245?hl=.

Please note that on the Google Analytics website, the code “gat._anonymizeIp();” has been added in order to ensure anonymised collection of IP addresses (IP masking).

Our website uses Google conversion tracking. If you have reached our website via an advertisement delivered by Google, a cookie is deposited on your computer by Google AdWords. The cookie for conversion tracking is deposited if a user clicks on an advert delivered by Google. These cookies become invalid after 30 days and are not used for personal identification. If the user visits specific pages of our website and the cookie has not yet expired, we and Google can detect that the user has clicked on the advert and been forwarded to this page. Every Google AdWords customer receives another cookie. Therefore, cookies cannot be tracked via the websites of AdWords customers. The information obtained by means of the conversion cookies is used in preparing conversion statistics for AdWords customers who have opted for conversion tracking. The customers find out the total number of users who have clicked on their advert and been forwarded to a site provided with a conversion tracking tag. However, they do not receive any information with which users can be personally identified.

If you do not want to participate in tracking, you can reject the depositing of a cookie that is required for this – for instance via a browser setting that deactivates all automatic depositing of cookies, or by configuring your browser in such a way that cookies from the domain “googleleadservices.com“ are blocked.

We use the remarketing technology of Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google“). Via this technology, users who have already visited our web pages and online services and are interested in the offering are addressed again by means of targeted advertising on the pages of the Google Partners network. The advertising is displayed through the use of cookies – these are small text files that are stored on the user’s computer. By means of the text files, user behaviour while visiting the site can be analysed, and can subsequently be used for targeted product recommendations and interest-based advertising.

DoubleClick by Google is a service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). DoubleClick by Google uses cookies to present you with adverts relevant to you. A pseudonymous identification number (ID) is assigned to your browser here in order to check which adverts have been displayed in your browser and which adverts have been accessed. The cookies do not contain any personal information. Use of the DoubleClick cookies only enables Google and its partner websites to deliver adverts on the basis of previous visits to our website or other websites on the internet. The information generated by the cookies is transmitted to a server in the USA by Google for evaluation and stored there. Google complies with the data protection regulations of the US Privacy Shield agreement and is registered with the Privacy Shield programme of the US Department of Commerce. The data are only transmitted to third parties by Google on the basis of statutory regulations or in the context of order data processing. Google will never combine your data with other data gathered by Google.

By using our web pages, you declare your consent to the processing by Google of the data gathered about you, and to the aforementioned manner of data processing as well as the stated purpose. You can prevent storage of cookies by configuring your browser software accordingly; however, please note that in this case, you may not be able to use all functions of our website to their full extent. In addition, you can prevent the data generated by the cookies and relating to your use of the web pages from being sent to Google and prevent Google from processing these data by downloading and installing the browser plug-in available at https://support.google.com/ads/answer/7395996. Alternatively, you can deactivate the DoubleClick cookies on the site of the Digital Advertising Alliance via the following link (optout.aboutads.info/#!/).

Googletagmanager.com: JavaScript code of the company Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter referred to as: Google) is uploaded on our site. If you have activated JavaScript in your browser and have not installed a JavaScript blocker, your browser may transmit personal data to Google. To prevent Google from executing JavaScript code altogether, you can install a JavaScript blocker (e.g. www.noscript.net).

2. Legal basis for processing of personal data
The legal basis for processing of the users’ personal data is point (f) of Article 6 (1) GDPR. Our legitimate interest consists of measuring and improving user acceptance of our website, and serves to make our advertising more effective.

According to Article 45 (3) GDPR, Google ensures that the IP address is transmitted with a level of data security that largely corresponds to EU standards. Google is certified under the Privacy Shield decision of the European Commission: www.privacyshield.gov/participant?id=a2zt000000001L5AAI

The US Department of Commerce has the certification documents. The adequacy decision of the European Commission regarding the Privacy Shield guarantees minimum standards for the protection of personal data of Europeans that are stored or processed in the USA.

IP anonymisation is active on this website. On behalf of the operator of this website, on the basis of a contract pursuant to Article 28 GDPR, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide the website operator with further services associated with website use and internet use.

3. Purpose of data processing
Processing of the users’ personal data enables us to analyse our users’ surfing behaviour. Evaluating the extracted data allows us to compile information on the use of individual components of our website. This helps us to constantly improve our website and make it more user-friendly.

These purposes also account for our legitimate interest in processing the data as per point (f) of Article 6 (1) GDPR. The users’ interest in protection of their personal data is sufficiently taken into account through anonymisation of the IP address. The IP address sent from your browser in the context of Google Analytics is not combined with other Google data.

4. Period saved
The data are erased as soon as they are no longer needed for our record-keeping purposes.

The cookie “_ga“ from Google Analytics that is stored on your computer has a maximum lifetime of 2 years. After this, it will be automatically erased.

5. Option of objection and rectification
Cookies are stored on the user’s computer and transmitted from the computer to our site. Therefore, as the user, you have full control over the use of cookies. By changing the settings in your web browser, you can deactivate or restrict the transferring of cookies. Cookies that have already been stored can be erased at any time. This can also be performed automatically. If cookies are deactivated for our website, it is possible that some functions of the website will no longer be fully usable.

On our website, we give our users the opportunity to opt out of the analysis process. To do this, you must follow the relevant link. In this way, a further cookie is deposited on their system, telling our system not to store the user’s data. If the user erases the corresponding cookie from their own system in the meantime, they must deposit the opt-out cookie again.

In addition, to prevent the data generated by the Google Analytics cookie and relating to use of the website (including your IP address) from being sent to Google and prevent Google from processing these data, you can download and install the browser plug-in available via the following link: tools.google.com/dlpage/gaoptout?hl.

If you prevent your browser from accepting cookies, this means that the deactivation cookie cannot be deposited either.

If you erase the cookies on your computer, you must also deposit the deactivation cookie again by clicking on the link provided above.


V. Social media and plug-ins

This website uses social plug-ins from the following companies:

1. Facebook, Google+ and YouTube
Social plug-ins from Facebook and Google (Google+ and YouTube) are used on this website. These are provided by the US companies Facebook and Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”)).

When you visit a page that has a plug-in of this kind, your browser establishes a connection to Facebook/YouTube and Google and the content is loaded from these pages. Your visit to this website may therefore be tracked by Facebook/YouTube and Google even if you do not actively use the function of the social plug-in. If you have a Facebook or Google account, you can use a social plug-in of this kind and thus share information with your friends. Staytoo has no influence on the content of the plug-ins or transmission of information.

Facebook/YouTube and Google provide detailed information on the scope, nature, purpose and further processing of your data on their websites. You will also find further information on your rights and configuration options to protect your privacy.

Facebook privacy information: www.facebook.com/about/privacy
Google privacy information: policies.google.com/privacy?hl

2. Twitter
In addition, this website uses Twitter buttons. They are operated by Twitter Inc. (795 Folsom St., Suite 600, San Francisco, CA 94107, USA). If you visit a page that contains a button of this kind, a direct connection is established between your browser and the Twitter servers. Therefore, the website operator has no influence at all over the nature and scope of the data that the plug-in sends to the servers of Twitter Inc.

According to Twitter Inc., only your IP address is gathered and stored here. Information on how Twitter Inc. handles personal data can be found here: twitter.com/en/privacy

3. Instagram
Furthermore, plug-ins of the social network Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA (“Instagram”) are integrated in this website. The Instagram plug-in can be identified from the Instagram button on our site.

If you click on the Instagram button while you are logged into your Instagram account, you can link the content of our pages to your Instagram profile. As a result, Instagram can associate the visit to our pages with your user account. Please note that we are not notified of the content of the data transmitted or its use by Instagram. Further information can be found in Instagram’s privacy policy:: instagram.com/about/legal/privacy/.

4. Pinterest
Furthermore, plug-ins of the social network Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA (“Pinterest”) are integrated in this website. The Pinterest plug-in can be identified from the Pin It button on our site.

If you click on the Pin It button while you are logged into your Pinterest account, you can link the content of our pages to your Pinterest profile. As a result, Pinterest can associate the visit to our pages with your user account. Please note that we are not notified of the content of the data transmitted or its use by Pinterest. Further information can be found in Pinterest’s privacy policy: policy.pinterest.com/en-gb/privacy-policy.

5. LinkedIn
Furthermore, plug-ins of the social network LinkedIn are integrated in this website. Plug-ins from the social network LinkedIn and the LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA (“LinkedIn“) can be found on our website. The LinkedIn plug-ins can be identified from the corresponding logo or the Recommend button. Please note that when you visit our website, the plug-in establishes a connection between your respective web browser and LinkedIn’s server. LinkedIn is thus notified that our website has been visited with your IP address. If you click on the LinkedIn Recommend button whilst logged into your LinkedIn account, you have the opportunity to link content of our web pages to your LinkedIn profile page. You enable LinkedIn to associate your visit to our website with you and your user account here. You need to know that we receive no notification of the content of the data transmitted or its use by LinkedIn. Further information can be found in LinkedIn’s privacy policy:: www.linkedin.com/legal/privacy-policy

6. Whatsapp
This website uses Whatsapp for Business, an instant messaging service founded in 2009, which has been part of Facebook Inc. since 2014,, https://www.whatsapp.com/ to provide guidance and assistance to customers. This allows prospective tenants to communicate with the operator via chat in real time and gives them the opportunity to satisfy their personal information needs in a very practical way. Furthermore, this service is used to contact the prospective tenant after a sent booking enquiry. For more information, please see Whatsapp’s privacy policy: https://www.whatsapp.com/legal/#privacy-policy

In addition to the social plug-ins, the following plug-ins and services of third-party providers are incorporated in the website:

1. Zendesk (plug-In)
This website uses Zopim, a customer-service support function of Zendesk Inc., 1019 Market St, San Francisco, CA, 94103, USA (“Zendesk”), https://www.zendesk.de/ in order to advise, help and guide customers and assist them in the event of questions. Therefore, visitors to the website can communicate with the operator via the chat feature and can obtain the personalised information they need in a highly practical way. Further information can be found in Zendesk’s privacy policy: www.zendesk.com/company/customers-partners/privacy-policy/

2. Mailchimp
This website uses the online marketing platform “Mailchimp”, operated by The Rocket Science Group LLC, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA, to send e-mail newsletters. If you add your e-mail address, first and last name to the mailing list, this data will first be temporarily stored at the list provider (“MailChimp”). The e-mail address is only stored for the purpose of sending the owner of the e-mail address an e-mail in which he can confirm membership in the e-mail list (“double opt-in”). If the e-mail address has been confirmed, it will be stored permanently at the list provider until the e-mail address is deleted by the owner of the e-mail address or by me as the list operator. In addition, profile updates, geolocalization and the time zone are saved/performed when subscribing to and opening the newsletter. In addition, the language setting of the browser is forwarded. Furthermore, information is forwarded to Google Analytics to track the interaction of newsletter subscribers. Data which are forwarded to Google Analytics can be found in point V. Further information can be found in Mailchimp’s privacy policy: https://mailchimp.com/legal/privacy/

3. Shore
To manage viewing appointments, the website uses a viewing tool from Shore GmbH, Seidlstrasse 23, 80335 Munich, Germany. This tool gives customers the opportunity to arrange a viewing appointment. The tool is integrated in the staytoo.de website, and can be reached via the sidebar icon (orange dot with a calendar) and via buttons that indicate a viewing appointment. Further information can be found in Shore’s privacy policy: www.shore.com/en/data-protection//

4. Aareon
For the enquiry form, Staytoo uses a leading consultancy and systems firm that specialises in complex business processes relating to management. Via the enquiry form provided by Aareon, customers can enter their product preferences online. As a result, Staytoo can manage the data and provide customers with bespoke offers in order to guarantee satisfaction. Aareon’s head office and servers are situated at Isaac-Fulda-Allee 6, 55124 Mainz, Germany. Further information can be found in Aareon’s privacy policy: www.aareon.de/sixcms/detail.php/46076

5. Easy Square
Digitalised moving-in and moving-out reports:

To simplify the process of moving in and out, a digital solution from Promos consult Projektmanagement, Organisation und Service GmbH, Rungestrasse 19, 10179 Berlin, Germany is used. With this firm’s “easysquare“ product, the administrator can map and process several management activities of tenants on-site via a mobile-ready device. This particularly relates to the drafting of moving-in and moving-out reports. Further information can be found in EasySquare’s privacy policy: www.easysquare.com/dataprivacy

Cookies
A cookie is a small text file stored on your computer by the operator of a website. Cookies are mainly intended to make visits to the website safer, faster and more convenient.

To offer additional functions that make our web pages easier to use, ensure a smooth registration process or generate information on use of our web pages, enabling us to gear them to our customers more effectively, we use cookies: session cookies and persistent cookies. This means that information on your use of our website is stored in files on our computer. A session cookie is erased after the visit to the website. A persistent cookie is stored on your computer for a defined period. More precise details can be found in the list of cookies. When you visit our website again, the stored information is read again, thus removing the need to enter data again, for instance.

You have the option to change your browser settings in such a way that cookies are blocked as required or approved on an individual basis. If you block the storage of cookies, you may not be able to make full use of the interactive functions on this or another website.

Legal basis for data processing
The legal basis for processing of personal data with the use of technically essential cookies is point (f) of Article 6 (1) GDPR.

The legal basis for processing of personal data with the use of cookies for analysis purposes, subject to the user’s consent to this, is point (a) of Article 6 (1) GDPR.

Purpose of data processing
The purpose of the use of technically essential cookies is to make websites easier to use. Some functions of our website cannot be offered without the use of cookies. To this end, it is also essential for the browser to be recognised again after a page change.

The user data gathered by means of technically essential cookies are not used to create user profiles.

The analysis cookies are used for the purpose of improving the quality and content of our website. From the analysis cookies, we learn how the website is used, enabling us to constantly optimise our offering.

These purposes also account for our legitimate interest in processing personal data as per point (f) of Article 6 (1) GDPR.

Provider Name Duration Purpose Category Type
staytoo.de super_session deleted after current browser session (Session) This cookie is used in the current session to display the contact form and newsletter form to the user. Essential HTTP
staytoo.de wpml_browser:redirect_test deleted after current browser session (Session) Remembers language settings for current session to improve user experience. Functionality HTTP
zopim.com _cfduid This cookie expires in 364 days Zopim (Zendesk) tracking code. Advertising HTTP
google.com NID This cookie expires in 182 days Google advertising cookie used to personalize ads in Google search pages. Advertising HTTP
staytoo.de AWSALB This cookie expires in 6 days Used by Zopim live chat to get in touch via the website. Marketing HTTP
staytoo.de _zlcmid This cookie expires in 364 days ZenDesk (formerly Zopim) tracking cookie. Marketing HTTP
staytoo.de _ga This cookie expires in 729 days Used to distinguish users. Analytics HTTP
staytoo.de _gid deleted after current browser session (Session) Used to distinguish users. Analytics HTTP
staytoo.de _gat:UA53372709-9 deleted after current browser session (Session) Used to throttle request rate. Analytics HTTP
youtube.com YSC deleted after current browser session (Session) Register a unique ID to keep statistics of YouTube videos that the user has seen. Advertising HTTP
youtube.com Visitor_info1_live This cookie expires in 179 days Used by YouTube (Google) for storing user preferences and other unspecified purposes – https://www.google.com/policies/privacy Advertising HTTP
youtube.com PREF This cookie expires in 243 days The PREF cookie remembers basic preferences, such as choice of language, format of search results, how to display information, so the visitor don’t need to set preferences each time he use the site. https://www.google.com/policies/privacy Advertising HTTP
staytoo.de time deleted after current browser session (Session) Used by YouTube (Google) for storing user preferences and other unspecified purposes – https://www.google.com/policies/privacy Advertising HTTP
Facebook.com fr This cookie expires in 89 days The Facebook advertising cookie used to measure and improve the relevance of advertisements. Advertising HTTP
staytoo.de cp-impression-added-forcp_id_ce8c3 deleted after current browser session (Session) Show latest news and important information via a pop-up on the display. Marketing HTTP

VI. Rights of the data subject
You have the right:

  • pursuant to Article 15 GDPR to request information on your personal data that is processed by us. In particular, you may request information on the purposes of the processing, on the categories of personal data, on the categories of recipients to whom your personal data have been or will be disclosed, on the envisaged period stored, on the existence of the right to request rectification, erasure, restriction of processing or to object, on the existence of the right to lodge a complaint, on the source of your data if they are not collected by us and on the existence of automated decision-making, including profiling and any meaningful information about the particulars thereof;;
  • pursuant to Article 16 GDPR to request prompt rectification of inaccurate personal data or completion of your personal data that is stored by us;
  • pursuant to Article 17 GDPR to request the erasure of your personal data that are stored by us, provided that processing is not required for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims;
  • pursuant to Article 18 GDPR to request the restriction of processing of your personal data, if you contest the accuracy of the data, if the processing is unlawful but you oppose its erasure and we no longer need the data but you require them for the establishment, exercise or defence of legal claims or if you have objected to processing pursuant to Article 21 GDPR;;
  • pursuant to Article 20 GDPR to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request transmission to another controller;
  • pursuant to Article 7 (3) GDPR to withdraw the consent you have already granted us at any time. The result of this will be that we are no longer permitted to continue the data processing that was based on this consent in future and
  • pursuant to Article 77 GDPR to lodge a complaint with a supervisory authority. To do so, you may generally contact the supervisory authority of your habitual residence or place of work or our company headquarters.

1. Right to object (to advertising)
Provided that your personal data are processed based on the legitimate interests under point (f) of Article 6 (1) GDPR, you have the right pursuant to Article 21 GDPR to object to the processing of your personal data to the extent that there are grounds for this relating to your particular situation or if the objection is to direct marketing. In the latter case, you have a general right to object that will be enforced by us without specifying a particular situation.

If you would like to assert your right to withdraw or object, it is sufficient to send an email to privacy@staytoo.com


2. Changes to data protection standards
If any change to these data protection standards become necessary in future, you will always be able to find the latest version here.

Diese Cookies werden genutzt, um Ihnen Werbung zu präsentieren, die besser zu Ihnen passt. Wir könnten diese Daten mit Anzeigenkunden teilen oder sie nutzen, um Ihre Interessen besser verstehen zu lernen. Werbe-Cookies könnten beispielsweise genutzt werden, um Daten mit Anzeigenkunden zu teilen, damit die angezeigten Anzeigen besser zu Ihren Interessen passen, damit Sie bestimmte Seiten auf sozialen Netzwerken teilen können oder damit Sie Kommentare auf unserer Site veröffentlichen können.
Accept