Privacy policy

Privacy policy for (prospective) tenants and guests at the Rosenberg Quartier in Heilbronn

Last updated 06/2022

We take the protection of your personal data very seriously and strive to provide you with comprehensive information about the processing of your personal data. The following privacy policy explains how and for what purposes we process your personal data if you are a (prospective) tenant or guest at the Rosenberg Quartier in Heilbronn. Data are processed primarily via the online portal at https://Rosenberg-Quartier.de/ ("Online Portal"), the Rosenberg Quartier app ("App") and in direct contact with you, for example by e-mail.

As a rule, the personal data of yours that we collect is obtained directly from you. The statutory basis is, in particular, the EU General Data Protection Regulation (GDPR).

1. Controller within the meaning of Article 4(7) GDPR

The controller within the meaning of Article 4(7) GDPR is:

Schwarz Immobilien Service GmbH & Co. KG
Stiftsbergstraße 1
74172 Neckarsulm, Germany

hereinafter "we" or "us"

Tel: +49 7132 30 486 100
E-mail: info@rosenberg-quartier.de

2. Application for a student apartment or a non-serviced apartment

This section outlines the data processing carried out so that you can apply for a student apartment or a non-serviced apartment in the Rosenberg Quartier. For this purpose we provide an online portal that can be accessed at https://Rosenberg-Quartier.de/.

2.1. Purposes and legal basis of processing
2.1.1. Mandatory information that you have to provide during the application process:

If you apply for one of our apartments, we will process data including your basic information, such as your last name, first name and date of birth, your telephone number and your address and contact details (Article 6(1)(b) GDPR). We process this information so that we can process your application and potentially prepare a lease on that basis.

The data that we process also includes your identification document, e.g., your personal ID card or your passport, information on your matriculation status including matriculation number (for students), information on your occupation, your nationality and, if you are not an EU national, your visa (Article 6(1)(f) GDPR). We have a legitimate interest in clearly verifying your identity and checking that you are eligible for an apartment.
We also collect your matriculation status and matriculation number because we are required to prove that our student apartments actually house students (Article 6(1)(c) GDPR).

We process your e-mail address and your selected password, also on the basis of Article 6(1)(b) GDPR, in order to provide you with access to our Online Portal for the purpose of the application process and subsequently to manage your (tenant) data.

On the basis of Article 6(1)(b) GDPR, we also process information on relationships with relatives and legal guardians if an application is being made in the name of one or several legal guardians for a student who is a minor, or if the consent of the legal guardian(s) is stored. This information is only mandatory if you are a minor.

2.1.2. Voluntary information that you can opt to provide during the application process:

If you opt to provide us with proof of your salary and/or a certificate confirming that you do not have any rent arrears as part of the application process, we will process this data on the basis of Article 6(1)(f) GDPR. We have a legitimate interest in confirming your payment reliability and ability to pay within this context.

You can provide us with your payment details when you apply for an apartment. In such cases, we will process the data on the basis of Article 6(1)(b) GDPR so that we can return your security deposit after the end of a potential lease.

2.1.3. Processing of data for technical reasons:
 
On the basis of Article 6(1)(f) GDPR, we also record when you log in and out of our Online Portal. In the event of a system failure or malfunction, we have a legitimate interest in finding out who used the system and whether this use potentially resulted in the malfunction.

2.2. Obligation to provide your data

You are under no statutory or contractual obligation to provide personal data to us for the purposes of your application. If, however, you do not provide us with the corresponding information, we will not be able to process and will reject your application.

2.3. Storage time

If we reject your application, we will erase the personal data disclosed or provided by you at the latest 12 months after your most recent activity in the REOS portal.

The documents uploaded by you will be erased after we notify you of the rejection.

We will erase the identification document and any visa you have uploaded as part of the application process without undue delay after verifying your identity/residence rights.

If your application is successful and we enter into a lease agreement with you, we will save the corresponding data for a period of up to 12 years after the lease has ended.

Log data for use of the tenant management Online Portal will be erased 7 days after the respective use.

3. Renting a student apartment or non-serviced apartment via the Online Portal

This section outlines the data processing carried out in connection with renting a student apartment or a non-serviced apartment in the Rosenberg Quartier.

3.1. Purposes and legal basis of processing

If you rent one of our student apartments or non-serviced apartments, we will process your information including your basic information, such as your name and date of birth, your address and contact details, your payment details, your signature, information on the lease start and end date, as well as information on your rent (incl. utilities/flat-rate) or the electricity, water and heating used by you (Article 6(1)(b) GDPR). We process this data so that we can perform/settle payments under the lease agreement we have entered into with you.

If you use the Internet access available at the Rosenberg Quartier, we also process information on the hardware you use to access the Internet (MAC address), your IP address and the user name and password you have selected to access the Internet so that we can provide you with a corresponding WLAN/LAN Internet connection. This processing is based on Article 6(1)(b) GDPR so that we can bill the Internet usage as agreed.

On the basis of Article 6(1)(f) GDPR, we also process information on when you used the Internet connection and how much data was transmitted. This data concerning users is aggregated (consolidated) so that it can no longer be allocated to a single user and is used by us for statistical purposes (e.g., number of users per day and total upload and download figures for all users over the past month) so that we can maintain the functionality of the network and make sufficient bandwidth available.

We process your e-mail address and your selected password on the basis of Article 6(1)(b) GDPR in order to provide you with access to our Online Portal to manage your (tenant) data. Section 4 provides more detailed information on the data processed when using the Online Portal.

3.2. Obligation to provide your data

By entering into the lease agreement, you agree to provide us with your personal data that we require to ensure the due and proper performance of and settlement of payments under the lease. This includes, in particular, your basic information, address details, contact details and payment details. If you do not provide us with the required data, we cannot enter into a lease agreement with you or perform the lease agreement.

3.3. Storage time

We will store your personal data for a period of up to 12 years after the lease has ended.

Log data for use of the tenant management Online Portal will be erased 7 days after the respective use. Your access data for the Online Portal (user name, e-mail address and password) will be erased two years after the lease has ended.

4. Booking a serviced apartment via the Online Portal

This section outlines how we process your data when you use our Online Portal to book a serviced apartment (short-term rental with additional services).

4.1. Purposes and legal basis of processing
4.1.1. Mandatory information that you have to provide during the booking process:

If you book a serviced apartment, we will process data including your basic information, such as your last name, first name, telephone number and e-mail address, your address and contact details, and the purpose of your stay (private or business) (Article 6(1)(b) GDPR). We process data in order to process your booking, provide you information on your arrival and your stay, and issue you an invoice.

On the basis of Article 6(1)(b) GDPR, payment provider Adyen N.V. also processes details relating to your payment method (e.g., payment method, card number, expiration date, security code) to process your payment.  

4.1.2. Voluntary information that you can opt to provide during the booking process:

If you choose to create a customer account, we process your specified e-mail address and your selected password on the basis of Article 6(1)(b) GDPR in order to provide you with access to our Online Portal to manage your data. By registering, you can manage your bookings easily and will not have to enter your basic information again each time you make a booking.

You also have the option of saving a telephone number, which we process on the basis of Article 6(1)(f) GDPR. Our legitimate interest lies in facilitating (further) contact and sending booking details by text message.

4.1.3. Processing of data for technical reasons:

On the basis of Article 6(1)(f) GDPR, we record when you log in and out of our online booking portal. In the event of a system failure or malfunction, we have a legitimate interest in finding out who used the system and whether this use potentially resulted in the malfunction.

4.2. Obligation to provide your data

You are under no statutory or contractual obligation to provide personal data to us for the purposes of your booking. If, however, you do not provide us with the corresponding information, we will not be able to process and will reject your booking.

4.3. Storage time

If no valid booking is made, we will erase the personal data disclosed or provided by you during the booking process at the latest 12 months after your most recent activity in the booking portal.

If your booking is successful, we will save the corresponding data for a period of up to 12 years after the booking period has ended.

Log data for use of the booking portal will be erased within 7 days after the respective use.

5. Processing of data for technical reasons when using the Online Portal

This section outlines how we process your data from a technical perspective when you use the Online Portal to manage your rental of a student apartment/non-serviced apartment or your booking of a serviced apartment.

5.1. Log files
5.1.1. Purposes and legal basis of processing

When you use the Online Portal, log files are created with the following content:

• the website from which you visit our site;
• the IP address;
• the date and time of access;
• the client request;
• the http response code;
• the data volume transmitted;
• information about the type of browser and operating system you are using.

The legal basis for the processing is Article 6(1)(f) GDPR. Our legitimate interest arises from our interest in displaying our website, protecting the Online Portal and preventing improper and/or fraudulent activity each time that a user accesses this website.

On the basis of Article 6(1)(f) GDPR, we also record when you log in and out of the tenant management Online Portal. In the event of a system failure or malfunction, we have a legitimate interest in finding out who used the system and whether this use potentially resulted in the malfunction.

5.1.2. Obligation to provide your data

You are under no statutory or contractual obligation to provide personal data to us. However, such data will be processed for technical reasons as soon as you access our site. If you do not wish to provide us with the data, then unfortunately you cannot use our website.

5.1.3. Storage time

The data will be erased within 7 days after the respective use.

5.2. Cookies

Cookies are used in the Online Portal. Cookies are small text files that are sent from the web server to your terminal device (PC, notebook, smartphone or tablet) when you visit this website and are stored there in the Internet browser you are using. Cookies may serve a variety of functions.

You may also configure your browser to ensure that a warning appears every time a new cookie is placed. This makes the use of cookies more transparent for you. You may also configure your browser to refuse acceptance of all or some cookies from certain sources. Please be advised, however, that disabling cookies may limit the functionality of this website.

5.2.1. Purposes and legal basis of processing

We use the following cookies on the basis of Article 6(1)(f) GDPR to ensure the technical availability and functionality of our website. Our legitimate interest follows from the aforementioned purposes. The cookies generate a session ID that allocates the session to your user data record.

• "XSRF-TOKEN" to verify form submissions
• "reos_onboarding_session" to attribute the browser to the user data record
• "reos_tss_session" to attribute the browser to the user data record for users of the TSS app/TSS web

5.2.2. Obligation to provide your data

You are under no statutory or contractual obligation to provide personal data to us. If you do not want to provide us with this data, you can prevent this by configuring the settings referred to above accordingly.

5.2.3. Storage time

The abovementioned cookies will be stored for a period of two hours.

6. Use of the Rosenberg Quartier App

The following section outlines the data processing associated with use of the Rosenberg Quartier App.

6.1. Purposes and legal basis of processing

To use the Rosenberg Quartier App, you have to log in using your login details for the Online Portal. If you have booked a serviced apartment, you have to create a new account. We process the login details (e-mail address and password) so that you can use the App as agreed to contact us and view documents relevant to you (Article 6(1)(b) GDPR).

6.1.1. Information you can enter and view in the App:

If you contact us via the App, we process the details provided by you and your basic information so that we can process your inquiry. The legal basis for this is Article 6(1)(b) GDPR, because processing is necessary to fulfill any claims that may arise from our contractual relationship.
 
Furthermore, we process the digital versions of your contract documents so that these can be displayed to you in the App. The legal basis is Article 6(1)(b) GDPR, because this is part of the products/services booked by you.

6.1.2. Processing of data for technical reasons:

 When you use the App, log files are created with the following content:

• the IP address;
• the date and time of access;
• the client request;
• the http response code;
• the data volume transmitted;
• the operating system you use.

The legal basis for the processing is Article 6(1)(f) GDPR. Our legitimate interest arises from our interest in displaying our App, protecting it and preventing improper and/or fraudulent activity each time that a user accesses the App.

On the basis of Article 6(1)(f) GDPR, we also record when you log in and out of the App. In the event of a system failure or malfunction, we have a legitimate interest in finding out who used the system and whether this use potentially resulted in the malfunction.

6.2. Obligation to provide your data

You are under no statutory or contractual obligation to provide personal data to us. However, such data will be processed for technical reasons as soon as you access our App. If you do not wish to provide us with the data, then unfortunately you cannot use our App.

6.3. Storage time

All data associated with our contractual relationship are retained for 12 years.

Data arising from data processing for technical reasons are deleted seven days after their respective use.

7. Recipients/categories of recipient

In exceptional cases, e.g., in the case of technical support, your personal data and uploaded documents may be made available to apaleo GmbH, Dachauerstraße 15A, 80335 Munich, Germany, and REOS GmbH, Amsinckstraße 28, 20097 Hamburg, Germany, as these companies are the technical providers of the Online Portal, the App and our management platform, which is used to process your booking and is where your data are stored.  

Your personal data may be made available to Schwarz IT KG, Stiftsbergstraße 1, 74172 Neckarsulm, Germany, as this company also provides support services for the Rosenberg Quartier project on our behalf.

To process your booking, we also transfer your last name, e-mail address, postal address and telephone number, as well as your selected payment method and an associated token to detco GmbH, Haferwende 36, 28357 Bremen, Germany.

These companies process your personal data on our behalf and exclusively on our instruction (Article 28 GDPR). As such, they do not pursue their own purposes.

In order to provide you with a WLAN and LAN Internet connection, we transmit your basic information (last name, first name), information on the hardware you use (MAC address), when you logged in and out of the network, the data volume transmitted, your IP address and your user name and password for the network to FREDERIX Hotspot GmbH, Oskar-Winter-Straße 9, 30161 Hanover, Germany, which makes part of the infrastructure available and provides corresponding support. We transfer your data referred to above to FREDERIX Hotspot GmbH to provide the requested service and thus on the basis of Article 6(1)(b) GDPR.

In order to add your data to the digital door bell system for the hall of residence and give you access to the mailbox system, we transmit some of your basic information (last name, first name) and your apartment address to Erwin Renz Metallwarenfabrik GmbH & Co KG, Boschstraße 3, 71737 Kirchberg/Murr, Germany, which operates these systems on our behalf. Erwin Renz Metallwarenfabrik GmbH & Co KG processes your personal data on our behalf and exclusively on our instruction (Article 28 GDPR). As such, it does not pursue its own purposes.

We also transfer some of your basic information (last name, first name), your booking number and the address of your apartment to KOST Software GmbH, Hans-Resel-Gasse 17a, 8020 Graz, Austria, which issues access cards for the building complex on our behalf. When you enter your booking number and last name for authentication purposes at one of the special-purpose access card vending machines, the access card is made available and the card number is transferred to us.  KOST Software GmbH processes your personal data on our behalf and exclusively on our instruction (Article 28 GDPR). As such, it does not pursue its own purposes.

In order to settle payments under your lease, the security deposit and any repair costs that you owe, we transmit your basic information (last name, first name, e-mail address, telephone number), address details and payment details to the extent required to Schwarz Dienstleistung KG, Stiftsbergstraße 1, 74172 Neckarsulm, Germany, which assumes responsibility for billing solely on our behalf and as such does not pursue its own purposes.

Your basic information (last name, first name), address details for your apartment and contact details (telephone number and e-mail), as well as damage reports, are transmitted to service companies we have commissioned to the extent required on an ad hoc basis so that these companies can rectify any damage that we or you identify in your apartment and perform repair work.

Your data may be transmitted to other recipients to the extent required on an ad hoc basis if these recipients provide services on our behalf and have to process your data for this purpose.

8. Your rights as a data subject

Pursuant to Article 15(1) GDPR, you have the right to request information, free of charge, on the personal data stored about you.

If the statutory requirements are met, you also have a right to rectification (Article 16 GDPR), erasure (Article 17 GDPR) and restriction of processing (Article 18 GDPR) of your personal data.

If the basis of processing is Article 6(1)(e) or (f) GDPR, you have a right to object under Article 21 GDPR. If you object to processing, your data will no longer be processed thereafter, unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms.

If you have provided the processed data yourself, you have a right to data portability under Article 20 GDPR.

If the data processing is carried out on the basis of consent granted under Article 6(1)(a) or Article 9(2)(a) GDPR, you may revoke that consent at any time with effect for the future without this affecting the lawfulness of the previous processing.

In the above-mentioned cases, or if you have questions or complaints, please write to or e-mail the data protection officer. You also have a right to lodge a complaint with a data protection supervisory authority. The data protection supervisory authority located in the state in which you live or where the controller is domiciled has jurisdiction.

9. Data protection officer contact information

For further questions concerning the processing of your data or the exercise of your rights, please contact the controller's competent data protection officer.

Schwarz Immobilien Service GmbH & Co. KG
Data protection officer
Stiftsbergstraße 1
74172 Neckarsulm, Germany

e-mail: datenschutz@mail.schwarz