We attach great importance to the protection of your data and the preservation of your privacy. Below we therefore inform you about the collection and use of personal data when using our website.
This data protection declaration informs you about the nature, scope and purpose of the processing of personal data (hereinafter referred to as “data”) within our online offering and the websites, functions and content associated with it, as well as external online presences, such as our social media profiles. (hereinafter collectively referred to as the “Online Offer”). With regard to the terms used, such as “personal data” or their “processing”, we refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR).
City Apartment Rhein-Neckar GmbH
Berliner Str. 22a
Phone: +49 (0) 621 – 437 313 20
Fax: +49 (0) 621 – 437 561 21
Name: Castro, Carlos
– Inventory data (e.g., names, addresses)
– Contact details (e.g., email, phone numbers)
– Content data (e.g., text input, photographs, videos)
– Contract data (e.g., subject matter of the contract, term)
– Payment data (e.g., bank details, payment history)
– Usage data (e.g., access times, approx. age, approx. gender)
– Meta/communication data (e.g., device information).
No special categories of data are processed.
Categories of persons concerned by the processing:
– Customers / Interested Parties.
– Visitors and users of the online offer.
In the following, we also refer to the persons concerned collectively as “users”.
– Provision of the online offer, its contents and functions.
– Respond to contact requests and communicate with users.
– Marketing, advertising and market research.
3.1. We take appropriate technical and organizational measures to ensure a level of protection appropriate to the risk in accordance with Article 32 of the GDPR, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of the processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons; the measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical access to the data, as well as access concerning them, input, disclosure, ensuring availability and their separation. Furthermore, we have established procedures to ensure the exercise of data subjects’ rights, deletion of data, and response to data compromise. Furthermore, we already take the protection of personal data into account during the development or selection of hardware, software and processes, in accordance with the principle of data protection through technology design and through data protection-friendly default settings (Article 25 of the GDPR).
3.2. The security measures include, in particular, the encrypted transmission of data between your browser and our server.
4.1. If, in the course of our processing, we disclose data to other persons and companies (processors or third parties), transmit it to them or otherwise grant them access to the data, this will only be done on the basis of a legal permission (e.g. if a transmission of the data to third parties, such as to payment service providers, is required for the performance of the contract pursuant to Art. 6 (1) lit. b GDPR), you have consented, a legal obligation provides for this or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.).
4.2. If we commission third parties with the processing of data on the basis of a so-called “order processing agreement”, this is done on the basis of Art. 28 GDPR.
If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this is done in the context of using third-party services or disclosing or transferring data to third parties, this will only be done if it is done to fulfill our (pre-)contractual obligations, on the basis of your consent, due to a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we process or allow the processing of data in a third country only if the special requirements of Art. 44 et seq. GDPR are met. This means, for example, that processing takes place on the basis of special guarantees, such as the officially recognized determination of a level of data protection that corresponds to that of the EU (e.g., for the USA through the “Privacy Shield”) or compliance with officially recognized special contractual obligations (so-called “standard contractual clauses”).
6.1. You have the right to request confirmation as to whether data in question is being processed and to information about this data, as well as further information and a copy of the data in accordance with Art. 15 GDPR.
6.2. You have accordingly. Art. 16 GDPR the right to request the completion of the data concerning you or the correction of incorrect data concerning you.
6.3. In accordance with Article 17 of the GDPR, you have the right to demand that the data in question be deleted without delay or, alternatively, to demand restriction of the processing of the data in accordance with Article 18 of the GDPR.
6.4. You have the right to request to receive the data concerning you that you have provided to us in accordance with Article 20 of the GDPR and to request its transfer to other data controllers.
6.5. They have further pursuant to Article 77 GDPR the right to lodge a complaint with the competent supervisory authority.
You have the right to withdraw consent granted pursuant to. Art. 7 para. 3 GDPR with effect for the future.
You may object to the future processing of data concerning you in accordance with Art. 21 GDPR at any time. The objection can be made in particular against the processing for purposes of direct advertising.
Our Internet pages use so-called cookies in several places. Cookies are small text files that are stored on your computer and saved by your browser. They serve to make our offer more user-friendly, effective and secure. Furthermore, cookies enable our systems to recognize your browser and provide you with services. Cookies do not contain any personal data.
This website uses Borlabs cookie, which sets a technically necessary cookie (borlabs-cookie) to store your cookie consents.
Borlabs Cookie verarbeitet keinerlei personenbezogenen Daten.
The borlabs-cookie cookie stores the consent you gave when entering the website. If you wish to revoke these consents, simply delete the cookie in your browser. When you re-enter/reload the website, you will be asked again for your cookie consent.
10.2. Germany: According to legal requirements, the storage takes place in particular for 6 years in accordance with § 257 para. 1 HGB (commercial books, inventories, opening balances, annual financial statements, commercial letters, accounting vouchers, etc.) and for 10 years in accordance with § 147 para. 1 AO (books, records, management reports, accounting vouchers, commercial and business letters, documents relevant for taxation, etc.).
10.3. Austria: According to legal requirements, the storage takes place in particular for 7 years in accordance with § 132 para. 1 BAO (accounting records, vouchers/invoices, accounts, receipts, business papers, statement of income and expenses, etc.), for 22 years in connection with real property, and for 10 years for records in connection with electronically provided services, telecommunications, radio and television services provided to non-entrepreneurs in EU member states and for which the Mini-One-Stop-Shop (MOSS) is used.
11.1. We process inventory data (e.g., names and addresses as well as contact data of users), contract data (e.g., services used, names of contact persons, payment information) for the purpose of fulfilling our contractual obligations and services pursuant to. Art. 6 para. 1 lit b. GDPR. The entries marked as mandatory in online forms are required for the conclusion of the contract.
11.2. We process usage data (e.g., the web pages visited on our website, interest in our products) and content data (e.g., entries in the contact form) for advertising purposes in a user profile, e.g., to display product information to users based on the services they have used to date.
11.4. The deletion takes place after the expiry of legal warranty and comparable obligations, the necessity of storing the data is reviewed every three years; in the case of legal archiving obligations, the deletion takes place after their expiry (end of commercial law (6 years) and tax law (10 years) storage obligation); information in the customer account remains until its deletion.
12.1. When contacting us (via contact form or e-mail), the user’s details are used to process the contact request and its handling in accordance with the German Data Protection Act. Art. 6 para. 1 lit. b) GDPR processed.
12.2. User information may be stored in our Customer Relationship Management System (“CRM System”) or comparable inquiry organization.
12.4. We delete the requests if they are no longer necessary. We review the necessity every two years. In the case of legal archiving obligations, deletion takes place after their expiry (end of commercial law (6 years) and tax law (10 years) retention obligation).
13.1. We collect data on the basis of our legitimate interests within the meaning of Art. 6 para. 1 lit. f. GDPR data about each access to the server on which this service is located (so-called server log files). The access data includes the name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address and the requesting provider.
13.2. Log file information is stored for security reasons (e.g. to clarify acts of abuse or fraud) for a maximum of seven days and then deleted. Data whose further retention is required for evidentiary purposes shall be exempt from deletion until the respective incident has been finally clarified.
14.1. We maintain online presences within social networks and platforms in order to be able to communicate with the customers, interested parties and users active there and to inform them about our services there. When calling up the respective networks and platforms, the terms and conditions and data processing policies of their respective operators apply.
15.2. Google is certified under the Privacy Shield agreement and thereby offers a guarantee of compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
15.3. Google will use this information on our behalf for the purpose of evaluating your use of our website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Thereby, pseudonymous usage profiles of the users can be created from the processed data.
15.4. We use Google Analytics to display the ads placed within Google’s advertising services and those of its partners only to users who have also shown an interest in our online offering or who have certain characteristics (e.g. interests in certain topics or products determined on the basis of the websites visited), which we transmit to Google (so-called “remarketing”, or “Google Analytics Audiences”). With the help of Remarketing Audiences, we also want to make sure that our ads match the potential interest of users and are not harassing.
15.5. We use Google Analytics only with IP anonymization enabled. This means that the IP address of the user is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there.
15.6. The IP address transmitted by the user’s browser is not merged with other data from Google. Users can prevent the storage of cookies by setting their browser software accordingly; users can also prevent the collection of the data generated by the cookie and related to their use of the online offer to Google as well as the processing of this data by Google by downloading and installing the browser plugin available under the following link: https://tools.google.com/dlpage/gaoptout?hl=de.
15.7. For more information about Google’s data use, settings and opt-out options, please visit Google’s websites: www.google.com/intl/de/policies/privacy/partners (“Data use by Google when you use our partners’ websites or apps”), policies.google.com/technologies/ads (“Data use for advertising purposes”), adssettings.google.com/authenticated (“Manage information Google uses to show you ads”).
16.1. We use the marketing and remarketing services (in short “Google Marketing Services”) of Google LLC, 1600 Amphitheatre Park, Mountain View, CA 9. GDPR) the marketing and remarketing services (in short “Google Marketing Services”) of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, (“Google”).
16.2. Google is certified under the Privacy Shield agreement and thereby offers a guarantee of compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
16.3. Google’s marketing services allow us to display advertisements for and on our website in a more targeted manner to present users only with ads that potentially match their interests. If, for example, a user is shown ads for products he or she was interested in on other websites, this is referred to as “remarketing”. For these purposes, when our website and other websites on which Google marketing services are active are called up, a code is executed directly by Google and so-called (re)marketing tags (invisible graphics or code, also referred to as “web beacons”) are integrated into the website. With their help, an individual cookie, i.e. a small file, is stored on the user’s device (comparable technologies can also be used instead of cookies). The cookies can be set by various domains, including google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com or googleadservices.com. This file records which web pages the user has visited, which content the user is interested in and which offers the user has clicked on, as well as technical information about the browser and operating system, referring web pages, time of visit and other information about the use of the online offer. The IP address of the user is also recorded, whereby we inform you within the scope of Google Analytics that the IP address is shortened within member states of the European Union or in other contracting states of the Agreement on the European Economic Area and only in exceptional cases is transferred in full to a Google server in the USA and shortened there. The IP address is not merged with user data within other Google offerings. The above information may also be combined by Google with such information from other sources. When the user subsequently visits other websites, they can be shown ads tailored to their interests.
16.4. User data is processed pseudonymously as part of Google’s marketing services. I.e. Google does not store and process e.g. the name or email address of the users, but processes the relevant data cookie-related within pseudonymous user profiles. I.e. from Google’s perspective, the ads are not managed and displayed for a specifically identified person, but for the cookie holder, regardless of who this cookie holder is. This does not apply if a user has expressly allowed Google to process the data without this pseudonymization. The information collected about users by Google marketing services is transmitted to Google and stored on Google’s servers in the USA.
16.5. The Google marketing services we use include the online advertising program “Google AdWords”. In the case of Google AdWords, each AdWords customer receives a different “Conversion-Cookie”. Cookies can therefore not be tracked through the websites of AdWords customers. The information obtained with the help of the cookie is used to create conversion statistics for AdWords customers who have opted for conversion tracking. AdWords customers learn the total number of users who clicked on their ad and were redirected to a page tagged with a conversion tracking tag. However, they do not receive any information with which users can be personally identified.
16.6. Likewise, we can use the service “Google Optimizer”. Google Optimizer allows us to track how various changes to a website (e.g. changes to input fields, design, etc.) as part of so-called “A/B testing”. Cookies are placed on users’ devices for these testing purposes. Only pseudonymous data of the users is processed.
16.7. Furthermore, we may use the “Google Tag Manager” to integrate and manage Google analytics and marketing services on our website.
16.9. If you wish to object to interest-based advertising by Google marketing services, you can use the settings and opt-out options provided by Google: adssettings.google.com/authenticated.
17.1. Within our online offer, the so-called “Facebook pixel” of the social network Facebook, which is operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or if you are a resident of the EU, Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”), is used due to our legitimate interests in the analysis, optimization and economic operation of our online offer and for these purposes.
17.2. Facebook is certified under the Privacy Shield agreement and thereby offers a guarantee of compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).
17.3. With the help of the Facebook pixel, it is possible for Facebook to determine the visitors of our online offer as a target group for the display of advertisements (so-called “Facebook ads”). Accordingly, we use the Facebook pixel to display Facebook ads placed by us only to Facebook users who have also shown an interest in our online offering or who have certain characteristics (e.g. interests in certain topics or products determined on the basis of the websites visited) that we transmit to Facebook (so-called “Custom Audiences”). With the help of the Facebook pixel, we also want to ensure that our Facebook ads correspond to the potential interest of the users and do not have a harassing effect. With the help of the Facebook pixel, we can also track the effectiveness of Facebook ads for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a Facebook ad (so-called “conversion”).
17.4. Furthermore, when using the Facebook Pixel, we use the additional function “extended matching” (in this case, data such as telephone numbers, e-mail addresses or Facebook IDs of the users) to create target groups (“Custom Audiences” or “Look Alike Audiences”) are transmitted to Facebook (encrypted). Further notes on the “extended adjustment https://www.facebook.com/business/help/611774685654668).
17.5. We also use the “Custom Audiences from File” procedure of the social network Facebook, Inc. In this case, the email addresses of the newsletter recipients are uploaded to Facebook. The upload process is encrypted. The upload is used solely to determine recipients of our Facebook ads. In this way, we want to ensure that the ads are only displayed to users who have an interest in our information and services.
17.6. The processing of the data by Facebook takes place within the framework of Facebook’s data usage policy. Accordingly, general guidance on the display of Facebook Ads, in Facebook’s Data Use Policy: www.facebook.com/policy.php. Specific information and details about the Facebook Pixel and how it works can be found in Facebook’s help section: https://www.facebook.com/business/help/651294705016616.
17.7. You can object to the collection by the Facebook pixel and use of your data to display Facebook ads. To set what types of ads are shown to you within Facebook, you can go to the page set up by Facebook and follow the instructions there about usage-based advertising settings: www.facebook.com/settings. The settings are platform-independent, i.e. they are applied to all devices, such as desktop computers or mobile devices.
17.8. To prevent the collection of your data using the Facebook pixel on our website, please click the following link: Facebook opt-out Note: If you click the link, an “opt-out” cookie will be stored on your device. If you delete the cookies in this browser, then you need to click the link again. Furthermore, the opt-out only applies within the browser you are using and only within our web domain where the link was clicked.
18.1. We use social plugins (“Plugins”) of the social network facebook.com, which is operated by Facebook Ireland Ltd. GDPR) social plugins (“plugins”) of the social network facebook.com, which is operated by Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”). The plugins can display interaction elements or content (e.g. videos, graphics or text contributions) and are recognizable by one of the Facebook logos (white “f” on blue tile, the terms “Like”, “Like” or a “thumbs up” sign) or are marked with the addition “Facebook Social Plugin”. The list and appearance of Facebook social plugins can be viewed here: https://developers.facebook.com/docs/plugins/.
18.2. Facebook is certified under the Privacy Shield agreement and thereby offers a guarantee of compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).
18.3. When a user calls up a function of this online offer that contains such a plugin, his or her device establishes a direct connection with the Facebook servers. The content of the plugin is transmitted by Facebook directly to the user’s device and integrated by the user into the online offer. In doing so, usage profiles of the users can be created from the processed data. We therefore have no influence on the scope of the data that Facebook collects with the help of this plugin and therefore inform users according to our level of knowledge.
18.4. By integrating the plugins, Facebook receives the information that a user has accessed the corresponding page of the online offer. If the user is logged into Facebook, Facebook can assign the visit to his Facebook account. When users interact with the plugins, for example by clicking the Like button or posting a comment, the corresponding information is transmitted from your device directly to Facebook and stored there. If a user is not a member of Facebook, it is still possible for Facebook to obtain and store his or her IP address. According to Facebook, only an anonymized IP address is stored in Germany.
18.6. If a user is a Facebook member and does not want Facebook to collect data about him or her via this online offering and link it to his or her membership data stored with Facebook, he or she must log out of Facebook and delete his or her cookies before using our online offering. Further settings and objections to the use of data for advertising purposes, are possible within the Facebook profile settings: www.facebook.com/settings or via the US site www.aboutads.info/choices/ or the EU site www.youronlinechoices.com. The settings are platform-independent, i.e. they are applied to all devices, such as desktop computers or mobile devices.
The following presentation provides an overview of third-party providers and their content, along with links to their data protection declarations, which contain further information on the processing of data and, in part already mentioned here, options for objection (so-called opt-out):
• If our customers use the payment services of third parties (e.g. PayPal or Sofortüberweisung), the terms and conditions and privacy notices of the respective third-party providers apply, which are available within the respective websites, or transaction applications.
• Use of Google Maps
For users who are residents of the Russian Federation, the following applies:
The above services of our online offer are not intended for citizens of the Russian Federation residing in Russia.
If you are a Russian citizen residing in Russia, you are hereby expressly informed that any personal information you provide to us through this Online Service is solely at your own risk and responsibility. You further agree that you will not hold us responsible for any failure to comply with any laws of the Russian Federation.