Privacy Policy
Last updated on: 08.09.2023
General information
How do we collect your data?
One way how your data will be collected is, when you communicate information to us. This may be e.g. when you enter data into a contact form. Other data can be recorded automatically through our IT systems when you visit our online offer or after you consent to the recording. This will be technical data (e.g. Internet browser, operating system or time call time). The collection of this data takes place automatically as soon as you enter this online offer because its part of the technical communication.Purpose of the data collection
In general we only collect personal data for the purpose of providing our online offer to you. Some of the data is collected to ensure error-free operation and provision of our online offer. Other data can be used to analyze your user behavior within our online offer to understand how you use our online offer. Your contact information may be used by us to send you marketing communications. You can request us to stop doing this anytime.Retention period
Unless a specific storage period is specified in this data protection declaration, your personal data will remain with us until the purpose for the data processing no longer applies. If you make a legitimate request for deletion or revoke your consent to data processing, your data will be deleted unless we have any other legally permissible reasons for storing your personal data (e.g. tax or commercial retention periods); in the latter case, the deletion takes place after these reasons no longer apply.
SSL- / TLS- Encryption
For security reasons and to protect the transfer of confidential content such as orders or requests that you send to us as a page operator this site uses SSL or TLS encryption. An encrypted connection can be identified in the address bar of the browser: the address will start with "https://" (instead of "http: //") and there will be lock icon next to the address bar line. If SSL or TLS encryption is enabled, the data you transmit to us can not be read from third parties during the transmission from the browser to the server.Minors
This online offer is not intended for individuals under the age of 16.
Controller
tenantguide GmbH
Kolonnenstraße 8
10827 Berlin, Germany
Phone number: +49 (0) 15678 911861
Email: hello@gettheflat.com
Your data protection rights
Access, erasure and correction
The right to access – You have the right to request us for copies of your personal data. The right to rectification – You have the right to request that we correct any information you believe is inaccurate. You also have the right to request us to complete the information you believe is incomplete. The right to erasure – You have the right to request that we erase your personal data, under certain conditions.Right to restriction of processing
You have the right to demand the restriction of processing of your personal data. For this you can contact us at any time. The right to restrict processing consists in the following cases: If you deny the correctness of your personal data stored with us, we usually need time to check this. For the duration of the exam, you have the right to demand the restriction of processing your personal data. If the processing of your personal data happens illegally, you can request the restriction of data processing instead of the deletion. If we no longer need your personal information, but you need it for exercise, defense or assertion of legal claims, you have the right to demand the restriction of the processing of your personal data instead of deletion. If you have filed an objection under Article 21 (1) GDPR, a balancing between yours and our interests must be made. As long as it is not yet established, whose interests predominate, you have the right to demand the restriction of the processing of your personal data. If you have restricted the processing of your personal data, this data - with the ecxeption of storage of the data - may only be processed with your consent, or it may be processed to assert, exercise or defend legal claims or to protect the rights of another natural or legal person or for reasons of important public interest of the European Union or a member state.The right to data portability
You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.Right to object
On grounds relating to your special situation, you have the right to object at any time to the processing of personal data concerning you which is based on Article 6(1) e or f GDPR; this also applies to profiling based on these provisions. The controller shall no longer process the your personal data unless the controller can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defense of legal claims. If the personal data concerning you is processed for the purposes of direct marketing, you have the right to object at any time to processing of the personal data concerning you for the purposes of such marketing; this also applies to profiling insofar as it is related to such direct marketing. If you object to processing for the purposes of direct marketing, the personal data concerning you will no longer be processed for these purposes.Right to revoke consent for data processing
Many data processing operations of on this website are only possible with your explicit consent. You have the right to revoke your consent at any time. The legality of the data processing carried out before the revocation remains unaffected by the revocation.Complain to a supervisory authority
In the case of violations of the GDPR, you have the right to complain to a supervisory authority, in particular in the member state that you are resient of, your place of work or the place of alleged violation. Your right to complain consists without prejudice to other administrative or judicial remedies.Data collection and usage
Server-log files
The service we use for the hosting of our online offer can automatically collect and save information that will be transmitted by your browser when you access our online offer. The following information is stored in server log files: URL of the visited page on our domain, date and time of access to the server, browser type, browser version, operating system used, referrer URL, IP address. The data is used only for evaluation of the IT system behavior and error analysis. There is no combination of this data with other data sources. Usually, this data is automatically deleted within 2-4 weeks.The legal basis for data processing is legitimate interest (Article 6 (1) lit. f GDPR) for the purpose of a technically proper, safe, fast and efficient provision of our online offer.
E-mail forms
If you send us your e-mail address or contact details by submitting an email input form in order to express interest in our offer or to get news regarding our online offer, the submitted information from the form will be stored for processing your request and for the case of connection questions. We do not share this data with third parties without your consent. The data you entered in the email form will be stored until you call us for deletion, revoke your consent to the storage or the purpose for data storage is eliminated (eg, After completing your request. Mandatory statutory provisions - especially retention periods - remain unaffected.The legal basis for processing of this data can be found in article 6 (1) lit. b GDPR, provided that its request is related to the fulfillment of a contract or is required to carry out pre-contractual measures. In all other cases, processing is based on our legitimate interest in the effective processing of the requests directed to us (Article 6 (1) lit. f GDPR) or on its consent (Article 6 (1) lit. a GDPR) if a consent was queried.
Inquiry by e-mail, telephone or fax
If you contact us by e-mail, telephone or fax, your request will be stored and processed with all the personal data (name, inquiry) for the purpose pf processing any communication between you and us. We do not share this data with third parties without your consent. The data related to your inquiry will be stored until you call us for deletion, revoke your consent to the storage or the purpose for data storage is eliminated (eg, After completing your request. Mandatory statutory provisions - especially retention periods - remain unaffected.The legal basis for processing of this data can be found in article 6 (1) lit. b GDPR, provided that its request is related to the fulfillment of a contract or is required to carry out pre-contractual measures. In all other cases, processing is based on our legitimate interest in the effective processing of the requests directed to us (Article 6 (1) lit. f GDPR) or on its consent (Article 6 (1) lit. a GDPR) if a consent was queried.
Marketing communications
We may use your contact information to send you information about our services, products, offers and events that we consider to be of interest for you. This information relates solely to our own products and services and we will not share your information with third parties for marketing purposes. You can object to receiving marketing communications at any time. You can address your objection to the responsible party mentioned within this document, e.g. by email. You will not incur any costs for this other than the transmission costs according to the basis tariffs.The legal basis for data processing is legitimate interest (Article 6 (1) lit. f GDPR) for the purpose of growing our business, and § 7 Abs. 3 UWG (Act against Unfair Competition).
Cloud services and hosting
Amazon Web Services (AWS)
This online offer uses Amazon Web Services (AWS). Amazon Web Services (AWS) is a service of Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, 1855 Luxembourg.
We use this service for the following purpose: Web hosting- and service provider.
This service can automatically collect and save information that will be transmitted by your browser when accessing our online offer. These might include information such as: URL of the visited page on our domain, date and time of access to the server, browser type, browser version, operating system used, referrer URL, IP address. Such data is used for the evaluation of the system behavior, error analysis, and prevention of malicious activities. There is no combination of this data with other data sources. Such data will be deleted when it is no longer required for technical purposes, usually within 2-4 weeks. Our services use AWS servers located in Germany. We use these servers for hosting our web services and providing the functionality of the web services. We do not store your data on those servers. AWS will not process data outside of the AWS regions of our servers unless it is necessary for the purpose of providing AWS services that we initiated, or as necessary to comply with the law or a binding order of a governmental body. We do not initiate AWS services that require data processing outside of the AWS regions of our servers. If for any reason there will be a transfer of personal data to the parent company of AWS in the United States, the transfer will take place in accordance with the rules of the EU’s standard contractual clauses. The legal basis for data processing is legitimate interest (Article 6 (1) lit. f GDPR) for the purpose of a technically proper, safe, fast and efficient provision of our online offer.
Further information regarding data processing by Amazon Web Services EMEA SARL can be found under the following links. Website: https://aws.amazon.com/; Data Processing Addendum: https://aws.amazon.com/de/blogs/security/aws-gdpr-data-processing-addendum/. Privacy Policy: https://aws.amazon.com/privacy/;
MongoDB Atlas
This online offer uses MongoDB Atlas. MongoDB Atlas is a service of MongoDB, Inc., 3 Shelbourne Building, Crampton Avenue Ballsbridge, Dublin 4, Irland.
We use this service for the following purpose: Central database for data storage.
We store the following personal data in this service: Contact form input (name, phone number, email address), email form input (email address). The data is stored on servers in Germany. The server location for stored data is Germany. We concluded a so called "Data-Processing-Agreement" with MongoDB. Thereby MongoDB assures that they protect the data of our customers, they do not pass them on to third parties, and that in case of a transfer of personal data to the United States by subcontractors or affiliated companies they work in accordance with the rules of standard contract clauses acc. Art. 46 GDPR. The legal basis for data processing is legitimate interest (Article 6 (1) lit. f GDPR) for the purpose of a technically proper, safe, fast and efficient provision of our online offer.
Further information regarding data processing by MongoDB, Inc. can be found under the following links. Website: https://www.mongodb.com/; Privacy Policy: https://www.mongodb.com/legal/privacy-policy; Privacy Shield (ensuring data protection level when processing data in the USA): https://www.privacyshield.gov/participant?id=a2zt0000000TOLrAAO;
BugSnag
This online offer uses BugSnag. BugSnag is a service of SmartBear Software Inc., 100 Cummings Ctr Ste 234N, Beverly, Massachusetts, 01915, United States.
We use this service for the following purpose: Site reliability, crash reporting, error debugging.
In case of errors in our services, information about the error and the device on which the error occured, such as the IP address, browser type, operating System, screen Resolution might be transfered to their servers. This information can be used exclusively by our developers to analyse the error. BugSnag collects, processes, stores, and uses personal data of EU data subjects in compliance with the requirements of the EU General Data Protection Regulation (EU GDPR). BugSnag only transfer EU personal data outside of the EU with the permission of their customers, typically to the United States. When BugSnag transfers EU personal data outside the EU, they only use a transfer mechanism permitted under the GDPR such as the Standard Contract Clauses. The legal basis for data processing is legitimate interest (Article 6 (1) lit. f GDPR) for the purpose of a technically proper, safe, fast and efficient provision of our online offer.
Further information regarding data processing by SmartBear Software Inc. can be found under the following links. Website: https://www.bugsnag.com; BugSnag Security & GDPR Compliance: https://www.bugsnag.com/product/security; Privacy Policy: https://smartbear.com/privacy/;
Communication
MailerSend
This online offer uses MailerSend. MailerSend is a service of MailerSend, Inc., 228 Park Ave S, PMB 54955, New York, New York 10003-1502, US.
We use this service for the following purpose: Email sending for transactional emails, for example password reset emails or service notification emails.
We only transfer data to this service that is necessary in order to send a message to you. In order to send a message to you, we pass on your e-mail address to the provider as well the content of the message which can contain your name. We concluded a so called "Data Processing Addendum" with MailerSend. More information: https://www.mailersend.com/legal/data-processing-addendum. The legal basis for data processing is legitimate interest (Article 6 (1) lit. f GDPR) for the purpose of a technically proper, safe, fast and efficient provision of our online offer.
Further information regarding data processing by MailerSend, Inc. can be found under the following links. Website: https://www.mailersend.com. Privacy Policy: https://www.mailersend.com/legal/privacy-policy;
MailerLite
This online offer uses MailerLite. MailerLite is a service of MailerLite Limited, Ground Floor, 71 Lower Baggot Street, Dublin 2, D02 P593, Ireland.
We use this service for the following purpose: Email sending for news about our products, for example to inform you about upcoming features.
This service helps us to ensure a technical secure delivery of emails. It also helps us to group our communication towards you into categories, which enables you to control what categories of information you like to receive from us. We only transfer data to this service that is necessary in order to send a message to you. In order to send a message to you, we pass on your e-mail address to the provider. In some cases we pass on your name as part of the content of the email (to personally address you by name in our email to you). We concluded a so called "Data Processing Addendum" with MailerLite. The data storage location of MailerLite is in the European Union and the data center has an information storage security certificate (ISO 27001) which ensures a high standard of security for the storage of their customer data. More information: https://www.mailerlite.com/legal/data-processing-agreement. MailerLite never shares the personal data that we transfer to them with third parties. MailerLite states that it reserves the right to monitor which email addresses we provide to MailerLite to ensure that there are no violations of MailerLite's Terms of Service. When you open an email, a so called web beacon is included in the email. It connects to MailerLite’s servers. Through the web beacon the can detect if an email has been opened by you and if you clicked on links. In addition, technical information can be is collected (e.g. time of retrieval, IP address, browser type, and operating system). This data is not connected with a specific recipient. The data is collected for the purpose of statistical analysis (email open rate). The use of the web beacon is based on Art. 6 (1) lit. f GDPR. We have a legitimate interest in analyzing the email to ensure that the delivery is successful and to optimize the content. There are cases in which you are directed to a website of this provider. For example, if you follow the unsubscribe link inside an email that we have send through this provider, a website of this provider will open in your browser. To open the website, your browser establishes a connection to the servers of the provider, which is technically necessary to display the unsubscribe page to you. Due to connection, the provider might automatically collect and save information that is transmitted by your browser, for example your IP address. Furthermore, it is possible that during such a website visit cookies may be used on the provider's websites and personal data may be processed by the provider itself, its partners and service providers used for various purposes, for example for improving its service. We have no influence on this data collection. More information about the data that might be collected is stated in the privacy policy of the provider. This provider acts under a contract as an data processor for us. In accordance with GDPR, the provider has contractually committed himself to comply with data protection regulations.
Further information regarding data processing by MailerLite Limited can be found under the following links. Website: https://www.mailerlite.com/. Privacy Policy: https://www.mailerlite.com/legal/privacy-policy;
Registration and login
Registration with email and password
When you register in our services with email and password, the registration process is handled directly through or own services.
Google Firebase
This online offer uses Google Firebase. Google Firebase is a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland; Parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
We use this service for the following purpose: Registration and login.
Instead of registering/authenticating directly in our services, you can also register/authenticate through this third-party service. If you choose to use this third-party service to do so, you will be redirected to a login page of that service. Logging in with this service will link your profile of the service with our services and allow us to access some data. The data includes your first name, last name, e-mail address, profile image. If you choose to register/authenticate via this service, this service can automatically collect and save information. A precise description can be found in the linked privacy policy of the service. The legal basis for data processing is legitimate interest (Article 6 (1) lit. f GDPR) for the purpose of a technically proper, safe, fast and efficient provision of our online offer.
Further information regarding data processing by Google Ireland Limited can be found under the following links. Website Firebase: https://firebase.google.com/; Website Google: https://cloud.google.com/; Standardvertragsklauseln (Gewährleistung Datenschutzniveau bei Verarbeitung im Drittland): https://cloud.google.com/terms/data-processing-terms; Zusätzliche Hinweise zum Datenschutz: https://cloud.google.com/terms/data-processing-terms. Privacy Policy: https://cloud.google.com/, https://www.google.com/policies/privacy, Sicherheitshinweise: https://cloud.google.com/security/privacy; Privacy Shield (ensuring data protection level when processing data in the USA): https://www.privacyshield.gov/participant?id=a2zt0000000000001L5AAI;
Payment handling
Stripe
This online offer uses Stripe. Stripe is a service of Stripe, Inc..
We use this service for the following purpose: Handling payment.
This service can automatically collect and save information when you use it through our website. A precise description can be found in the linked privacy policy of the service. The legal basis for data processing is legitimate interest (Article 6 (1) lit. f GDPR) for the purpose of a technically proper, safe, fast and efficient provision of our online offer.
Further information regarding data processing by Stripe, Inc. can be found under the following links. Website: https://stripe.com/. Privacy Policy: https://stripe.com/de/privacy;