General notes and mandatory information
Who is responsible for data collection?
The Bürgermeister-Reuter-Stiftung https://www.brst.de/impressum/ as website operator is responsible for the data collection based on your visit to this website.
How do we collect your data?
On the one hand, your data is automatically collected by the IT systems used when you visit the website. This is mainly technical data (e.g. internet browser, operating system or time of page view). This data is collected automatically as soon as you enter our website. Other data is collected when you provide it to us. This can be, for example, data that you enter in a contact form.
What do we use your data for?
Part of the data is collected to ensure error-free provision of the website. We explain further details in the following sections.
This site uses TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or enquiries that you send to us as the site operator. You can recognise an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line. If TLS encryption is activated, the data you transmit to us cannot be read by third parties.”
Your contact to our data protection officer
We have appointed the company mb-Datenschutz GmbH https://mb-datenschutz.de/ as data protection officer.
Please direct any queries regarding data protection to the e-mail address .
(For all other inquiries please use the following e-mail address: ).
Data collection on our website
Our website uses so-called cookies. These serve to make our offer more user-friendly, effective and secure. Cookies are text files that are stored in the browser on your terminal device.
Cookies do not cause any damage to your computer and do not contain viruses. A distinction is made between so-called “session cookies” and “persistent cookies”. The former are automatically deleted at the end of your visit. Other cookies remain stored on your terminal device until they expire or are deleted. These cookies make it possible to recognise your browser on your next visit and to apply the settings you have previously made for you. You can set your browser so that you are informed about the setting of cookies and only allow them in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If you deactivate cookies, the functionality of this website may be limited.
Session cookies, which are required to carry out the electronic communication process, are stored on the basis of Art. 6 (1) lit. f DSGVO. The website operator has a legitimate interest in storing cookies for the technically error-free and optimized provision of its services. Insofar as other cookies (e.g. for the analysis of your surfing behaviour) are stored, these are treated separately in this data protection declaration.
Server log files
The provider of our website automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. The data in the log files include:
- the referrer URL (the website you came from),
- the browser type, browser version and language,
- the operating system used and its interface,
- the IP address (anonymized),
- the time of the server request,
- the http status code – access status,
- the amount of data transferred,
The storage period is 7 days. This data is not merged with other data sources.
Art. 6 (1) lit. f DSGVO is the legal basis for data processing, which permits the processing of data for the optimal presentation and security of the website based on our legitimate interest.
Visitor interaction with the website
If you send us your reservation request, your details from the enquiry form, including the contact details you provide there, will be stored by us for the purpose of processing the enquiry and in the event of follow-up questions. We do not pass on this data to third parties without your consent.
The processing of the data entered in the enquiry form is generally carried out on the legal basis of Art. 6 Para. 1 lit. b DSGVO (contract initiation or implementation). Your data will remain with us until you request us to delete it or the purpose for storing the data no longer applies (e.g. after processing your enquiry has been completed). If we have to comply with legal retention periods, we delete them after their expiry.
Comment function on this website
For the comment function on this site, in addition to your comment, information on the time of the creation of the comment, your e-mail address and, if you do not post anonymously, the username you have chosen will be stored.
The storage of comments is based on your consent (Art. 6 para. 1 lit. a DSGVO), which you can revoke at any time. For this purpose, an informal communication by e-mail to us is sufficient. The legality of the data processing operations carried out until then remains unaffected by the revocation.
Our comment function stores the IP addresses of users who post comments until the commented content has been completely deleted or the comments have to be deleted for legal reasons (e.g. offensive comments). We need this data to be able to take action against the author in the event of legal violations. The legal basis is our legitimate interest (Art. 6 para. 1 lit. f DSGVO). Independently of this, we check the comments on our site before activating them. If we are requested by investigating authorities to hand over data due to infringing comments, this is done on the legal basis of the legal obligation to hand over data (Art. 6 para. lit. c DSGVO).
Company pages in social media
The goals of our Facebook page are
- direct contact with our online visitors with the aim of customer acquisition and retention and the associated offer of contemporary communication channels,
- references to our contributions and offers,
- statistical analyses for our own market research purposes.
According to Art. 6 (1) f DSGVO, the use of this social media channel is in our legitimate interest. Nevertheless, it is important to us to inform you transparently here as far as possible about the data protection-relevant matters for which we bear active joint responsibility.
The data collected about you in this context is processed by Facebook Ltd. and may be transferred to countries outside the European Union. Facebook describes in general terms what information it receives and how it is used in its data use policy.
What rights do you have under the EU-DSGVO?
The EU Data Protection Regulation aims to ensure that you, as the data subject, have the greatest possible control over your personal data. All data that can be directly or indirectly related to you as a person is considered personal data. In order for you to effectively exercise control over your data, you have the following rights vis-à-vis us:
- the right to information according to Art. 15 EU-DSGVO,
- the right to rectification according to Art. 16 EU-DSGVO,
- the right to deletion according to Art. 17 EU-DSGVO,
- the right to restriction of processing pursuant to Art. 18 EU-DSGVO and
- the right of objection from Art. 21 EU-DSGVO as well as
- the right to lodge a complaint with a supervisory authority pursuant to Art. 77 EU-DSGVO if you believe that we are processing your data unlawfully. You can find the supervisory authority responsible for our company here: https://www.bfdi.bund.de/DE/Home/home_node.html
The right to data portability according to Art. 20 would only be relevant when visiting our website if you had the possibility to create a profile (e.g. applicant profile, member profile or similar) or to enter corresponding information about yourself.
Data protection information on the collection of personal data when initiating and processing rental agreements
Dear tenant, dear prospective tenant,
in the course of the EU General Data Protection Regulation (EU-DSGVO), information obligations are imposed on us as the controller of personal data. According to Art. 13 and Art. 14 EU Data Protection Regulation, we therefore inform you about the following points:
The responsible body of this processing is
Phone: +49 30 491022-0
On our homepage www.brst.de you will find further information about our company in the imprint, details of the persons authorised to represent us and also further contact options.
Contact person / data protection officer
The company mb-Datenschutz GmbH is the data protection officer.
Legal bases and purposes for the processing of your data:
- The EU-DSGVO Art. 6 (1) a) allows us to process your data based on your consent for certain purposes, e.g. subscribing to our newsletter.
- The EU-DSGVO Art. 6 (1) b) covers data processing, which is necessary for the fulfilment of a contract (rental contract) as well as for pre-contractual measures.
- The EU-DSGVO Art. 6 (1) c) allows us to process your data on the basis of a legal obligation, e.g. due to retention obligations under financial and tax law.
- Art. 6 (1) f) EU-DSGVO allows us to process your personal data if we or a third party have legitimate interests in this processing and your interests, fundamental rights or freedoms do not conflict with this, e.g. for:
o internal evaluations and marketing analyses,
o the avoidance of injury and/or liability to the company by taking appropriate measures,
o the assertion, exercise or defence of legal claims
o the video surveillance for exercising our house right.
Duration of data storage:
General storage period:
After the purpose of the data processing has ceased and the legal retention periods have expired, your personal data will be deleted. As a rule, there are 6- or 10-year retention obligations for companies.
Special storage period:
– for video recording 72 hours
If the storage is based on your consent, we will delete your personal data if you revoke your consent.
Recipients of your personal data:
In our company, only those employees who need to access your personal data in order to perform their duties are granted access to the extent necessary.
Employed service providers may receive your data to fulfil the purposes described if they comply with the confidentiality requirements under data protection law. These can be, for example, companies in the categories: IT services, printing and shipping services, market research companies, call centers, logistics companies, companies that perform data destruction for us. These service providers are so-called AV service providers (order processors), which are contractually specifically obliged according to legal requirements.
If, in our opinion, a credit check appears to be necessary prior to the conclusion of the rental agreement, data will be transmitted to corresponding credit agencies in Germany.
If you have given us a SEPA mandate for the collection of your rent, our house bank will receive your data for the execution of the direct debit collection from your account.
Your data will be passed on to public authorities if there is a legal obligation to do so.
Your data will only be passed on to recipients outside the EU/EEA if this is necessary for communication with you (your provider’s registered office is outside the European Union) or if you have given us the name of a bank outside the EU/EEA for the repayment of your deposit.
Data we receive about you from others:
If a credit check is carried out before the start of the contract, we will receive data about you from the relevant credit agency.
If you have booked your apartment via an online portal, we will receive personal data from this portal.
Your privacy rights:
- the right to information according to Article 15 EU-DSGVO,
- the right of rectification in accordance with Article 16 EU GDPR,
- the right to deletion according to Article 17 EU-DSGVO,
- the right to restriction of processing pursuant to Article 18 EU-DSGVO as well as
- the right to object under Article 21 EU GDPR.
In addition, you have a right of appeal to a data protection supervisory authority in accordance with Article 77 EU-DSGVO.