Data protection - Maxtormauer Student Apartments

Data protection

1. Data protection at a glance

General remarks
The following statements provide a simple overview of what happens to your data when you visit our website. Personal data refers to any data that enables you to be identified personally. For comprehensive information on the subject of data protection, please see privacy policy below this text.

Data collection on our website

Who is responsible for data collection on this website?
Data processing on this website is performed by:

Grasruck Projekt GmbH & Co. KG
Mühlstraße 3
92318 Neumarkt, Germany
Phone: +49 (0) 91 81/47 57-0
E-mail: info@grasruck.de

How do we collect your data?
One way we collect your data is when you provide it to us. This may include data for example that you enter into a contact form.  Other data is automatically collected by our IT systems when you visit the website. This mainly comprises technical data (e.g. Internet browser, operating system, or time of page access). This data is collected automatically as soon as you access our website.

What do we use your data for?
Some of the data is collected to enable smooth operation of the website. Other data may be used to analyze your browsing behavior.

What rights do you have in respect of your data?
You have the right to obtain information about the source, recipients, and purpose of your stored personal data at any time and free of charge. You also have a right to demand the rectification, blocking, or deletion of this data. If you require further information about this and any other questions regarding data protection, you can contact us at the address specified in the legal notice at any time. Additionally, you have a right to lodge a complaint with the competent supervisory authority. You also have the right to request the restriction of the processing of your personal data under certain circumstances. For details, see the “Right to restriction of processing” section of the privacy policy.

Analysis tools and third-party tools
 When you visit our website, your browsing behavior may be statistically analyzed. This is mainly done by using cookies and analysis programs. Your browsing behavior is usually analyzed anonymously; the browsing behavior cannot be traced back to you. You may object to this analysis or prevent it through the non-use of certain tools. More detailed information can be found in the privacy policy set out below. You may object to this analysis. We will notify you of your options for raising an objection in this privacy policy.

2. General remarks and mandatory information

Data protection
 We take the protection of your personal data very seriously and treat your personal data confidentially and in accordance with the statutory data protection provisions and this privacy policy. Various items of personal data are collected when you visit this website. Personal data refers to data that enables you to be identified personally. This privacy policy explains which data we collect and what we use it for. It also explains how and for what purpose we do so.

Please note that data transfer on the Internet (e.g. communication via e-mail) may entail security loopholes. Seamless protection of data against access by third parties is not possible.

Note on the data controller
 The controller for data processing on this website is:

Grasruck Projekt GmbH & Co. KG
Mühlstraße 3
92318 Neumarkt, Germany
Phone: +49 (0) 91 81/47 57-0
E-mail: info@grasruck.de

The data controller is the natural or legal person who, alone or in conjunction with others, decides on the purposes and methods of processing personal data (e.g. names, e-mail addresses etc.).

Revocation of your consent to data processing
Many data processing actions are only possible with your express consent. You may revoke any consent you have previously granted. An informal notification by e-mail is sufficient for us for this purpose. This has no bearing on the lawfulness of any data processing performed up to the point of revocation.

Right to object to data processing in special cases and to direct advertising (Art. 21 GDPR)
If the data processing is being performed on the basis of Art. 6 (1) (e) or (f) GDPR, you have the right to raise an objection at any time to the processing of your personal data on grounds relating to your specific situation; this also applies to any profiling based on these provisions. The specific legal basis on which a specific act of processing is based can be found in this privacy policy. If you raise an objection, we will no longer process your personal data in question unless we can demonstrate compelling, legitimate grounds for the processing that override your interests, rights, and freedoms or the processing is performed for the establishment, exercise, or defense of legal claims (objection under Art. 21 (1) GDPR).

If your personal data is processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing. If you raise an objection, your personal data will then no longer be used for the purpose of direct marketing (objection under Art. 21 (2) GDPR).

Right to lodge a complaint with the competent supervisory authority
In the event of breaches of GDPR, data subjects have a right to lodge a complaint with a supervisory authority, in particular in the member state of their habitual residence, place of work, or of the alleged infringement. The right to lodge a complaint applies irrespective of any other administrative or judicial remedies.

Right to data portability
You have the right to receive data that we process automatically on the basis of your consent or in performance of a contract in a commonly used and machine-readable format and to transmit such data to a third party. If you request the direct transmission to another controller, this shall only be done to the extent that is technically feasible.

SSL or TLS encryption
This page uses SSL or TLS encryption for security reasons and to protect the transmission of confidential information, such as orders or inquiries that you send to us as the operator of the website. You can identify an encrypted connection in that the browser address bar changes from “http://” to “https://” and a padlock icon is displayed in your browser bar. When the SSL or TLS encryption is activated, the data that you send to us cannot be intercepted by third parties.

Information, blocking, erasure, and rectification
Under the applicable statutory provisions, you have the right to be provided at any time and free of charge with information about stored personal data relating to you, its source, recipients, purpose of the data processing, and where relevant a right to rectification, blocking, or erasure of this data. If you require further information about this and any other questions regarding personal data, you can contact us at the address specified in the legal notice at any time.

Right to restriction of processing
You also have the right to request the restriction of the processing of your personal data. To do so, you can contact us at the address specified in the legal notice at any time. The right to the restriction of processing applies in the following cases:

If you contest the accuracy of your personal data stored by us, we usually need time to verify this. You have the right to request the restriction of the processing of your personal data for the duration of the verification procedure.
If your data was/is being processed unlawfully, you can request a restriction of processing instead of erasure.
If we no longer need your personal data, but you require it for the establishment, exercise, or defense of legal claims, you have the right to request the restriction of the processing of your personal data instead of its erasure.
If you have raised an objection under Art. 21 (1) GDPR, your interests need to be balanced against ours. You have the right to request the restriction of the processing of your personal data until it is established whose interests prevail.
If you have restricted the processing of your personal data, this data may only be processed – with the exception of its storage – with your consent or for the establishment, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or of a member state.

3. Data collection on our website

Cookies
In some cases, the web pages use what are known as cookies. Cookies do not cause any damage on your computer and do not contain any viruses. The purpose of cookies is to make our website more user-friendly, effective, and secure. Cookies are small text files that are placed on your computer and stored by your browser. Most of the cookies we use are what are known as “session cookies”. They are automatically deleted at the end of your visit. Other cookies remain stored on your end device until you delete them. These cookies enable us to recognize your browser on your next visit.

You can configure your browser to notify you when cookies are set so you can accept cookies only in individual cases, exclude the acceptance of cookies in specific cases or generally, and also activate the automatic deletion of cookies when your browser is closed. Deactivating cookies may limit the functionality of this website.

Cookies that are necessary to carry out electronic communication processes or to provide specific functions required by you (e.g. shopping cart function) are stored on the basis of Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in storing the cookies to ensure that its services can be provided in a technically flawless and optimized manner. Any other cookies (e.g. cookies for analyzing your browsing behavior) that are stored are dealt with separately in this privacy policy.

Server log files
The website provider automatically collects and stores information in what are known as server log files that your browser automatically transfers to us. These are:

Browser type and browser version
Operating system used
Referrer URL
Host name of the computer making the access
Time of the server request
IP address

This data is not merged with other data sources. The data is collected on the basis of Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in the technically flawless presentation and optimization of its website, which requires server log files to be recorded.

Contact form
If you use a contact form to send us queries, we store your information in the query form, including the contact details provided there for the purpose of dealing with the query and in case of any follow-on questions. We will not forward this data without your consent. The data entered into the contact form is thus processed exclusively on the basis of your consent (Art. 6 (1) (a) GDPR). You may revoke this consent at any time. An informal notification by e-mail is sufficient for us. This has no bearing on the lawfulness of any data processing performed up to the point of revocation.

We retain the data you enter into a contact form until you ask us to delete it, you withdraw your consent to the data being stored, or the purpose for storing the data ceases to apply (e.g. once your query has been conclusively dealt with). This has no bearing on cogent statutory provisions, in particular retention periods.

Processing data (personal and contractual data)
We only collect, process, and use personal data to the extent that this is necessary for establishing, structuring, or modifying the legal relationship (inventory data). This is done on the basis of Art. 6 (1) (b) GDPR, which permits data processing for the performance of a contract or precontractual measures. We only collect, process, and use personal data about the use of our website (usage data) to the necessary extent to enable the user to use the service or to charge users for such use. The collected personal data will be deleted on completion of the order or termination of the business relationship. This is without prejudice to statutory retention periods.