Controller

Controller according to the General Data Protection Regulation (GDPR) and other national data privacy laws of member states, as well as other data privacy regulations is

Studentkompanie Betriebs-GmbH

Rheinstrasse 4c

55116 Mainz

You can contact our data protection officer at dsb@clarius.legal.

General Information on Data Privacy

Categorically, we collect and use our users‘ personal data only as far as it is necessary to operate a functional website as well as to provide our contents and services. The collection and use of personal data are carried out periodically only after obtaining the user’s consent. There is an exception to this in such cases where obtaining consent ahead of time is not possible for practical reasons and the processing of data is permitted per legal provisions.

Where we obtain the data subject’s consent for processing operations for personal data, Article 6(1) lit. a of the EU General Data Protection Regulation (GDPR) serves as legal basis for the processing of personal data. When processing personal data as part of fulfilling a contract of which the data subject is a contracting party, Article 6(1) lit. b GDPR serves as legal basis. This also applies to processing operations essential to the implementation of precontractual measures. Where the processing of personal data is necessary for compliance with a legal obligation which our business is subject to, Article 6(1) lit. c GDPR serves as legal basis.

If the processing is necessary to the preservation of a legitimate interest held by our business or a third party and the data subject’s interests, constitutional rights and fundamental freedoms do not outweigh this, Article 6(1) lit. f GDPR serves as legal basis for the processing.

The data subject’s personal data will be deleted or made unavailable as soon as they are no longer necessary for fulfilling the purpose of their collection. The recording of data can also occur when it is provided for by European or national legislature in Union law regulations, laws, or other provisions which the data subject is subject to (e.g. in accordance with German Tax Code in certain cases for up to 10 years). Data blocking or deletion will also occur if a storage period required by the mentioned standards expires unless there is a necessity for the continued storage of the data for the conclusion or the fulfilment of a contract.

Operating the Website

With every visit to our website, our system will automatically collect data and information from the visiting computer’s operating system.

The following data will be collected:

• Information about the type and version number of the used browser
• The user’s operating system
• The user’s internet service provider
• The user’s IP address
• Date and time of the visit
• Websites from which the user’s system enters our website
• Websites to which the user’s system exits our website

Article 6(1) lit. f GDPR serves as legal basis for the temporary storage of data. Temporarily storing the IP address is necessary to ensure the website is delivered to the user’s computer. Therefore, the user’s IP address needs to be stored for the duration of the session. The data is deleted as soon as it no longer needed to achieve the purpose of its storage. In the case of the data recorded for the delivery of the website, this will occur when the respective session has ended.

Cookies

Our website uses cookies. Cookies are text files that are saved in the internet browser or by the internet browser in the user’s operating system. When a user visits a website, the cookie can be saved in the user’s operating system. This cookie contains a distinctive character sequence which enables an exact identification of the browser on re-visiting the website.

We use session cookies to make our website more user-friendly. Some elements of our website require for the visiting browser to also be identifiable after changing pages (e.g. for saving a user’s language settings).

Article 6(1) lit. f GDPR serves as legal basis for the processing of personal data by using cookies. The purpose of using technically necessary cookies is to simplify the use of websites for the user. Some functions of our website cannot be operated without the use of cookies. For those, it is necessary for the browser to also be identifiable after changing pages. User data recorded by technically necessary cookies is not used to set up user profiles.

Cookies are stored on the user’s computer and transmitted from there to our website. Therefore, you as a user have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing your internet browser’s settings. Previously saved cookies can be deleted at any time. This can also be automated. If cookies are deactivated for our website, not all functions may be fully operational.

Third Party-Cookies

In addition, the website uses the third-party cookies described below. These are cookies from other businesses that we have allowed to be used on our website to improve the usability of our services. When accessing the website, the user will be informed about the cookies’ use for analytics purposes, among other things, and their consent to the processing of the personal data used in this context will be obtained.

Here you can find the whole list of cookies we are using: https://www.the-urbanclub.com/cookie-policy-eu/

“Book now” function

On our website we offer you the option to apply for our apartments via a “Book Now” contact form. For this purpose, we use the service provider REOS GmbH, Amsinckstraße 28, 20097 Hamburg, Germany, website: https://www.reos-software.com/ (in the following: “REOS”). This makes it easier for you to contact us in order to conclude a contract. If the “Book Now” contact form is used, the following data will be transmitted to us and stored:

• Name (required field)
• Email address (required field)
• All information you enter into the “message” field

Additionally:

• The user’s complete IP address
• Date and time of the message

The processing of the personal data from the contact form serves us only to process the contact. For this purpose, the data will be transmitted to REOS and processed there.

REOS needs the personal data to prepare the initial housing application, so that it can then be evaluated by the landlord. A copy of the identity card and other personal documents are automatically deleted by the system as soon as the rental agreement is signed by both parties and is therefore binding. All other information that is important for the contact is of course stored in the system, such as the email address. When a tenant moves out, this information is also removed after a short retention period.

The complete REOS privacy policy can be found at: https://www.reos-software.com/en/74/data-protection.

The legal basis for the use of the “Book now” contact form and the associated data processing is Art. 6(1) lit. b GDPR. The processing of personal data from the contact form serves us solely to process your request. The other personal data processed during the sending process serves to prevent misuse of the form and to ensure the security of our information technology systems.

The data will be deleted as soon as they are no longer necessary for the purpose for which they were collected.

We have concluded a contract for data processing with REOS. This is a data protection contract which guarantees that REOS processes the personal data of our website users only in accordance with our instructions and in compliance with the DSGVO.

Service Contact Forms and Email Communications

You can fill out a contact form on our website. We use such contact forms in order to simplify communications. If a user chooses this option, the following data is transmitted to us and stored:

• Name (required field)
• Email address (required field)
• All information you enter into the “message” field

Additionally:

• The user’s complete IP address
• Date and time of the message

Alternatively, you can contact us at the provided email address. In that case the user’s personal data transmitted via the email will be stored. In this context, no data will be disclosed to third parties. The data will be exclusively used for processing the conversation.

Article 6(1) lit. f GDPR serves as legal basis for the processing of data which has been transmitted as part of an email. If the email communications aim for the signing of a contract, Article 6(1) lit. b GDPR serves as additional legal basis for the processing.

The processing of personal data from the input screen is solely used to facilitate communications. In the case of email communications, this also includes the necessary legitimate interest in the processing of data. Any other personal data processed during the submission process is used to prevent misuse of the contact form and to ensure the security of our information technology systems.

The data will be deleted as soon as they are no longer necessary for fulfilling the purpose of their collection.

Rights of Data Subjects

If your personal data is being processed, you are the data subject in accordance with the GDPR and you have the following rights against the controller:

• You are entitled to information from the controller on whether any personal data concerning you is being processed by us.
• You have a right to rectification, completion, restriction, and erasure of your personal data against the controller.
• You have a right to receive the personal data concerning you, which you have provided to the controller, in a structured, commonly used, and machine-readable format (right to data portability).
• You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based Article 6(1) lit. e or lit. f GDPR.
• You have the right to withdraw your consent at any time with regards to Article 7(3) GDPR.
• Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work or the place of the alleged infringement if you consider the processing of personal data relating to you infringes the GDPR.

If you want to assert any of your rights, you can contact us at dsb@clarius.legal or via the contact persons stated in the legal notice.

What are Google Fonts?

We use Google Fonts on our website. These are the “Google fonts” from Google Inc. The company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services in Europe.

You do not need to register or enter a password to use Google fonts. Furthermore, no cookies are stored in your browser. The files (CSS, typefaces/fonts) are requested via the Google domains fonts.googleapis.com and fonts.gstatic.com. According to Google, requests for CSS and fonts are completely separate from all other Google services. If you have a Google account, you don’t have to worry about your Google account data being transmitted to Google while using Google Fonts. Google records the use of CSS (Cascading Style Sheets) and the fonts used and stores this data securely. How the data storage looks exactly, we will look at in detail.

Google Fonts (formerly Google Web Fonts) is a directory of over 800 fonts that Google makes available to its users free of charge.

Many of these fonts are released under the SIL Open Font License, while others are released under the Apache License. Both are free software licenses.

Why do we use Google Fonts on our website?

With Google Fonts we can use fonts on our own website and do not have to upload them to our own server. Google Fonts is an important component in keeping the quality of our website high. All Google fonts are automatically optimized for the web and this saves data volume and is a great advantage especially for use with mobile devices. When you visit our site, the small file size ensures fast loading time. Furthermore, Google Fonts are secure web fonts. Different image synthesis systems (rendering) in different browsers, operating systems and mobile devices can lead to errors. Such errors can partially distort texts or entire websites. Thanks to the fast Content Delivery Network (CDN), there are no cross-platform problems with Google Fonts. Google Fonts supports all major browsers (Google Chrome, Mozilla Firefox, Apple Safari, Opera) and works reliably on most modern mobile devices

Operating systems including Android 2.2+ and iOS 4.2+ (iPhone, iPad, iPod). So we use Google Fonts so that we can present our entire online service as beautifully and uniformly as possible.

Which data is stored by Google?

When you visit our website, the fonts are reloaded via a Google server. This external call transmits data to the Google servers. In this way, Google also recognizes that you or your IP address is visiting our website. The Google Fonts API was designed to reduce the use, storage and collection of end-user data to what is necessary for proper font delivery. Incidentally, API stands for “Application Programming Interface” and serves, among other things, as a data transmitter in the software sector.

Google Fonts securely stores CSS and font requests on Google and is therefore protected. The collected usage figures allow Google to determine how well the individual fonts are received. Google publishes the results on internal analysis pages, such as Google Analytics. Google also uses data from its own web crawler to determine which websites use Google fonts. This data is published in the Google Fonts BigQuery database. Entrepreneurs and developers use the Google web service BigQuery to examine and move large amounts of data.

It should be noted, however, that with each Google Font request, information such as language settings, IP address, browser version, browser screen resolution and browser name are automatically transmitted to the Google servers. Whether this data is also stored cannot be clearly determined or is not clearly communicated by Google.

How long and where is the data stored?

Google stores requests for CSS assets for one day on its servers, which are mainly located outside the EU. This enables us to use the fonts using a Google style sheet. A style sheet is a template that you can use to quickly and easily change the design or font of a website, for example.

The font files are stored by Google for one year. Google is thus pursuing the goal of fundamentally improving the loading time of websites. When millions of websites refer to the same fonts, they are cached after the first visit and immediately reappear on all other websites visited later. Once in a while updates google font files to reduce file size, increase language coverage and improve design.

How can I delete my data or prevent data storage?

The data that Google stores for a day or a year cannot simply be deleted. The data is automatically transmitted to Google when the page is accessed. In order to be able to delete this data prematurely, you must contact Google Support at https://support.google.com/?hl=de&tid=312280119. In this case, you only prevent data storage if you do not visit our site.

Unlike other web fonts, Google allows us unlimited access to all fonts. So we have unlimited access to a sea of ​​fonts and thus get the best out of our website. You can find more about Google Fonts and other questions at https://developers.google.com/fonts/faq?tid=312280119. Although Google addresses data protection issues there, it does not contain really detailed information about data storage. It is relatively difficult to get really precise information about stored data from Google.

legal basis

If you have consented to the use of Google Fonts, the legal basis for the corresponding data processing is this consent. According to Article 6 Paragraph 1 lit.

We also have a legitimate interest in using Google Font to optimize our online service. The corresponding legal basis for this is Article 6 (1) (f) GDPR (legitimate interests). However, we only use Google Fonts if you have given your consent.

Google also processes your data in the USA, among other places. We would like to point out that, according to the European Court of Justice, there is currently no adequate level of protection for data transfer to the USA. This can be associated with various risks for the legality and security of data processing.

As a basis for data processing by recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular in the USA) or data transfer there, Google uses so-called standard contractual clauses (= Art. 46. Para. 2 and 3 DSGVO). Standard Contractual Clauses (SCC) are templates provided by the EU Commission and are intended to ensure that your data also comply with European data protection standards if they are transferred to third countries (such as the USA) and stored there. Through these clauses, Google undertakes to comply with European data protection standards when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementation decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

The Google Ads Data Processing Terms, which also correspond to the standard contractual clauses for Google Fonts, can be found at https://business.safety.google/adsprocessorterms/.

You can also read about what data Google collects and what this data is used for at https://www.google.com/intl/de/policies/privacy/.