Name and contact of the responsible person according to Article 4 (7) DSGVO

Company: The EIS Project UG (haftungsbeschränkt)

Address: Richard-Strauß Str.21, 76437 Rastatt, Germany

E-Mail: theeisproject19@gmail.com 

Security and protection of your personal data

We consider it our primary responsibility to maintain the confidentiality of the personal data you provide to us and to protect it from unauthorized access. Therefore, we apply the utmost care and state-of-the-art security standards to ensure maximum protection of your personal data.

As a company under private law, we are subject to the provisions of the European General Data Protection Regulation (DSGVO) and the regulations of the German Federal Data Protection Act (BDSG). We have taken technical and organizational measures to ensure that the regulations on data protection are observed both by us and by our external service providers.

Definitions

The legislator requires that personal data be processed in a lawful manner, in good faith and in a way that is comprehensible to the data subject (“lawfulness, processing in good faith, transparency”). To ensure this, we inform you about the individual legal definitions, which are also used in this privacy policy:

1. Personal data

“Personal data” means any information relating to an identified or identifiable natural person (hereinafter “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

2. Processing

“Processing” means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

3. Restriction of processing

“Restriction of processing” means the marking of stored personal data with the aim of limiting their future processing.

4. Profiling

“Profiling” means any type of automated processing of personal data that consists of using such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects relating to that natural person’s job performance, economic situation, health, personal preferences, interests, reliability, behavior, location or change of location.

5. Pseudonymization

“Pseudonymization” means the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures which ensure that the personal data cannot be attributed to an identified or identifiable natural person.

6. File system

“File system” means any structured collection of personal data accessible according to specified criteria, whether such collection is maintained on a centralized, decentralized, or functional or geographic basis.

7. Responsible person

“controller” means a natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its designation may be provided for by Union or Member State law.

8. Order processor

“Processor” means a natural or legal person, public authority, agency or other body that processes personal data on behalf of the Controller.

9. Receiver

“Recipient” means a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not a third party. However, public authorities that may receive personal data in the context of a specific investigative task under Union or Member State law shall not be considered as recipients; the processing of such data by the aforementioned authorities shall be carried out in accordance with the applicable data protection rules in accordance with the purposes of the processing.

10. Third party

“Third party” means a natural or legal person, public authority, agency or other body, other than the data subject, the controller, the processor and the persons authorized to process the personal data under the direct responsibility of the controller or the processor.

11. Consent

Consent” of the data subject means any freely given specific, informed and unambiguous indication of his or her wishes in the form of a statement or other unambiguous affirmative act by which the data subject signifies his or her agreement to the processing of personal data relating to him or her.

Lawfulness of processing

The processing of personal data is only lawful if there is a legal basis for the processing. Legal basis for the processing can be according to Article 6 para. 1 lit. a – f DSGVO in particular:

1. The data subject has given his/her consent to the processing of personal data concerning him/her for one or more specific purposes;
2. The processing is necessary for the performance of a contract to which the data subject is party or for the implementation of pre-contractual measures taken at the data subject’s request;
3. Processing is necessary for compliance with a legal obligation to which the controller is subject;
4. The processing is necessary to protect the vital interests of the data subject or another natural person;
5. Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
6. Processing is necessary for the purposes of the legitimate interests of the controller or of a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data, in particular where the data subject is a child.

Information about the collection of personal data

(1) In the following, we inform about the collection of personal data when using our website. Personal data are e.g. name, address, e-mail addresses, user behavior.

(2) If you contact us by e-mail, the data you provide (your e-mail address, name and telephone number, if applicable) will be stored by us in order to answer your questions. We delete the data accruing in this context after the storage is no longer necessary, or the processing is restricted if there are legal obligations to retain data.

(3) If you contact us via the search request for prospective tenants, the data you provide will only be used strictly for the purpose of searching for an apartment and, if necessary, for concluding a rental agreement. Your data will be deleted by us after 6 months.

Collection of personal data when visiting our website

In the case of mere informational use of the website, i.e. if you do not register or otherwise transmit information to us, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure stability and security (legal basis is Art. 6 para. 1 p. 1 lit. f DSGVO):

IP address

Date and time of the request

Time zone difference from Greenwich Mean Time (GMT)

Content of the request (concrete page)

Access status/HTTP status code

Data volume transferred in each case

Website from which the request comes

Browser

Operating system and its interface

Language and version of the browser software