Privacy Policy for (Potential) Tenants of
Student Residences in W27 Heilbronn
Last updated 05/2022
As a
rule, the personal data of yours that we collect is obtained directly from you.
The statutory basis is, in particular, the EU General Data Protection
Regulation (GDPR).
1.
Controller within the meaning
of Article 4(7) GDPR
The
controller within the meaning of Article 4(7) GDPR is:
Schwarz Campus Service GmbH & Co. KG
Stiftsbergstraße 1
74172 Neckarsulm,
Germany
e-mail: w27@mail.schwarz
2.
Application for an apartment
2.1. Purposes and legal basis of processing
2.1.1.
Mandatory information that you
have to provide during the application process:
If you
apply for one of our apartments, we will process information including your
basic information, such as your last name, first name and date of birth, your
address and contact details, and your CampusCard ID, if you have one (Article
6(1)(b) GDPR). We process this information so that we can process your
application and potentially prepare a lease on that basis.
The data
that we process also includes your identification document, e.g., your personal
ID card or your passport, information on your matriculation status (for
students), information on your occupation, your nationality and, if you are not
an EU national, your visa (Article 6(1)(f) GDPR). We have a legitimate interest
in clearly verifying your identity and checking that you are eligible for an
apartment.
We
process your user name (= your e-mail address) and your selected password, also
on the basis of Article 6(1)(b) GDPR, in order to provide you with access to
our online portal to manage your (tenant) data.
On the
basis of Article 6(1)(b) GDPR, we also process information on relationships
with relatives and legal guardians if an application is being made in the name
of one or several legal guardians for a student who is a minor, or if the
consent of the legal guardian(s) is stored. This information is only mandatory
if you are a minor.
2.1.2.
Voluntary information that you
can opt to provide during the application process:
If you
are applying for accessible housing, we will process information on your
disability/your disability ID card (health data) with your consent in order to
check that you are eligible for accessible housing. The data is processed
pursuant to Article 9(2)(a) GDPR.
If you
opt to provide us with proof of your salary and/or a certificate confirming
that you do not have any rent arrears as part of the application process, we
will process this data on the basis of Article 6(1)(f) GDPR. We have a legitimate
interest in confirming your payment reliability and ability to pay within this
context.
2.1.3.
Processing of data for
technical reasons:
On the
basis of Article 6(1)(f) GDPR, we also record when you log in and out of our
online tenant management portal. In the event of a system failure or
malfunction, we have a legitimate interest in finding out who used the system
and whether this use potentially resulted in the malfunction.
2.2. Recipients/categories of recipient
The data
you provide and the documents you upload as part of the application process may
be made accessible to REOS GmbH, Amsinckstraße 28, 20097 Hamburg, in
exceptional cases, e.g., for the purposes of technical support services, as
this company is the technical provider of the online portal that you use to
apply and in which your data is stored.
Your
personal data may be made available to Schwarz IT KG, Stiftsbergstraße 1, 74172
Neckarsulm, as this company also provides support services for the online
portal on our behalf.
Your
data may be transmitted to other recipients to the extent required on an ad hoc
basis if these recipients provide services on our behalf and have to process
your data for this purpose.
2.3. Obligation to provide your data
You are
under no statutory or contractual obligation to provide personal data to us for
the purposes of your application. If, however, you do not provide us with the
corresponding information, we will not be able to process and will reject your
application.
2.4. Storage time
If we
reject your application, we will erase the personal data disclosed or provided
by you at the latest 12 months after your most recent activity in the REOS
portal.
The
documents uploaded by you will be erased after we notify you of the rejection.
We will
erase the identification document and any visa you have uploaded as part of the
application process without undue delay after verifying your identity/residence
rights.
If your
application is successful and we enter into a lease agreement with you, we will
save the corresponding data for a period of up to 12 years after the lease has
ended.
Log data
for use of the online tenant management portal will be erased 7 days after the
respective use.
3.
Renting an apartment
3.1. Purposes and legal basis of processing
If you
rent one of our apartments, we will process your information including your
basic information, such as your name and date of birth, your address and
contact details, your payment details, your signature, information on the lease
start and end date, as well as information on your rent (incl.
utilities/flat-rate), information on your matriculation status (for students),
as well as your CampusCard ID (Article 6(1)(b) GDPR). We process this data so
that we can perform/settle the lease agreement we have entered into with you.
You also
disclose your payment details on the master data sheet to the lease agreement.
In such cases, we will process the data on the basis of Article 6(1)(b) GDPR so
that we can return your security deposit after the end of a potential lease.
We also
process information, on the same basis, on the hardware you use to access the
Internet (MAC address), your IP address and your user name and selected
password to access the Internet so that we can provide you with a corresponding
WLAN/LAN Internet connection.
On the
basis of Article 6(1)(f) GDPR, we process your master data (last name, first
name), your apartment number and your contact details (telephone number) to
contact you. Our legitimate interest lies in contacting you as part of the
proper management of the property, in particular in emergencies.
On the
basis referred to above we also process information on when you use the
Internet connection and how much data has been transmitted. This data
concerning users is aggregated (consolidated) so that it can no longer be
allocated to a single user and is used by us for statistical purposes (e.g.,
number of users per day and total upload and download figures for all users
over the past month) so that we can maintain the functionality of the network
and make sufficient bandwidth available.
We
process your user name (= your e-mail address) and
your selected password on the basis of Article 6(1)(b) GDPR, in order to
provide you with access to our online portal to manage your (tenant) data.
On the
basis of Article 6(1)(f) GDPR, we also record when you log in and out of the
online tenant management portal. In the event of a system failure or
malfunction, we have a legitimate interest in finding out who used the system
and whether this use potentially resulted in the malfunction.
3.2. Recipients/categories of recipient
Your
basic information (last name, first name), address details for your apartment
and contact details (telephone number and e-mail), as well as damage reports,
are transmitted to service companies we have commissioned to the extent
required on an ad hoc basis so that these companies can rectify any damage that
we or you identify in your apartment and perform repair work.
In order
to provide you with a WLAN and LAN Internet connection, we transmit your basic
information (last name, first name), information on the hardware you use (MAC
address), when you logged in and out of the network, the data volume
transmitted, your IP address and your user name and password for the network to
FREDERIX Hotspot GmbH, Oskar-Winter-Straße 9, 30161 Hanover, which makes part
of the infrastructure available on our behalf and provides the Internet
connection and corresponding support. This data may also be made available to
Schwarz IT KG, Stiftsbergstraße 1, 74172 Neckarsulm, which also makes part of
the infrastructure available on our behalf and provides the corresponding
support services.
In order
to add your data to the digital door bell system for the hall of residence and
give you access to the mailbox system, we transmit your basic information (last
name, first name) and your apartment address to Erwin Renz Metallwarenfabrik
GmbH & Co KG, Boschstraße 3, 71737 Kirchberg/Murr, which operates these
systems on our behalf.
We also
transmit your basic information (last name, first name), your apartment address
and your CampusCard ID to IntraKey technologies GmbH, Wiener Straße 114-116,
01219 Dresden, as this company manages and configures corresponding access
rights for CampusCard users on our behalf.
In order
to settle your lease, the security deposit and any repair costs that you owe,
we transmit your master data (last name, first name, e-mail address, telephone
number), address details and payment details to the extent required to Schwarz
KG, Rötelstraße 35, 74172 Neckarsulm, which assumes responsibility for billing
on our behalf.
Your
data may be transmitted to other recipients to the extent required on an ad hoc
basis if these recipients provide services on our behalf and have to process
your data for this purpose.
3.3. Obligation to provide your data
By
entering into the lease agreement, you agree to provide us with the personal
data concerning you that we require to ensure the due and proper performance
and settlement of the lease agreement. This includes, in particular, your basic
information, address details, contact details and payment details. If you do
not provide us with the required data, we cannot enter into a lease agreement
with you or perform the lease agreement.
3.4. Storage time
We will
store your personal data for a period of up to 12 years after the lease has
ended.
Log data
for use of the online tenant management portal will be erased 7 days after the
respective use.
Your
access data for the online portal (user name and password) will be erased two
years after the lease has ended.
4.
Use of the online tenant management
portal
4.1. Log files
4.1.1. Purposes and legal basis of processing
When you
use the online portal, log files are created with the following content:
·
the website from which you visit our site;
·
the IP address;
·
the date and time of access;
·
the client request;
·
the http response code;
·
the data volume transmitted;
·
information about the type of browser and
operating system you are using.
The
legal basis for the processing is Article 6(1)(f) GDPR. Our legitimate interest
arises from our interest in protecting the online portal and preventing
improper and/or fraudulent activity each time that a user accesses this
website.
4.1.2. Recipients/categories of recipient
Your
personal data may be made accessible to REOS GmbH, Amsinckstraße 28, 20097 Hamburg,
in exceptional cases, e.g., for the purposes of technical support services, as
this company is the technical provider of the online portal used to manage your
lease.
4.1.3. Obligation to provide your data
You are under no statutory or contractual
obligation to provide personal data to us. However, such data will be processed
for technical reasons as soon as you access our site. If you do not wish to
provide us with the data, then unfortunately you cannot use our website.
4.1.4. Storage time
The data will be erased 7
days after the respective use.
4.2. Cookies
Cookies
are used in the online portal. Cookies are small text files that are sent from
the web server to your terminal device (PC, notebook, smartphone or tablet)
when you visit this website and are stored there in the Internet browser you
are using. Cookies may serve a variety of functions.
You may
also configure your browser to ensure that a warning appears every time a new
cookie is placed. This makes the use of cookies more transparent for you. You
may also configure your browser to refuse acceptance of all or some cookies
from certain sources. Please be advised, however, that disabling cookies may
limit the functionality of this website.
4.2.1. Purposes and legal basis of processing
We use the following cookies on the basis of
Article 6(1)(f) GDPR to ensure the technical availability and functionality of
our website. Our legitimate interest follows from the aforementioned purposes.
The cookies generate a session ID that allocates the session to your user data
record.
·
"XSRF-TOKEN" to verify form
submissions
·
"reos_onboarding_session" to
attribute the browser to the user data record
·
"reos_tss_session" to attribute the
browser to the user data record for users of the TSS app/TSS web
4.2.2. Recipients/categories of recipient
The data
generated by the cookies may be made accessible to REOS
GmbH, Amsinckstraße 28, 20097 Hamburg, in exceptional cases, e.g., for the
purposes of technical support services, as this company is the technical
provider of the online portal used to manage your lease.
4.2.3. Obligation to provide your data
4.2.4. Storage time
The
abovementioned cookies will be stored for a period of two hours.
5.
Your rights as a data subject
Pursuant
to Article 15(1) GDPR, you have the right to request information, free of
charge, on the personal data stored about you.
If the
statutory requirements are met, you also have a right to rectification (Article
16 GDPR), erasure (Article 17 GDPR) and restriction of processing (Article 18
GDPR) of your personal data.
If the
basis of processing is Article 6(1)(e) or (f) GDPR, you have a right to object
under Article 21 GDPR. If you object to processing, your data will no longer be
processed thereafter, unless the controller demonstrates compelling legitimate
grounds for the processing which override the interests of the data subject in
the objection.
If you
have provided the processed data yourself, you have a right to data portability
under Article 20 GDPR.
If the
data processing is carried out on the basis of consent granted under Article
6(1)(a) or Article 9(2)(a) GDPR, you may revoke that consent at any time with
effect for the future without this affecting the lawfulness of the previous
processing.
In the
above-mentioned cases, or if you have questions or complaints, please write to
or e-mail the data protection officer. You also have a right to lodge a complaint
with a data protection supervisory authority. The data protection supervisory
authority located in the state in which you live or where the controller is
domiciled has jurisdiction.
6.
Data protection officer contact
information
For
further questions concerning the processing of your data or the exercise of
your rights, please contact the controller's competent data protection officer.
Schwarz Campus Service GmbH & Co. KG
Data protection officer
Stiftsbergstraße 1
74172 Neckarsulm,
Germany
e-mail: datenschutz@mail.schwarz