Privacy policy
Fisenar S.r.l. (hereinafter referred to as "the company", "we" or "us") takes the protection of your personal data seriously and we would like to inform you at this point about the way in which your personal data is processed by us in the context of your visit to our website at https://live.roomieitalia.com/ and with regard to submitting accommodation inquiries and booking requests for our living offers.
1. Controller
The controller for the processing of your personal data within the meaning of Art. 4 (7) of the EU General Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR”) is:
Fisenar S.r.l.
Via Giuseppe Mazzini 9 20123 Milan Italy
support@roomieitalia.com
2. Data Protection Officer
If you have any questions on the subject of data protection at our company our external data protection officer is available to you. You can reach him under the following e-mail: datenschutz.hamburg@forvismazars.com
3. Data processing when visiting the website
When you visit our website, we process your personal data.
3.1. Logfiles
When you visit our website, a so-called log data record (so-called server log files) is stored temporarily and anonymously on our web server. This consists of:
the page from which the page was requested (so-called referrer URL)
the name and URL of the requested page
the date and time of the request
the description of the type, language and version of the web browser used
the IP address of the requesting computer, which is shortened so that a personal reference can no longer be established
the amount of data transferred
the operating system
the message whether the request was successful (access status/http status code)
the GMT time zone difference
The processing of log data serves statistical purposes and to improve the quality of our website, in particular the stability and security of the connection as well as purposes of identifying and tracing unauthorised access to the web server and other criminal offences The legal basis for the data processing is Art. 6 (1)(1)(f) GDPR. Our legitimate interests for the temporary storage of technical access data are to be able to provide you with a technically functional and user-friendly website and to be able to guarantee the security of our systems. The recipients of the data are our hosting service providers. Log file information is stored from the end of your website visit for a maximum of 30 days and is then deleted. The data processing is necessary for the operation of our website. If you wish to object to data processing, you can do so by not visiting our website. The provision of personal data is neither legally nor contractually required, but it is necessary for the functioning of our website.
3.2. General information about cookies
We use cookies on our websites. Cookies are small text files that are assigned to the browser you are using and stored on your hard drive by means of a characteristic character string and through which certain information flows to the body that sets the cookie. Cookies cannot execute programs or transfer viruses to your computer and therefore cannot cause any damage. They serve to make the Internet offer as a whole more user-friendly and effective, i.e. more pleasant for you. Cookies can contain data that make it possible to recognize the device used. In some cases, however, cookies only contain information on certain settings that cannot be related to a specific person. However, cookies cannot directly identify a user. A distinction is made between session cookies, which are deleted as soon as you close your browser, and permanent cookies, which are stored beyond the individual session. With regard to their function, a distinction is made between cookies:
Technical cookies: these are required to navigate the website, use basic features and ensure the security of the website; they do not collect information about you for marketing purposes, nor do they store which web pages you have visited;
Performance cookies: these collect information about how you use our website, which pages you visit and, for example, whether errors occur during website use; they do not collect information that could identify you - all information collected is anonymous and is only used to improve our website and find out what interests our users;
Advertising cookies, targeting cookies: these are used to provide the website user with tailored advertising on the website or offers from third parties and to measure the effectiveness of these offers; advertising and targeting cookies are stored for a maximum of 13 months;
Sharing cookies: These are used to improve the interactivity of our website with other services (e.g. social networks); Sharing cookies are stored for a maximum of 13 months.
Any use of cookies that is not absolutely technically necessary constitutes data processing that is only permitted with your consent pursuant to Art. 6 (1) (1) (a) GDPR. This applies in particular to the use of advertising, targeting or sharing cookies. In addition, we will only share your personal data processed through cookies with third parties if you have given your consent to do so pursuant to Art. 6 (1) (1) (a) GDPR. In the following, we name the legal bases in connection with the respective service. We only store your data for as long as it is required to fulfil the stated purposes. Afterwards, the cookies will be deleted. The storage of information on a device used by you and the reading of this information takes place independently of the technology used for this purpose (cookies, object storage, pixels, web beacons, etc.) on the basis of your consent in accordance to the Legislative Decree No. 196/2003, and subsequent amendments, which you declare by means of an opt-in. You can revoke your consent declared in this way at any time via the cookie settings. Insofar as your consent pursuant to Art. 6 (1) (1) (a) GDPR constitutes the legal basis for the data processing, you have the right to withdraw your consent at any time. You can do this by deleting the cookies in your browser. The provision of your personal data is neither legally nor contractually required. However, without the provision, the functionality of our website may not be guaranteed. In addition, it is possible that individual services or services will not be available.
3.3. Analysis and Tracking
This website uses the following analysis and tracking tools:
Google Analytics 4 We use Google Analytics 4 to analyze and improve the use of our website. Google Analytics 4 is a web analytics and tracking service provided by Google LLC ("Google"). Google Analytics 4 may use so-called "cookies" if we activate the cookie function. In addition, Google Analytics 4 uses a standard anonymized user and client ID generated by our website as well as Google signals to identify users. The anonymized user ID is assigned to a logged-in user after the user has been uniquely identified beforehand. With the help of the user ID, users can be identified regardless of the device they are using. For example, if users access the website via both smartphones and tablets, we can analyze the user paths using the user ID in a holistic overview of the data. The client ID is a unique, randomly generated string that acts as a pseudo-anonymized identifier and anonymously identifies a browser instance. It is stored in the browser cookies so that subsequent calls to the same website can be assigned to the same user. Google signals are session data from websites that Google links to users who are logged into their Google account and have activated personalized advertising. Linking data to these logged-in users enables cross-device reporting, cross-device remarketing, and the export of cross-device usage results (known as "conversions") to Google Ads. The data processed by Google Analytics 4 is personal data within the meaning of Art. 4 (1) GDPR.
Google Analytics 4 collects personal data in the form of user characteristics and event data, among other things. The latter are automatically recorded events (user activities, number of sessions, clicks on ads, which ads are viewed, removal or deletion of credentials, crashes of websites, completion or cancellation of subscriptions, clicks on links, scrolling behavior, ends of videos viewed, etc.), events optimized for analytics (page views, scrolls, actuation of external links, website searches, playing videos, file downloads, etc.), recommended (purchase process on the website, travel offers, games), and custom events (events that are neither automatically captured nor recommended). Session data is also collected, such as multiple page views, events (see above), social interactions, and e-commerce transactions. User properties are attributes of the users who interact with your website. They are used to describe user segments such as language preference or geographic location. Some user properties are automatically logged in Google Analytics 4.
The information generated by the cookie, the user ID and Google signals about your use of this website is usually transmitted to a Google server in the USA and stored there. In case of activation of IP anonymization, your IP address will be shortened beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. Google uses this information to evaluate your use of the website, to compile reports on website activity, to make a forecast regarding your future web behavior and to provide other services to the website operator related to website and Internet use. User ID data collected in one website cannot be shared or combined with data from another website. Data about devices and activities from different sessions on a website, on the other hand, can be merged and combined using the User ID or Google signals. Collecting and combining the data is likely to create usage profiles about you.
The storage of information on a device used by you and the reading of this information takes place independently of the technology used for this purpose (cookies, object storage, pixels, web beacons, etc.) on the basis of your consent in accordance to the Legislative Decree No. 196/2003, and subsequent amendments, which you declare by means of an opt-in. You can revoke your consent declared in this way at any time via the cookie settings. The legal basis for the processing of data using Google Analytics 4 is your consent pursuant to Art. 6 (1) (a) GDPR. You can withdraw your consent to the processing of your personal data through the use of Google Analytics 4 at any time by changing your cookie settings accordingly. You may also refuse the use of cookies by selecting the appropriate settings on your browser, however, please note that if you do this you may not be able to use the full functionality of this website. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link: tools.google.com/dlpage/gaoptout You can prevent the collection of your data by Google Analytics by setting an opt-out cookie that will prevent the collection of your data during future visits to this website: We use Google Analytics with the extension "_anonymizeIp()". This shortens the IP addresses (so-called IP masking).
Unbounce We use Unbounce (Unbounce Marketing Solutions Inc., 400–401 West Georgia Street, Vancouver, BC, Canada, V6B 5A1) on our Website to create and operate landing pages Unbounce processes the personal data you enter in the lead form (name, surname, email address, phone number, budget, move-in date, length of stay, room type, and city) on our behalf and in accordance with our instructions for the purpose of operating the landing page and capturing lead submissions. The data processing takes place exclusively in Canada, i.e. in a country for which the European Commission has issued an adequacy decision pursuant to Art. 45 GDPR. Unbounce does not transfer personal data to subcontractors based in the United States. The legal basis for the storage of the required cookie is your consent in accordance to the Legislative Decree No. 196/2003, and subsequent amendments, which you declare by opting in. The further processing of your personal data after the storage or readout is also based on your consent pursuant to Art. 6 (1) p. 1 lit. a GDPR. You can declare your consent in accordance to the Legislative Decree No. 196/2003, and subsequent amendments and Art. 6 (1) p. 1 lit. a GDPR with a single click on the corresponding button in our cookie banner. You can withdraw your consent at any time by e-mail to datenschutz.hamburg@forvismazars.com or via the cookie settings. Further information on data processing by Unbounce can be found in Unbounce’s privacy policy: https://unbounce.com/privacy/
Cloudflare Cloudflare is a traffic optimisation and distribution service provided by Cloudflare Inc. The way Cloudflare is integrated means that it filters all the traffic through this website, i.e. communication between this website and the user's browser, while also allowing analytical data from this website to be collected.
Personal Data processed: Trackers; Various types of data as specified in the privacy policy of the service
Trackers duration: _cfuvid: indefinite; cf_clearance: 30 minutes
The use of Cloudflare is technically necessary for the secure and stable operation of the website. The legal basis is Art. 6(1)(f) GDPR (legitimate interest in providing a technically functional and secure website). No consent is required according to the Legislative Decree No. 196/2003, and subsequent amendments. Personal data may be transferred to the United States. Such transfers are carried out on the basis of Standard Contractual Clauses adopted by the European Commission pursuant to Art. 46(2)(c) GDPR, a copy of which is available upon request. Users should verify whether Cloudflare is certified under the EU-US Data Privacy Framework (DPF) at: https://www.dataprivacyframework.gov. Further information on data processing by Cloudflare can be found in Cloudflare’s privacy policy: https://www.cloudflare.com/privacypolicy/
Google Tag Manager Google Tag Manager is a tag management service provided by Google Ireland Limited. It enables us to manage and deploy other tracking and marketing tags (scripts) on our website without modifying the website code directly. Please note that Google Tag Manager itself does not set any cookies and does not collect any personal data independently. The tags deployed and managed via Google Tag Manager may, however, set cookies subject to the consent categories described in this section and may collect personal data as described under the respective tools.
Personal Data processed: Trackers; Usage Data
The use of Google Tag Manager is technically necessary for the management of other tools on the website. The legal basis is Art. 6(1)(f) GDPR (legitimate interest). No consent is required for Google Tag Manager itself according to the Legislative Decree No. 196/2003, and subsequent amendments; however, any tags deployed via Google Tag Manager that set non-essential cookies require your prior consent as described under the relevant sections. In order to understand Google's use of data, consult their partner policy and their Business Data page. Further information on data processing by Google Tag Manager can be found in Google’s privacy policy: https://policies.google.com/privacy
3.4. Social Media Plug-ins
Our website also uses other services that do not use cookies, but through other technologies, such as Javascript codes, web beacons, tags, other identifiers supported by AI-based technology that read data from or store data in visitors' devices.
X On our website, we have integrated functions from X in the form of a button (X plug-ins). X is both a short message service and a social media platform with blog-like functions of the company Twitter Inc, 1355 Market Street, Suite 900, San Francisco, CA 94103, USA with a branch office at One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland. On X, users can exchange short messages or upload text, image or video content and make it visible to an unspecified number of users. The integration of X functions serves the purpose of offering our services via various channels and communicating with our customers or interested parties. Cookies are set via X buttons or widgets integrated into websites as soon as you activate the functions. Through the use of cookies, it is possible for X to record your visits to these websites and assign them to your X profile. The following data is collected:
Usage data
Browser data (language settings etc.)
Browser cookie IDs
ID of your cell phone
E-mail addresses
This data is evaluated in particular (also for users who are not logged in) for the display of tailored advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact the respective plug-in provider to exercise this right. The data transfer takes place regardless of whether you have an account with the plug-in provider and are logged in there. If you are logged in to the plug-in provider, your data collected from us will be directly assigned to your existing account with the plug-in provider. If you click the activated button and link to the page, for example, the plug-in provider also saves this information in your user account and shares it publicly with your contacts.
The storage of information on a device used by you and the reading of this information takes place independently of the technology used for this purpose (cookies, object storage, pixels, web beacons, etc.) on the basis of your consent according to the Legislative Decree No. 196/2003, and subsequent amendments, which you declare by means of an opt-in. You can revoke your consent declared in this way at any time via the cookie settings. The legal basis for the use of the X plug-in is your consent pursuant to Art. 6 (1) (a) GDPR, which you can withdraw at any time in the cookie settings. Information about this and the available setting options can be found on the following X support pages: https://help.twitter.com/de/using-twitter/tailored-suggestions and https://help.twitter.com/de/rules-and-policies/twitter-cookies
X shares your personal data with its processors and third-party service providers that are located outside the European Economic Area ("EEA"), where they set their own cookies, such as Google LLC. These providers process the personal data obtained in this way for their own purposes, e.g. analysis and marketing as well as your usage behavior on external and their own websites. Profiling is also not excluded. The personal data collected from you and from third-party providers is transmitted to servers managed by X, most of which are located in the USA. Following the discontinuation of the EU-US Privacy Shield, a transfer of data to the USA can at best be based on standard contractual clauses issued by the EU Commission and further guarantees. Although the transfer of personal data is based on standard contractual clauses, this does not rule out the possibility that the U.S. security authorities, which have extensive powers, can access your personal data at any time and without any reason. This applies even if the servers are located in Europe. There are no effective legal remedies available to you against this. The data collected via our website will be deleted, summarized or otherwise obscured by X after a maximum of 30 days. X may store your personal data until it is no longer useful to the company or there is a legal deadline for deletion.
Facebook plugin Our website uses so-called social plugins ("plugins") of the social network Facebook, which is operated by Meta Platforms Inc, 1601 S. California Ave, Palo Alto, CA 94304, USA ("Facebook"). The plugins are marked with a Facebook logo. An overview of the Facebook plug-ins and their appearance can be found here: https://developers.facebook.com/docs/plugins. When you call up a page of our website that contains such a plug-in, your browser establishes a direct connection to Facebook's servers via cookies stored on your device. The content of the plug-in is transmitted by Facebook directly to your browser and integrated into the page. Through this integration, Facebook receives the information that your browser has accessed the corresponding page of our website, even if you do not have a Facebook profile or are not currently logged into Facebook. This information (including your IP address) is transmitted by your browser directly to a Facebook server in the USA and stored there. If you are logged in to Facebook, Facebook can directly assign your visit to our website to your Facebook profile. If you interact with the plugins, for example by clicking the "Like" button or posting a comment, this information is also transmitted directly to a Facebook server and stored there. The information is also published on your Facebook profile and displayed to your Facebook friends.
The purpose and scope of the data collection as well as the further processing and use of the data by Facebook as well as your rights in this regard and setting options for protecting your privacy can be found in Facebook's privacy policy: http://www.facebook.com/policy.php. If you do not want Facebook to directly assign the data collected via our website to your Facebook profile, you must log out of Facebook before visiting our website. You can also completely prevent the loading of Facebook plugins with add-ons for your browser, e.g. for Mozilla Firefox: https://addons.mozilla.org/de/firefox/addon/facebook-blocker/ for Opera: https://addons.opera.com/de/extensions/details/facebook-blocker/?display=en for Chrome: https://chrome.google.com/webstore/detail/facebook-blocker/chlhacbfddknadmnmjmkdobipdpjakmc?hl=de
The storage of information on a device used by you and the reading of this information takes place independently of the technology used for this purpose (cookies, object storage, pixels, web beacons, etc.) on the basis of your consent according to the Legislative Decree No. 196/2003, and subsequent amendments, which you declare by means of an opt-in. You can revoke your consent declared in this way at any time via the cookie settings. The legal basis is your consent pursuant to Art. 6 (1) (a) GDPR, which you can withdraw at any time in our cookie settings. There is no legal obligation to provide your data. If you refrain from doing so, you cannot share our content directly via the share buttons.
Facebook Pixel On our website, we use the Facebook pixel from Facebook (from Meta Platforms Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA, with another branch: Meta Platforms Ireland Limited 4 Grand Canal Square, Grand Canal Harbour, Dublin, D02, Ireland). For this purpose, we have inserted a code on our website. This is a JavaScript code (pixel) that enables certain functions on the page. If you have come to our website via Facebook ads, Facebook can track your usage actions via the Facebook pixel. For example, if you purchase a product on a website, the Facebook pixel is triggered and stores your actions on the website in one or more cookies. The following data is collected in the process:
Viewed advertisements
Viewed content
Device information
Geographic location
HTTP headers
Interactions with advertisements, services and products
IP address
Clicked items
Marketing information
Non-confidential custom data
Pages visited
Pixel ID
Referrer URL
Marketing campaign success
Usage data
User behavior
Facebook cookie information
Facebook user ID
Usage/click behavior
Browser information
If you have a Facebook account, it is possible for Facebook to match the data with your Facebook account data. This data collected via Facebook pixel is anonymous for us and only becomes usable for us when we want to place advertisements. If you are logged in as a Facebook user when you call up our website, your visit to our website will be assigned to your Facebook account. The purpose of using the Facebook pixel is to better tailor our advertising measures to your wishes and interests. This enables us to show you personalized advertising. Facebook collects your data for the purpose of data analysis and tracking as well as to implement its own advertising measures.
The storage of information on a device used by you and the reading of this information takes place independently of the technology used for this purpose (cookies, object storage, pixels, web beacons, etc.) on the basis of your consent according to the Legislative Decree No. 196/2003, and subsequent amendments, which you declare by means of an opt-in. You can revoke your consent declared in this way at any time via the cookie settings. The legal basis is your consent pursuant to Art. 6 (1) (a) GDPR, which you can withdraw at any time in our cookie settings. There is no legal obligation to provide your data. If you refrain from doing so, you cannot share our content directly via the share buttons.
The data processed via the Facebook pixel is partly stored on servers in the European Economic Area ("EEA"). However, the data also reaches servers managed by Meta Platforms in the USA. Following the discontinuation of the EU-US Privacy Shield, a transfer of data to the USA can at best be based on standard contractual clauses issued by the EU Commission and further guarantees. It is true that the transfer of personal data is based on standard contractual clauses under which Meta Platforms undertakes to process personal data in accordance with European data protection standards. However, this does not exclude the possibility that the U.S. security authorities, which are equipped with comprehensive powers, may access your personal data at any time and without any reason. This applies even if the servers are located in Europe. As a U.S. company, Meta Platforms may also be required to transfer personal data of EU citizens to the U.S. security authorities that is located on servers in the EEA. There are no effective legal remedies available to you against this. Meta Platforms will delete your personal data after 720 days at the latest. You can get more information about the processing here: https://www.facebook.com/legal/terms/dataprocessing General information about Facebook's privacy policy can be obtained here: https://www.facebook.com/policy.php
Instagram Social Plug-ins Our website uses so-called social plugins ("plugins") from Instagram, which is operated by Instagram LLC., 1601 Willow Road, Menlo Park, CA 94025, USA ("Instagram"). The plugins are marked with an Instagram logo, for example in the form of an "Instagram camera". An overview of the Instagram plug-ins and their appearance can be found here: http://blog.instagram.com/post/36222022872/introducing-instagram-badges. When you call up a page of our website that contains such a plugin, your browser establishes a direct connection to the servers of Instagram. The content of the plugin is transmitted by Instagram directly to your browser and integrated into the page. Through this integration, Instagram receives the information that your browser has called up the corresponding page of our website, even if you do not have an Instagram profile or are not currently logged in to Instagram. This information (including your IP address) is transmitted by your browser via cookies directly to a server of Instagram and stored there. If you are logged in to Instagram, Instagram can directly assign your visit to our website to your Instagram account. If you interact with the plugins, for example by clicking the "Instagram" button, this information is also transmitted directly to an Instagram server and stored there. The information is also published on your Instagram account and displayed there to your contacts. Instagram processes your personal data for analysis and marketing purposes. Your usage behavior is also evaluated by Instagram.
The storage of information on a device used by you and the reading of this information takes place independently of the technology used for this purpose (cookies, object storage, pixels, web beacons, etc.) on the basis of your consent according to the Legislative Decree No. 196/2003, and subsequent amendments, which you declare by means of an opt-in. You can revoke your consent declared in this way at any time via the cookie settings. The legal basis is your consent pursuant to Art. 6 (1) (a) GDPR, which you can withdraw at any time in the cookie settings. There is no legal obligation to provide your data. If you refrain from doing so, you cannot share our content directly via the share buttons.
The data processed via the Instagram plug-in is stored on servers managed by Meta Platforms in the USA. After the discontinuation of the EU-US Privacy Shield, a transfer of data to the USA can at best be based on standard contractual clauses issued by the EU Commission and further guarantees. It is true that the transfer of personal data is based on standard contractual clauses under which Meta Platforms undertakes to process personal data in accordance with European data protection standards. However, this does not exclude the possibility that the U.S. security authorities, which are equipped with comprehensive powers, may access your personal data at any time and without any reason. This applies even if the servers are located in Europe. As a U.S. company, Meta Platforms may also be required to transfer personal data of EU citizens to the U.S. security authorities that is located on servers in the EEA. There are no effective legal remedies available to you against this. You can find further data protection information from Instagram here: https://help.instagram.com/155833707900388/. If you do not want Instagram to directly assign the data collected via our website to your Instagram account, you must log out of Instagram before visiting our website. You can also completely prevent the loading of Instagram plugins with add-ons for your browser, e.g. with the script blocker "NoScript" (http://noscript.net/). Instagram deletes or anonymizes your data after 90 days at the latest.
3.5. Marketing and Advertising Tools
This website uses the following tools for marketing, advertising and conversion tracking purposes. The use of these tools requires your prior consent according to the Legislative Decree No. 196/2003, and subsequent amendments, and Art. 6(1)(a) GDPR. You may withdraw your consent at any time via our cookie management tool.
3.5.1 Salesforce (Advertising / Marketing Tracker)
Provider: Salesforce, Inc. (United States)
Salesforce is an advertising and CRM service provided by Salesforce, Inc. On this website, Salesforce trackers may be used to support lead tracking and marketing activities associated with your submission of the lead form.Personal Data processed: Trackers; Usage Data
Legal basis: Your consent according to the Legislative Decree No. 196/2003, and subsequent amendments, and Art. 6(1)(a) GDPR.
Service provided by: Salesforce, Inc. (United States) — Privacy Policy — Opt Out
International transfers: Data may be transferred to the United States. Salesforce is certified under the EU-US Data Privacy Framework (DPF) according to the European Commission's adequacy decision of 10 July 2023 (Decision 2023/1795). Transfers are therefore carried out on the basis of this adequacy decision as the primary mechanism. You can withdraw your consent at any time via the cookie settings.
3.5.2 Google Ads Conversion Tracking
Provider: Google Ireland Limited (Ireland)
Google Ads Enhanced Conversions transmits hashed first-party conversion data to Google in order to improve the accuracy of conversion measurement for our advertising campaigns. The data transmitted may include your name, e-mail address, postal address, phone number and other contact details, in hashed form. In order to understand Google's use of data, consult their partner policy and their Business Data page.Personal Data processed: Trackers; Usage Data; name, e-mail address, postal address, telephone number, transaction data and browsing/tracking data
Trackers duration: IDE: 2 years; test_cookie: 15 minutes
Legal basis: Your consent according to the Legislative Decree No. 196/2003, and subsequent amendments, and Art. 6(1)(a) GDPR. You may withdraw your consent at any time by adjusting your cookie preferences via our cookie management tool.
International transfers: Data may be transferred to the United States. Google Ireland Limited and Google LLC are certified under the EU-US Data Privacy Framework (DPF) according to the European Commission's adequacy decision of 10 July 2023 (Decision 2023/1795).
Privacy Policy: https://policies.google.com/privacy
3.5.3 Google Ads Enhanced Conversions
Provider: Google Ireland Limited (Ireland)
Google Ads Enhanced Conversions is an advertising service provided by Google Ireland Limited that allows us to send hashed first-party conversion data to Google in order to improve conversion measurements.Personal Data processed: Address; contact details; e-mail address; first name; last name; phone number; Trackers
Legal basis: Your consent according to the Legislative Decree No. 196/2003, and subsequent amendments, and Art. 6(1)(a) GDPR.
Service provided by: Google Ireland Limited (Ireland) — Privacy Policy
International transfers: Data may be transferred to the United States. Google Ireland Limited and Google LLC are certified under the EU-US Data Privacy Framework (DPF) according to the European Commission's adequacy decision of 10 July 2023 (Decision 2023/1795). You can withdraw your consent at any time via the cookie settings.
3.5.4 Meta Ads Conversion Tracking (Meta Pixel)
Provider: Meta Platforms, Inc. (United States)
Meta ads conversion tracking (Meta pixel) is an analytics service provided by Meta Platforms, Inc. that connects data from the Meta Audience Network with actions performed on this website. The Meta pixel tracks conversions that can be attributed to ads on Facebook, Instagram and Meta Audience Network.Personal Data processed: Trackers; Usage Data
Trackers duration: _fbc: 3 months; _fbp: 3 months; fr: 3 months; lastExternalReferrer: duration of the session; lastExternalReferrerTime: duration of the session
Legal basis: Your consent according to the Legislative Decree No. 196/2003, and subsequent amendments, and Art. 6(1)(a) GDPR. You may withdraw your consent at any time via the cookie management tool.
Service provided by: Meta Platforms, Inc. (United States) — Privacy Policy — Opt Out
4. Processing of personal data with regard to accommodation inquiries
4.1. Contact requests / “Get in Touch” Lead Form
This website allows users to submit a "Get in Touch" form to request information and express interest in booking a room. If you submit the lead form on our website, the following personal data will be collected and processed by us: name, surname, email address, phone number, budget, desired move-in date, desired length of stay, room type, and city. The legal basis for the processing is:
Art. 6(1)(b) GDPR, insofar as the enquiry is directed at the conclusion of a contract or constitutes a pre-contractual step (e.g. request for information about our co-living offers with a view to booking).
Art. 6(1)(f) GDPR for any further processing necessary to handle your enquiry, where the legitimate interest lies in being able to respond to your request and manage our leads.
Your data will only be processed for as long as necessary to achieve the processing purposes mentioned above. Third parties engaged by us will store your data on their system for as long as it is necessary in connection with the provision of the services for us in accordance with the respective order. There is no legal obligation to provide your data. However, if you do not provide us with your data, it will not be possible to contact you.
Unbounce We use Unbounce (Unbounce Marketing Solutions Inc., 400–401 West Georgia Street, Vancouver, BC, Canada, V6B 5A1) on our Website to create and operate the landing page. Unbounce processes the personal data you enter in the lead form (name, surname, email address, phone number, budget, move-in date, length of stay, room type, and city) on our behalf and in accordance with our instructions for the purpose of operating the landing page and capturing lead submissions. The data processing takes place exclusively in Canada, i.e. in a country for which the European Commission has issued an adequacy decision pursuant to Art. 45 GDPR. Unbounce does not transfer personal data to subcontractors based in the United States. The legal basis for the storage of the required cookie is your consent according to the Legislative Decree No. 196/2003, and subsequent amendments, which you declare by opting in. The further processing of your personal data after the storage or readout is also based on your consent pursuant to Art. 6 (1) p. 1 lit. a GDPR. You can declare your consent in accordance with to the Legislative Decree No. 196/2003, and subsequent amendments, and Art. 6 (1) p. 1 lit. a GDPR with a single click on the corresponding button in our cookie banner. You can withdraw your consent at any time by e-mail to datenschutz.hamburg@forvismazars.com or via the cookie settings. Further information on data processing by Unbounce can be found in Unbounce’s privacy policy: https://unbounce.com/privacy/
Zapier Zapier processes the lead data submitted via the Unbounce form and transfers it into the Salesforce CRM system. The service is provided by Zapier Inc., 548 Market St #62411, San Francisco, CA 94104, USA. When you submit the lead form, Zapier receives your personal data (name, surname, email address, phone number, budget, move-in date, length of stay, room type, and city) and automatically transfers it into Salesforce as a lead record. This processing is carried out exclusively on our instructions and for the sole purpose of ensuring the automated transfer of your lead data into our CRM system. The legal basis for the data processing is Art. 6(1)(b) GDPR and/or Art. 6(1)(f) GDPR. Zapier acts as a processor for us pursuant to Art. 28 GDPR. Data may be transferred to the United States. Such transfers are carried out on the basis of Standard Contractual Clauses adopted by the European Commission pursuant to Art. 46(2)(c) GDPR. Please verify whether Zapier is certified under the EU-US Data Privacy Framework (DPF) at: https://www.dataprivacyframework.gov. Further information can be found in Zapier's privacy policy: https://zapier.com/privacy
Salesforce CRM System We use the Salesforce service of the company salesforce.com Inc, The Landmark @ One Market Street, Suite 300, San Francisco, California 94105, USA, represented by Salesforce.com Germany GmbH, Erika-Mann-Str. 63, 80636 Munich, Germany. This is a service for our customer relationship management (CRM). Among other things, this service enables us to better manage our existing and potential customer relationships and to optimise sales and communication. In addition, the use of Salesforce enables us to analyse the administrative processes in our customer relationships. Your lead data is transferred by Zapier into Salesforce as a lead record. The data is stored on Salesforce managed servers in the EU or EEA. However, it should be noted that Salesforce is a US company. Therefore, it cannot be ruled out that your personal data will also be stored on servers located outside the EEA in the US. As a US company, Salesforce may also be obliged to transfer personal data of EU citizens to the US security authorities which is stored on servers in the EU or the EEA. There are no effective legal measures available to you for this. The storage of information on a device used by you and the reading of this information takes place independently of the technology used for this purpose (cookies, object storage, pixels, web beacons, etc.) on the basis of your consent according to the Legislative Decree No. 196/2003, and subsequent amendments, which you declare by means of an opt-in. You can revoke your consent declared in this way at any time via the cookie settings. If you transmit your personal data to us, this is done on the basis of your consent pursuant to Art. 6 para. 1 p. 1 lit. a GDPR, which you declare by placing a tick (opt-in) in a checkbox. You can revoke your consent at any time by accessing the cookie settings. Salesforce acts as a processor for us on a contractual basis and processes the data on the basis of our documented instructions. Salesforce is integrated by us in a data protection-compliant manner in accordance with Art. 28 GDPR. Further information can be found in the salesforce data protection declaration: Datenschutzerklärung - Salesforce
Amazon Web Services We host our website on Amazon Web Services (Amazon Web Services, Inc., 410 Terry Avenue North, Seattle WA 98109, USA, represented by Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, L-1855 Luxembourg). When you visit our website, your personal data is processed on AWS servers. The data is stored on servers managed by AWS in the EU or EEA. However, it should be noted that AWS is a US company. Therefore, it cannot be ruled out that your personal data will also be stored on servers located outside the EEA in the US. As a U.S. company, AWS may also be obliged to transfer personal data of EU citizens to the U.S. security authorities which is stored on servers in the EU or the EEA. There are no effective legal measures available to you for this. AWS acts as a processor for us on a contractual basis and processes the data based on our documented instructions. AWS is integrated by us in a data protection compliant manner in accordance with Art. 28 GDPR. Further information can be found in the AWS privacy policy: Datenschutzhinweis (amazon.com)
Caya We use the services of the Caya GmbH (Ritterstraße 24-27, 10969 Berlin). Caya is helping us to digitize our mail. If you write to us by post, your mail will be forwarded to Caya. Caya opens the mail automatically and scans it. The content of the letter is then made available to us digitally. In this context, Caya processes the personal data that you provide to us when you contact us. Caya acts as a processor for us on a contractual basis and processes the data based on our documented instructions. Caya is integrated by us in a data protection compliant manner in accordance with Art. 28 GDPR.
4.2 Booking of our living offers
If you would like to book one of our living offers, we need the following additional information from you:
Desired type of accommodation
Desired start of rental period
We need this data to process the contract. The legal basis for the processing is Art. 6 (1)(b) GDPR In the course of processing your enquiry, your data will be transferred to our IT service providers as well as to the relevant employees who process your enquiry. We only store your data for as long as it is necessary for the purpose, i.e. until the end of the tenancy. The data is then deleted unless we need it to fulfil legal obligations. There is no legal obligation to provide your personal data. However, if you do not wish to provide us with your data, a booking is not possible.
5. Transfer of personal data to third parties
The following categories of recipients may receive access to your personal data:
Service providers for the operation of our website and the processing of data stored or transmitted by the systems (e.g. for data center services, payment processing, IT security or tool providers). The legal basis for the transfer is then Art. 6 (1) (1) (f) GDPR, insofar as it does not involve processors;
Government agencies/authorities, insofar as this is necessary for the fulfillment of a legal obligation. The legal basis for the transfer is then Art. 6 (1) (1) (c) GDPR;
Persons employed to carry out our business operations (e.g. auditors, banks, insurance companies, legal advisors, supervisory authorities, parties involved in company acquisitions or the establishment of joint ventures). The legal basis for the disclosure is then Art. 6 (1) (1) (b) or (f) GDPR;
Other entities within the company group. The legal basis for the transfer is then Art. 6 (1) (1) (f) GDPR, insofar as it does not involve processors.
In addition, we will only share your personal data with third parties if you have given your consent to do so in accordance with Art. 6 para. 1 p. 1 lit. a GDPR.
6. Data deletion and storage period
For the processing operations carried out by us, we indicate in each case how long the data will be stored by us and when it will be deleted or blocked. If no explicit retention period is specified, your personal data will be deleted or blocked as soon as the purpose or legal basis for the storage no longer applies. In principle, your data will only be stored on our servers in Germany, subject to any transfer that may take place that will be specified elsewhere. However, storage may take place beyond the specified time in the event of a (threatened) legal dispute with you or other legal proceedings, or if storage is required by legal regulations to which we are subject as the responsible party. If the storage period prescribed by the statutory provisions expires, the personal data will be blocked or deleted unless further storage by us is necessary and there is a legal basis for this.
7. Data security
We use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction, or against unauthorized access by third parties (e.g., TSL encryption for our website), taking into account the state of the art, implementation costs, and the nature, scope, context, and purpose of the processing, as well as the existing risks of a data breach (including its probability and impact) for the data subject. Our security measures are continuously improved in line with technological developments.
8. Cooperation with processors
We use external domestic and foreign service providers (e.g. for IT, logistics, telecommunications, sales and marketing) to process our business transactions. They will only act on our instructions and have been contractually obligated to comply with the data protection provisions in accordance with Art. 28 GDPR. If personal data from you is passed on by us to our subsidiaries or is passed on to us by our subsidiaries (e.g. for advertising purposes), this is done on the basis of existing processing relationships.
Intercompany transfers Since we have locations all over Europe, your personal data might be transferred between the company responsible for the location you are renting your apartment/room and Fisenar S.r.l.. The respective data transfers are GDPR compliant.
9. Transfer of personal data to so-called third countries
In the course of our business relationships, your personal data may be transferred or disclosed to third party companies. These may also be located outside the European Economic Area (EEA), i.e. in third countries. Such processing is carried out exclusively for the fulfillment of contractual and business obligations and to maintain your business relationship with us. We will inform you about the respective details of the transfer at the relevant points. Some third countries are certified by the European Commission through so-called adequacy decisions to have data protection comparable to the EEA standard (a list of these countries as well as a copy of the adequacy decisions can be found here: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en). However, in other third countries to which personal data may be transferred, there may not be a consistently high level of data protection due to a lack of legal provisions. If this is the case, we ensure that data protection is adequately guaranteed. This is possible via binding company regulations, standard contractual clauses of the European Commission for the protection of personal data, certificates or recognized codes of conduct. With regard to the individual services, we will inform you at the appropriate point about the requirements for data transfer to third countries.
From time to time, we may engage external debt collection service providers to recover outstanding payments owed under our agreements with you. In such instances, we may transfer certain personal data necessary for the collection process to the service provider. The processing of this personal data is carried out on the following legal basis: Article 6(1)(b) GDPR (performance of a contract) and Article 6(1)(f) GDPR (legitimate interests pursued by us, which include ensuring the enforcement of our contractual rights and the recovery of debts owed to us). We will ensure that any transfer of personal data to debt collection service providers complies with applicable data protection laws and only involves the minimum data necessary for these purposes.
10. No automated decision-making (including profiling).
We do not ourselves intend to use any personal data collected from you for any automated decision-making process (including profiling).
11. No obligation to provide personal data.
We do not make the conclusion of contracts with us dependent on you providing us with personal data in advance. As a customer, you are under no legal or contractual obligation to provide us with your personal data; however, we may only be able to provide certain services to a limited extent or not at all if you do not provide the necessary data. If this should exceptionally be the case in the context of the products we offer, you will be informed of this separately.
12. Legal obligation to transfer certain data.
We may be subject to a specific legal or statutory obligation to provide lawfully processed personal data to third parties, in particular public bodies (Art. 6 (1) (1) (c) GDPR).
13. Your rights
You may assert your rights as a data subject regarding your processed personal data at any time by contacting us using the contact details provided at the beginning. As a data subject, you have the right:
to request information about your data processed by us in accordance with Art. 15 GDPR. In particular, you can request information about the processing purposes, the category of data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of complaint, the origin of your data if it has not been collected by us, as well as the existence of automated decision-making, including profiling, and, if applicable, meaningful information about its details;
in accordance with Art. 16 GDPR, to demand the correction of incorrect data or the completion of your data stored by us without delay;
pursuant to Art. 17 GDPR, to request the deletion of your data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the assertion, exercise or defense of legal claims;
pursuant to Art. 18 GDPR, to request the restriction of the processing of your data, insofar as the accuracy of the data is disputed by you or the processing is unlawful;
pursuant to Art. 20 GDPR, to receive your data that you have provided to us in a structured, common and machine-readable format or to request the transfer to another controller ("data portability");
object to the processing in accordance with Art. 21 GDPR, provided that the processing is based on Art. 6 (1) p. 1 lit. e or lit. f GDPR. This is particularly the case if the processing is not necessary for the performance of a contract with you. Unless it is an objection to direct marketing, when exercising such an objection, we ask you to explain the reasons why we should not process your data as we have done. In the event of your justified objection, we will review the merits of the case and either discontinue or adjust the data processing or show you our compelling legitimate grounds on the basis of which we will continue the processing;
in accordance with Article 7 (3) GDPR, to withdraw your consent given once (also before the GDPR came into force, i.e. before 25.5.2018) - i.e. your voluntary will, made understandable in an informed manner and unambiguously by means of a declaration or other unambiguous confirming act, that you agree to the processing of the personal data in question for one or more specific purposes - at any time towards us, if you have given such consent. This has the consequence that we may no longer continue the data processing based on this consent in the future, and that
complain to a data protection supervisory authority about the processing of your personal data in our company in accordance with Art. 77 GDPR.
14. Changes to the data protection notice
Due to changes in legal or official requirements as well as the further development of technical standards and our offer, adjustments to this privacy policy may be necessary, which is why it is regularly reviewed to determine whether it needs to be adapted. The privacy policy can therefore be changed at any time with effect for the future.
This privacy policy is last updated in May 2026.
© 2026 Fisenar S.r.l.
Privacy policy
Fisenar S.r.l. (hereinafter referred to as "the company", "we" or "us") takes the protection of your personal data seriously and we would like to inform you at this point about the way in which your personal data is processed by us in the context of your visit to our website at https://live.roomieitalia.com/ and with regard to submitting accommodation inquiries and booking requests for our living offers.
1. Controller
The controller for the processing of your personal data within the meaning of Art. 4 (7) of the EU General Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR”) is:
Fisenar S.r.l.
Via Giuseppe Mazzini 9 20123 Milan Italy
support@roomieitalia.com
2. Data Protection Officer
If you have any questions on the subject of data protection at our company our external data protection officer is available to you. You can reach him under the following e-mail: datenschutz.hamburg@forvismazars.com
3. Data processing when visiting the website
When you visit our website, we process your personal data.
3.1. Logfiles
When you visit our website, a so-called log data record (so-called server log files) is stored temporarily and anonymously on our web server. This consists of:
the page from which the page was requested (so-called referrer URL)
the name and URL of the requested page
the date and time of the request
the description of the type, language and version of the web browser used
the IP address of the requesting computer, which is shortened so that a personal reference can no longer be established
the amount of data transferred
the operating system
the message whether the request was successful (access status/http status code)
the GMT time zone difference
The processing of log data serves statistical purposes and to improve the quality of our website, in particular the stability and security of the connection as well as purposes of identifying and tracing unauthorised access to the web server and other criminal offences The legal basis for the data processing is Art. 6 (1)(1)(f) GDPR. Our legitimate interests for the temporary storage of technical access data are to be able to provide you with a technically functional and user-friendly website and to be able to guarantee the security of our systems. The recipients of the data are our hosting service providers. Log file information is stored from the end of your website visit for a maximum of 30 days and is then deleted. The data processing is necessary for the operation of our website. If you wish to object to data processing, you can do so by not visiting our website. The provision of personal data is neither legally nor contractually required, but it is necessary for the functioning of our website.
3.2. General information about cookies
We use cookies on our websites. Cookies are small text files that are assigned to the browser you are using and stored on your hard drive by means of a characteristic character string and through which certain information flows to the body that sets the cookie. Cookies cannot execute programs or transfer viruses to your computer and therefore cannot cause any damage. They serve to make the Internet offer as a whole more user-friendly and effective, i.e. more pleasant for you. Cookies can contain data that make it possible to recognize the device used. In some cases, however, cookies only contain information on certain settings that cannot be related to a specific person. However, cookies cannot directly identify a user. A distinction is made between session cookies, which are deleted as soon as you close your browser, and permanent cookies, which are stored beyond the individual session. With regard to their function, a distinction is made between cookies:
Technical cookies: these are required to navigate the website, use basic features and ensure the security of the website; they do not collect information about you for marketing purposes, nor do they store which web pages you have visited;
Performance cookies: these collect information about how you use our website, which pages you visit and, for example, whether errors occur during website use; they do not collect information that could identify you - all information collected is anonymous and is only used to improve our website and find out what interests our users;
Advertising cookies, targeting cookies: these are used to provide the website user with tailored advertising on the website or offers from third parties and to measure the effectiveness of these offers; advertising and targeting cookies are stored for a maximum of 13 months;
Sharing cookies: These are used to improve the interactivity of our website with other services (e.g. social networks); Sharing cookies are stored for a maximum of 13 months.
Any use of cookies that is not absolutely technically necessary constitutes data processing that is only permitted with your consent pursuant to Art. 6 (1) (1) (a) GDPR. This applies in particular to the use of advertising, targeting or sharing cookies. In addition, we will only share your personal data processed through cookies with third parties if you have given your consent to do so pursuant to Art. 6 (1) (1) (a) GDPR. In the following, we name the legal bases in connection with the respective service. We only store your data for as long as it is required to fulfil the stated purposes. Afterwards, the cookies will be deleted. The storage of information on a device used by you and the reading of this information takes place independently of the technology used for this purpose (cookies, object storage, pixels, web beacons, etc.) on the basis of your consent in accordance to the Legislative Decree No. 196/2003, and subsequent amendments, which you declare by means of an opt-in. You can revoke your consent declared in this way at any time via the cookie settings. Insofar as your consent pursuant to Art. 6 (1) (1) (a) GDPR constitutes the legal basis for the data processing, you have the right to withdraw your consent at any time. You can do this by deleting the cookies in your browser. The provision of your personal data is neither legally nor contractually required. However, without the provision, the functionality of our website may not be guaranteed. In addition, it is possible that individual services or services will not be available.
3.3. Analysis and Tracking
This website uses the following analysis and tracking tools:
Google Analytics 4 We use Google Analytics 4 to analyze and improve the use of our website. Google Analytics 4 is a web analytics and tracking service provided by Google LLC ("Google"). Google Analytics 4 may use so-called "cookies" if we activate the cookie function. In addition, Google Analytics 4 uses a standard anonymized user and client ID generated by our website as well as Google signals to identify users. The anonymized user ID is assigned to a logged-in user after the user has been uniquely identified beforehand. With the help of the user ID, users can be identified regardless of the device they are using. For example, if users access the website via both smartphones and tablets, we can analyze the user paths using the user ID in a holistic overview of the data. The client ID is a unique, randomly generated string that acts as a pseudo-anonymized identifier and anonymously identifies a browser instance. It is stored in the browser cookies so that subsequent calls to the same website can be assigned to the same user. Google signals are session data from websites that Google links to users who are logged into their Google account and have activated personalized advertising. Linking data to these logged-in users enables cross-device reporting, cross-device remarketing, and the export of cross-device usage results (known as "conversions") to Google Ads. The data processed by Google Analytics 4 is personal data within the meaning of Art. 4 (1) GDPR.
Google Analytics 4 collects personal data in the form of user characteristics and event data, among other things. The latter are automatically recorded events (user activities, number of sessions, clicks on ads, which ads are viewed, removal or deletion of credentials, crashes of websites, completion or cancellation of subscriptions, clicks on links, scrolling behavior, ends of videos viewed, etc.), events optimized for analytics (page views, scrolls, actuation of external links, website searches, playing videos, file downloads, etc.), recommended (purchase process on the website, travel offers, games), and custom events (events that are neither automatically captured nor recommended). Session data is also collected, such as multiple page views, events (see above), social interactions, and e-commerce transactions. User properties are attributes of the users who interact with your website. They are used to describe user segments such as language preference or geographic location. Some user properties are automatically logged in Google Analytics 4.
The information generated by the cookie, the user ID and Google signals about your use of this website is usually transmitted to a Google server in the USA and stored there. In case of activation of IP anonymization, your IP address will be shortened beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. Google uses this information to evaluate your use of the website, to compile reports on website activity, to make a forecast regarding your future web behavior and to provide other services to the website operator related to website and Internet use. User ID data collected in one website cannot be shared or combined with data from another website. Data about devices and activities from different sessions on a website, on the other hand, can be merged and combined using the User ID or Google signals. Collecting and combining the data is likely to create usage profiles about you.
The storage of information on a device used by you and the reading of this information takes place independently of the technology used for this purpose (cookies, object storage, pixels, web beacons, etc.) on the basis of your consent in accordance to the Legislative Decree No. 196/2003, and subsequent amendments, which you declare by means of an opt-in. You can revoke your consent declared in this way at any time via the cookie settings. The legal basis for the processing of data using Google Analytics 4 is your consent pursuant to Art. 6 (1) (a) GDPR. You can withdraw your consent to the processing of your personal data through the use of Google Analytics 4 at any time by changing your cookie settings accordingly. You may also refuse the use of cookies by selecting the appropriate settings on your browser, however, please note that if you do this you may not be able to use the full functionality of this website. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link: tools.google.com/dlpage/gaoptout You can prevent the collection of your data by Google Analytics by setting an opt-out cookie that will prevent the collection of your data during future visits to this website: We use Google Analytics with the extension "_anonymizeIp()". This shortens the IP addresses (so-called IP masking).
Unbounce We use Unbounce (Unbounce Marketing Solutions Inc., 400–401 West Georgia Street, Vancouver, BC, Canada, V6B 5A1) on our Website to create and operate landing pages Unbounce processes the personal data you enter in the lead form (name, surname, email address, phone number, budget, move-in date, length of stay, room type, and city) on our behalf and in accordance with our instructions for the purpose of operating the landing page and capturing lead submissions. The data processing takes place exclusively in Canada, i.e. in a country for which the European Commission has issued an adequacy decision pursuant to Art. 45 GDPR. Unbounce does not transfer personal data to subcontractors based in the United States. The legal basis for the storage of the required cookie is your consent in accordance to the Legislative Decree No. 196/2003, and subsequent amendments, which you declare by opting in. The further processing of your personal data after the storage or readout is also based on your consent pursuant to Art. 6 (1) p. 1 lit. a GDPR. You can declare your consent in accordance to the Legislative Decree No. 196/2003, and subsequent amendments and Art. 6 (1) p. 1 lit. a GDPR with a single click on the corresponding button in our cookie banner. You can withdraw your consent at any time by e-mail to datenschutz.hamburg@forvismazars.com or via the cookie settings. Further information on data processing by Unbounce can be found in Unbounce’s privacy policy: https://unbounce.com/privacy/
Cloudflare Cloudflare is a traffic optimisation and distribution service provided by Cloudflare Inc. The way Cloudflare is integrated means that it filters all the traffic through this website, i.e. communication between this website and the user's browser, while also allowing analytical data from this website to be collected.
Personal Data processed: Trackers; Various types of data as specified in the privacy policy of the service
Trackers duration: _cfuvid: indefinite; cf_clearance: 30 minutes
The use of Cloudflare is technically necessary for the secure and stable operation of the website. The legal basis is Art. 6(1)(f) GDPR (legitimate interest in providing a technically functional and secure website). No consent is required according to the Legislative Decree No. 196/2003, and subsequent amendments. Personal data may be transferred to the United States. Such transfers are carried out on the basis of Standard Contractual Clauses adopted by the European Commission pursuant to Art. 46(2)(c) GDPR, a copy of which is available upon request. Users should verify whether Cloudflare is certified under the EU-US Data Privacy Framework (DPF) at: https://www.dataprivacyframework.gov. Further information on data processing by Cloudflare can be found in Cloudflare’s privacy policy: https://www.cloudflare.com/privacypolicy/
Google Tag Manager Google Tag Manager is a tag management service provided by Google Ireland Limited. It enables us to manage and deploy other tracking and marketing tags (scripts) on our website without modifying the website code directly. Please note that Google Tag Manager itself does not set any cookies and does not collect any personal data independently. The tags deployed and managed via Google Tag Manager may, however, set cookies subject to the consent categories described in this section and may collect personal data as described under the respective tools.
Personal Data processed: Trackers; Usage Data
The use of Google Tag Manager is technically necessary for the management of other tools on the website. The legal basis is Art. 6(1)(f) GDPR (legitimate interest). No consent is required for Google Tag Manager itself according to the Legislative Decree No. 196/2003, and subsequent amendments; however, any tags deployed via Google Tag Manager that set non-essential cookies require your prior consent as described under the relevant sections. In order to understand Google's use of data, consult their partner policy and their Business Data page. Further information on data processing by Google Tag Manager can be found in Google’s privacy policy: https://policies.google.com/privacy
3.4. Social Media Plug-ins
Our website also uses other services that do not use cookies, but through other technologies, such as Javascript codes, web beacons, tags, other identifiers supported by AI-based technology that read data from or store data in visitors' devices.
X On our website, we have integrated functions from X in the form of a button (X plug-ins). X is both a short message service and a social media platform with blog-like functions of the company Twitter Inc, 1355 Market Street, Suite 900, San Francisco, CA 94103, USA with a branch office at One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland. On X, users can exchange short messages or upload text, image or video content and make it visible to an unspecified number of users. The integration of X functions serves the purpose of offering our services via various channels and communicating with our customers or interested parties. Cookies are set via X buttons or widgets integrated into websites as soon as you activate the functions. Through the use of cookies, it is possible for X to record your visits to these websites and assign them to your X profile. The following data is collected:
Usage data
Browser data (language settings etc.)
Browser cookie IDs
ID of your cell phone
E-mail addresses
This data is evaluated in particular (also for users who are not logged in) for the display of tailored advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact the respective plug-in provider to exercise this right. The data transfer takes place regardless of whether you have an account with the plug-in provider and are logged in there. If you are logged in to the plug-in provider, your data collected from us will be directly assigned to your existing account with the plug-in provider. If you click the activated button and link to the page, for example, the plug-in provider also saves this information in your user account and shares it publicly with your contacts.
The storage of information on a device used by you and the reading of this information takes place independently of the technology used for this purpose (cookies, object storage, pixels, web beacons, etc.) on the basis of your consent according to the Legislative Decree No. 196/2003, and subsequent amendments, which you declare by means of an opt-in. You can revoke your consent declared in this way at any time via the cookie settings. The legal basis for the use of the X plug-in is your consent pursuant to Art. 6 (1) (a) GDPR, which you can withdraw at any time in the cookie settings. Information about this and the available setting options can be found on the following X support pages: https://help.twitter.com/de/using-twitter/tailored-suggestions and https://help.twitter.com/de/rules-and-policies/twitter-cookies
X shares your personal data with its processors and third-party service providers that are located outside the European Economic Area ("EEA"), where they set their own cookies, such as Google LLC. These providers process the personal data obtained in this way for their own purposes, e.g. analysis and marketing as well as your usage behavior on external and their own websites. Profiling is also not excluded. The personal data collected from you and from third-party providers is transmitted to servers managed by X, most of which are located in the USA. Following the discontinuation of the EU-US Privacy Shield, a transfer of data to the USA can at best be based on standard contractual clauses issued by the EU Commission and further guarantees. Although the transfer of personal data is based on standard contractual clauses, this does not rule out the possibility that the U.S. security authorities, which have extensive powers, can access your personal data at any time and without any reason. This applies even if the servers are located in Europe. There are no effective legal remedies available to you against this. The data collected via our website will be deleted, summarized or otherwise obscured by X after a maximum of 30 days. X may store your personal data until it is no longer useful to the company or there is a legal deadline for deletion.
Facebook plugin Our website uses so-called social plugins ("plugins") of the social network Facebook, which is operated by Meta Platforms Inc, 1601 S. California Ave, Palo Alto, CA 94304, USA ("Facebook"). The plugins are marked with a Facebook logo. An overview of the Facebook plug-ins and their appearance can be found here: https://developers.facebook.com/docs/plugins. When you call up a page of our website that contains such a plug-in, your browser establishes a direct connection to Facebook's servers via cookies stored on your device. The content of the plug-in is transmitted by Facebook directly to your browser and integrated into the page. Through this integration, Facebook receives the information that your browser has accessed the corresponding page of our website, even if you do not have a Facebook profile or are not currently logged into Facebook. This information (including your IP address) is transmitted by your browser directly to a Facebook server in the USA and stored there. If you are logged in to Facebook, Facebook can directly assign your visit to our website to your Facebook profile. If you interact with the plugins, for example by clicking the "Like" button or posting a comment, this information is also transmitted directly to a Facebook server and stored there. The information is also published on your Facebook profile and displayed to your Facebook friends.
The purpose and scope of the data collection as well as the further processing and use of the data by Facebook as well as your rights in this regard and setting options for protecting your privacy can be found in Facebook's privacy policy: http://www.facebook.com/policy.php. If you do not want Facebook to directly assign the data collected via our website to your Facebook profile, you must log out of Facebook before visiting our website. You can also completely prevent the loading of Facebook plugins with add-ons for your browser, e.g. for Mozilla Firefox: https://addons.mozilla.org/de/firefox/addon/facebook-blocker/ for Opera: https://addons.opera.com/de/extensions/details/facebook-blocker/?display=en for Chrome: https://chrome.google.com/webstore/detail/facebook-blocker/chlhacbfddknadmnmjmkdobipdpjakmc?hl=de
The storage of information on a device used by you and the reading of this information takes place independently of the technology used for this purpose (cookies, object storage, pixels, web beacons, etc.) on the basis of your consent according to the Legislative Decree No. 196/2003, and subsequent amendments, which you declare by means of an opt-in. You can revoke your consent declared in this way at any time via the cookie settings. The legal basis is your consent pursuant to Art. 6 (1) (a) GDPR, which you can withdraw at any time in our cookie settings. There is no legal obligation to provide your data. If you refrain from doing so, you cannot share our content directly via the share buttons.
Facebook Pixel On our website, we use the Facebook pixel from Facebook (from Meta Platforms Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA, with another branch: Meta Platforms Ireland Limited 4 Grand Canal Square, Grand Canal Harbour, Dublin, D02, Ireland). For this purpose, we have inserted a code on our website. This is a JavaScript code (pixel) that enables certain functions on the page. If you have come to our website via Facebook ads, Facebook can track your usage actions via the Facebook pixel. For example, if you purchase a product on a website, the Facebook pixel is triggered and stores your actions on the website in one or more cookies. The following data is collected in the process:
Viewed advertisements
Viewed content
Device information
Geographic location
HTTP headers
Interactions with advertisements, services and products
IP address
Clicked items
Marketing information
Non-confidential custom data
Pages visited
Pixel ID
Referrer URL
Marketing campaign success
Usage data
User behavior
Facebook cookie information
Facebook user ID
Usage/click behavior
Browser information
If you have a Facebook account, it is possible for Facebook to match the data with your Facebook account data. This data collected via Facebook pixel is anonymous for us and only becomes usable for us when we want to place advertisements. If you are logged in as a Facebook user when you call up our website, your visit to our website will be assigned to your Facebook account. The purpose of using the Facebook pixel is to better tailor our advertising measures to your wishes and interests. This enables us to show you personalized advertising. Facebook collects your data for the purpose of data analysis and tracking as well as to implement its own advertising measures.
The storage of information on a device used by you and the reading of this information takes place independently of the technology used for this purpose (cookies, object storage, pixels, web beacons, etc.) on the basis of your consent according to the Legislative Decree No. 196/2003, and subsequent amendments, which you declare by means of an opt-in. You can revoke your consent declared in this way at any time via the cookie settings. The legal basis is your consent pursuant to Art. 6 (1) (a) GDPR, which you can withdraw at any time in our cookie settings. There is no legal obligation to provide your data. If you refrain from doing so, you cannot share our content directly via the share buttons.
The data processed via the Facebook pixel is partly stored on servers in the European Economic Area ("EEA"). However, the data also reaches servers managed by Meta Platforms in the USA. Following the discontinuation of the EU-US Privacy Shield, a transfer of data to the USA can at best be based on standard contractual clauses issued by the EU Commission and further guarantees. It is true that the transfer of personal data is based on standard contractual clauses under which Meta Platforms undertakes to process personal data in accordance with European data protection standards. However, this does not exclude the possibility that the U.S. security authorities, which are equipped with comprehensive powers, may access your personal data at any time and without any reason. This applies even if the servers are located in Europe. As a U.S. company, Meta Platforms may also be required to transfer personal data of EU citizens to the U.S. security authorities that is located on servers in the EEA. There are no effective legal remedies available to you against this. Meta Platforms will delete your personal data after 720 days at the latest. You can get more information about the processing here: https://www.facebook.com/legal/terms/dataprocessing
General information about Facebook's privacy policy can be obtained here: https://www.facebook.com/policy.php
Instagram Social Plug-ins Our website uses so-called social plugins ("plugins") from Instagram, which is operated by Instagram LLC., 1601 Willow Road, Menlo Park, CA 94025, USA ("Instagram"). The plugins are marked with an Instagram logo, for example in the form of an "Instagram camera". An overview of the Instagram plug-ins and their appearance can be found here: http://blog.instagram.com/post/36222022872/introducing-instagram-badges. When you call up a page of our website that contains such a plugin, your browser establishes a direct connection to the servers of Instagram. The content of the plugin is transmitted by Instagram directly to your browser and integrated into the page. Through this integration, Instagram receives the information that your browser has called up the corresponding page of our website, even if you do not have an Instagram profile or are not currently logged in to Instagram. This information (including your IP address) is transmitted by your browser via cookies directly to a server of Instagram and stored there. If you are logged in to Instagram, Instagram can directly assign your visit to our website to your Instagram account. If you interact with the plugins, for example by clicking the "Instagram" button, this information is also transmitted directly to an Instagram server and stored there. The information is also published on your Instagram account and displayed there to your contacts. Instagram processes your personal data for analysis and marketing purposes. Your usage behavior is also evaluated by Instagram.
The storage of information on a device used by you and the reading of this information takes place independently of the technology used for this purpose (cookies, object storage, pixels, web beacons, etc.) on the basis of your consent according to the Legislative Decree No. 196/2003, and subsequent amendments, which you declare by means of an opt-in. You can revoke your consent declared in this way at any time via the cookie settings. The legal basis is your consent pursuant to Art. 6 (1) (a) GDPR, which you can withdraw at any time in the cookie settings. There is no legal obligation to provide your data. If you refrain from doing so, you cannot share our content directly via the share buttons.
The data processed via the Instagram plug-in is stored on servers managed by Meta Platforms in the USA. After the discontinuation of the EU-US Privacy Shield, a transfer of data to the USA can at best be based on standard contractual clauses issued by the EU Commission and further guarantees. It is true that the transfer of personal data is based on standard contractual clauses under which Meta Platforms undertakes to process personal data in accordance with European data protection standards. However, this does not exclude the possibility that the U.S. security authorities, which are equipped with comprehensive powers, may access your personal data at any time and without any reason. This applies even if the servers are located in Europe. As a U.S. company, Meta Platforms may also be required to transfer personal data of EU citizens to the U.S. security authorities that is located on servers in the EEA. There are no effective legal remedies available to you against this. You can find further data protection information from Instagram here: https://help.instagram.com/155833707900388/. If you do not want Instagram to directly assign the data collected via our website to your Instagram account, you must log out of Instagram before visiting our website. You can also completely prevent the loading of Instagram plugins with add-ons for your browser, e.g. with the script blocker "NoScript" (http://noscript.net/). Instagram deletes or anonymizes your data after 90 days at the latest.
3.5. Marketing and Advertising Tools
This website uses the following tools for marketing, advertising and conversion tracking purposes. The use of these tools requires your prior consent according to the Legislative Decree No. 196/2003, and subsequent amendments, and Art. 6(1)(a) GDPR. You may withdraw your consent at any time via our cookie management tool.
3.5.1 Salesforce (Advertising / Marketing Tracker)
Provider: Salesforce, Inc. (United States)
Salesforce is an advertising and CRM service provided by Salesforce, Inc. On this website, Salesforce trackers may be used to support lead tracking and marketing activities associated with your submission of the lead form.Personal Data processed: Trackers; Usage Data
Legal basis: Your consent according to the Legislative Decree No. 196/2003, and subsequent amendments, and Art. 6(1)(a) GDPR.
Service provided by: Salesforce, Inc. (United States) — Privacy Policy — Opt Out
International transfers: Data may be transferred to the United States. Salesforce is certified under the EU-US Data Privacy Framework (DPF) according to the European Commission's adequacy decision of 10 July 2023 (Decision 2023/1795). Transfers are therefore carried out on the basis of this adequacy decision as the primary mechanism. You can withdraw your consent at any time via the cookie settings.
3.5.2 Google Ads Conversion Tracking
Provider: Google Ireland Limited (Ireland)
Google Ads Enhanced Conversions transmits hashed first-party conversion data to Google in order to improve the accuracy of conversion measurement for our advertising campaigns. The data transmitted may include your name, e-mail address, postal address, phone number and other contact details, in hashed form. In order to understand Google's use of data, consult their partner policy and their Business Data page.Personal Data processed: Trackers; Usage Data; name, e-mail address, postal address, telephone number, transaction data and browsing/tracking data
Trackers duration: IDE: 2 years; test_cookie: 15 minutes
Legal basis: Your consent according to the Legislative Decree No. 196/2003, and subsequent amendments, and Art. 6(1)(a) GDPR. You may withdraw your consent at any time by adjusting your cookie preferences via our cookie management tool.
International transfers: Data may be transferred to the United States. Google Ireland Limited and Google LLC are certified under the EU-US Data Privacy Framework (DPF) according to the European Commission's adequacy decision of 10 July 2023 (Decision 2023/1795).
Privacy Policy: https://policies.google.com/privacy
3.5.3 Google Ads Enhanced Conversions
Provider: Google Ireland Limited (Ireland)
Google Ads Enhanced Conversions is an advertising service provided by Google Ireland Limited that allows us to send hashed first-party conversion data to Google in order to improve conversion measurements.Personal Data processed: Address; contact details; e-mail address; first name; last name; phone number; Trackers
Legal basis: Your consent according to the Legislative Decree No. 196/2003, and subsequent amendments, and Art. 6(1)(a) GDPR.
Service provided by: Google Ireland Limited (Ireland) — Privacy Policy
International transfers: Data may be transferred to the United States. Google Ireland Limited and Google LLC are certified under the EU-US Data Privacy Framework (DPF) according to the European Commission's adequacy decision of 10 July 2023 (Decision 2023/1795). You can withdraw your consent at any time via the cookie settings.
3.5.4 Meta Ads Conversion Tracking (Meta Pixel)
Provider: Meta Platforms, Inc. (United States)
Meta ads conversion tracking (Meta pixel) is an analytics service provided by Meta Platforms, Inc. that connects data from the Meta Audience Network with actions performed on this website. The Meta pixel tracks conversions that can be attributed to ads on Facebook, Instagram and Meta Audience Network.Personal Data processed: Trackers; Usage Data
Trackers duration: _fbc: 3 months; _fbp: 3 months; fr: 3 months; lastExternalReferrer: duration of the session; lastExternalReferrerTime: duration of the session
Legal basis: Your consent according to the Legislative Decree No. 196/2003, and subsequent amendments, and Art. 6(1)(a) GDPR. You may withdraw your consent at any time via the cookie management tool.
Service provided by: Meta Platforms, Inc. (United States) — Privacy Policy — Opt Out
4. Processing of personal data with regard to accommodation inquiries
4.1. Contact requests / “Get in Touch” Lead Form
This website allows users to submit a "Get in Touch" form to request information and express interest in booking a room. If you submit the lead form on our website, the following personal data will be collected and processed by us: name, surname, email address, phone number, budget, desired move-in date, desired length of stay, room type, and city. The legal basis for the processing is:
Art. 6(1)(b) GDPR, insofar as the enquiry is directed at the conclusion of a contract or constitutes a pre-contractual step (e.g. request for information about our co-living offers with a view to booking).
Art. 6(1)(f) GDPR for any further processing necessary to handle your enquiry, where the legitimate interest lies in being able to respond to your request and manage our leads.
Your data will only be processed for as long as necessary to achieve the processing purposes mentioned above. Third parties engaged by us will store your data on their system for as long as it is necessary in connection with the provision of the services for us in accordance with the respective order. There is no legal obligation to provide your data. However, if you do not provide us with your data, it will not be possible to contact you.
Unbounce We use Unbounce (Unbounce Marketing Solutions Inc., 400–401 West Georgia Street, Vancouver, BC, Canada, V6B 5A1) on our Website to create and operate the landing page. Unbounce processes the personal data you enter in the lead form (name, surname, email address, phone number, budget, move-in date, length of stay, room type, and city) on our behalf and in accordance with our instructions for the purpose of operating the landing page and capturing lead submissions. The data processing takes place exclusively in Canada, i.e. in a country for which the European Commission has issued an adequacy decision pursuant to Art. 45 GDPR. Unbounce does not transfer personal data to subcontractors based in the United States. The legal basis for the storage of the required cookie is your consent according to the Legislative Decree No. 196/2003, and subsequent amendments, which you declare by opting in. The further processing of your personal data after the storage or readout is also based on your consent pursuant to Art. 6 (1) p. 1 lit. a GDPR. You can declare your consent in accordance with to the Legislative Decree No. 196/2003, and subsequent amendments, and Art. 6 (1) p. 1 lit. a GDPR with a single click on the corresponding button in our cookie banner. You can withdraw your consent at any time by e-mail to datenschutz.hamburg@forvismazars.com or via the cookie settings. Further information on data processing by Unbounce can be found in Unbounce’s privacy policy: https://unbounce.com/privacy/
Zapier Zapier processes the lead data submitted via the Unbounce form and transfers it into the Salesforce CRM system. The service is provided by Zapier Inc., 548 Market St #62411, San Francisco, CA 94104, USA. When you submit the lead form, Zapier receives your personal data (name, surname, email address, phone number, budget, move-in date, length of stay, room type, and city) and automatically transfers it into Salesforce as a lead record. This processing is carried out exclusively on our instructions and for the sole purpose of ensuring the automated transfer of your lead data into our CRM system. The legal basis for the data processing is Art. 6(1)(b) GDPR and/or Art. 6(1)(f) GDPR. Zapier acts as a processor for us pursuant to Art. 28 GDPR. Data may be transferred to the United States. Such transfers are carried out on the basis of Standard Contractual Clauses adopted by the European Commission pursuant to Art. 46(2)(c) GDPR. Please verify whether Zapier is certified under the EU-US Data Privacy Framework (DPF) at: https://www.dataprivacyframework.gov. Further information can be found in Zapier's privacy policy: https://zapier.com/privacy
Salesforce CRM System We use the Salesforce service of the company salesforce.com Inc, The Landmark @ One Market Street, Suite 300, San Francisco, California 94105, USA, represented by Salesforce.com Germany GmbH, Erika-Mann-Str. 63, 80636 Munich, Germany. This is a service for our customer relationship management (CRM). Among other things, this service enables us to better manage our existing and potential customer relationships and to optimise sales and communication. In addition, the use of Salesforce enables us to analyse the administrative processes in our customer relationships. Your lead data is transferred by Zapier into Salesforce as a lead record. The data is stored on Salesforce managed servers in the EU or EEA. However, it should be noted that Salesforce is a US company. Therefore, it cannot be ruled out that your personal data will also be stored on servers located outside the EEA in the US. As a US company, Salesforce may also be obliged to transfer personal data of EU citizens to the US security authorities which is stored on servers in the EU or the EEA. There are no effective legal measures available to you for this. The storage of information on a device used by you and the reading of this information takes place independently of the technology used for this purpose (cookies, object storage, pixels, web beacons, etc.) on the basis of your consent according to the Legislative Decree No. 196/2003, and subsequent amendments, which you declare by means of an opt-in. You can revoke your consent declared in this way at any time via the cookie settings. If you transmit your personal data to us, this is done on the basis of your consent pursuant to Art. 6 para. 1 p. 1 lit. a GDPR, which you declare by placing a tick (opt-in) in a checkbox. You can revoke your consent at any time by accessing the cookie settings. Salesforce acts as a processor for us on a contractual basis and processes the data on the basis of our documented instructions. Salesforce is integrated by us in a data protection-compliant manner in accordance with Art. 28 GDPR. Further information can be found in the salesforce data protection declaration: Datenschutzerklärung - Salesforce
Amazon Web Services We host our website on Amazon Web Services (Amazon Web Services, Inc., 410 Terry Avenue North, Seattle WA 98109, USA, represented by Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, L-1855 Luxembourg). When you visit our website, your personal data is processed on AWS servers. The data is stored on servers managed by AWS in the EU or EEA. However, it should be noted that AWS is a US company. Therefore, it cannot be ruled out that your personal data will also be stored on servers located outside the EEA in the US. As a U.S. company, AWS may also be obliged to transfer personal data of EU citizens to the U.S. security authorities which is stored on servers in the EU or the EEA. There are no effective legal measures available to you for this. AWS acts as a processor for us on a contractual basis and processes the data based on our documented instructions. AWS is integrated by us in a data protection compliant manner in accordance with Art. 28 GDPR. Further information can be found in the AWS privacy policy: Datenschutzhinweis (amazon.com)
Caya We use the services of the Caya GmbH (Ritterstraße 24-27, 10969 Berlin). Caya is helping us to digitize our mail. If you write to us by post, your mail will be forwarded to Caya. Caya opens the mail automatically and scans it. The content of the letter is then made available to us digitally. In this context, Caya processes the personal data that you provide to us when you contact us. Caya acts as a processor for us on a contractual basis and processes the data based on our documented instructions. Caya is integrated by us in a data protection compliant manner in accordance with Art. 28 GDPR.
4.2 Booking of our living offers
If you would like to book one of our living offers, we need the following additional information from you:
Desired type of accommodation
Desired start of rental period
We need this data to process the contract. The legal basis for the processing is Art. 6 (1)(b) GDPR In the course of processing your enquiry, your data will be transferred to our IT service providers as well as to the relevant employees who process your enquiry. We only store your data for as long as it is necessary for the purpose, i.e. until the end of the tenancy. The data is then deleted unless we need it to fulfil legal obligations. There is no legal obligation to provide your personal data. However, if you do not wish to provide us with your data, a booking is not possible.
5. Transfer of personal data to third parties
The following categories of recipients may receive access to your personal data:
Service providers for the operation of our website and the processing of data stored or transmitted by the systems (e.g. for data center services, payment processing, IT security or tool providers). The legal basis for the transfer is then Art. 6 (1) (1) (f) GDPR, insofar as it does not involve processors;
Government agencies/authorities, insofar as this is necessary for the fulfillment of a legal obligation. The legal basis for the transfer is then Art. 6 (1) (1) (c) GDPR;
Persons employed to carry out our business operations (e.g. auditors, banks, insurance companies, legal advisors, supervisory authorities, parties involved in company acquisitions or the establishment of joint ventures). The legal basis for the disclosure is then Art. 6 (1) (1) (b) or (f) GDPR;
Other entities within the company group. The legal basis for the transfer is then Art. 6 (1) (1) (f) GDPR, insofar as it does not involve processors.
In addition, we will only share your personal data with third parties if you have given your consent to do so in accordance with Art. 6 para. 1 p. 1 lit. a GDPR.
6. Data deletion and storage period
For the processing operations carried out by us, we indicate in each case how long the data will be stored by us and when it will be deleted or blocked. If no explicit retention period is specified, your personal data will be deleted or blocked as soon as the purpose or legal basis for the storage no longer applies. In principle, your data will only be stored on our servers in Germany, subject to any transfer that may take place that will be specified elsewhere. However, storage may take place beyond the specified time in the event of a (threatened) legal dispute with you or other legal proceedings, or if storage is required by legal regulations to which we are subject as the responsible party. If the storage period prescribed by the statutory provisions expires, the personal data will be blocked or deleted unless further storage by us is necessary and there is a legal basis for this.
7. Data security
We use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction, or against unauthorized access by third parties (e.g., TSL encryption for our website), taking into account the state of the art, implementation costs, and the nature, scope, context, and purpose of the processing, as well as the existing risks of a data breach (including its probability and impact) for the data subject. Our security measures are continuously improved in line with technological developments.
8. Cooperation with processors
We use external domestic and foreign service providers (e.g. for IT, logistics, telecommunications, sales and marketing) to process our business transactions. They will only act on our instructions and have been contractually obligated to comply with the data protection provisions in accordance with Art. 28 GDPR. If personal data from you is passed on by us to our subsidiaries or is passed on to us by our subsidiaries (e.g. for advertising purposes), this is done on the basis of existing processing relationships.
Intercompany transfers Since we have locations all over Europe, your personal data might be transferred between the company responsible for the location you are renting your apartment/room and Fisenar S.r.l.. The respective data transfers are GDPR compliant.
9. Transfer of personal data to so-called third countries
In the course of our business relationships, your personal data may be transferred or disclosed to third party companies. These may also be located outside the European Economic Area (EEA), i.e. in third countries. Such processing is carried out exclusively for the fulfillment of contractual and business obligations and to maintain your business relationship with us. We will inform you about the respective details of the transfer at the relevant points. Some third countries are certified by the European Commission through so-called adequacy decisions to have data protection comparable to the EEA standard (a list of these countries as well as a copy of the adequacy decisions can be found here: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en). However, in other third countries to which personal data may be transferred, there may not be a consistently high level of data protection due to a lack of legal provisions. If this is the case, we ensure that data protection is adequately guaranteed. This is possible via binding company regulations, standard contractual clauses of the European Commission for the protection of personal data, certificates or recognized codes of conduct. With regard to the individual services, we will inform you at the appropriate point about the requirements for data transfer to third countries.
From time to time, we may engage external debt collection service providers to recover outstanding payments owed under our agreements with you. In such instances, we may transfer certain personal data necessary for the collection process to the service provider. The processing of this personal data is carried out on the following legal basis: Article 6(1)(b) GDPR (performance of a contract) and Article 6(1)(f) GDPR (legitimate interests pursued by us, which include ensuring the enforcement of our contractual rights and the recovery of debts owed to us). We will ensure that any transfer of personal data to debt collection service providers complies with applicable data protection laws and only involves the minimum data necessary for these purposes.
10. No automated decision-making (including profiling).
We do not ourselves intend to use any personal data collected from you for any automated decision-making process (including profiling).
11. No obligation to provide personal data.
We do not make the conclusion of contracts with us dependent on you providing us with personal data in advance. As a customer, you are under no legal or contractual obligation to provide us with your personal data; however, we may only be able to provide certain services to a limited extent or not at all if you do not provide the necessary data. If this should exceptionally be the case in the context of the products we offer, you will be informed of this separately.
12. Legal obligation to transfer certain data.
We may be subject to a specific legal or statutory obligation to provide lawfully processed personal data to third parties, in particular public bodies (Art. 6 (1) (1) (c) GDPR).
13. Your rights
You may assert your rights as a data subject regarding your processed personal data at any time by contacting us using the contact details provided at the beginning. As a data subject, you have the right:
to request information about your data processed by us in accordance with Art. 15 GDPR. In particular, you can request information about the processing purposes, the category of data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of complaint, the origin of your data if it has not been collected by us, as well as the existence of automated decision-making, including profiling, and, if applicable, meaningful information about its details;
in accordance with Art. 16 GDPR, to demand the correction of incorrect data or the completion of your data stored by us without delay;
pursuant to Art. 17 GDPR, to request the deletion of your data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the assertion, exercise or defense of legal claims;
pursuant to Art. 18 GDPR, to request the restriction of the processing of your data, insofar as the accuracy of the data is disputed by you or the processing is unlawful;
pursuant to Art. 20 GDPR, to receive your data that you have provided to us in a structured, common and machine-readable format or to request the transfer to another controller ("data portability");
object to the processing in accordance with Art. 21 GDPR, provided that the processing is based on Art. 6 (1) p. 1 lit. e or lit. f GDPR. This is particularly the case if the processing is not necessary for the performance of a contract with you. Unless it is an objection to direct marketing, when exercising such an objection, we ask you to explain the reasons why we should not process your data as we have done. In the event of your justified objection, we will review the merits of the case and either discontinue or adjust the data processing or show you our compelling legitimate grounds on the basis of which we will continue the processing;
in accordance with Article 7 (3) GDPR, to withdraw your consent given once (also before the GDPR came into force, i.e. before 25.5.2018) - i.e. your voluntary will, made understandable in an informed manner and unambiguously by means of a declaration or other unambiguous confirming act, that you agree to the processing of the personal data in question for one or more specific purposes - at any time towards us, if you have given such consent. This has the consequence that we may no longer continue the data processing based on this consent in the future, and that
complain to a data protection supervisory authority about the processing of your personal data in our company in accordance with Art. 77 GDPR.
14. Changes to the data protection notice
Due to changes in legal or official requirements as well as the further development of technical standards and our offer, adjustments to this privacy policy may be necessary, which is why it is regularly reviewed to determine whether it needs to be adapted. The privacy policy can therefore be changed at any time with effect for the future.
This privacy policy is last updated in May 2026.
© 2026 Fisenar S.r.l.
