Privacy policy

I. Information on the processing of your data in accordance with Art. 13 of the General Data Protection Regulation (GDPR)

1. Person responsible

Responsible for this website is

2. Data processed for the provision of the website and the creation of log files

a. What data is processed for what purpose?

Each time you access content on the website, data is temporarily stored that may allow you to be identified. The following data is collected:

- Date and time of access

- IP address

- Host name of the accessing computer

- Website from which the website was accessed

- Websites that are accessed via the website

- Visited page on our website

- Message whether the retrieval was successful

- Amount of data transferred

- Information about the browser type and version used

- Operating system

Temporary storage of the data is necessary for the course of a website visit to enable delivery of the website. Further storage in log files takes place in order to ensure the functionality of the website and the security of the information technology systems. Our legitimate interest in data processing also lies in these purposes.

b. What is the legal basis for processing this data?

The data is processed on the basis of Article 6(1)(f) GDPR.

c. Are there any other recipients of the personal data besides the controller?

The website is hosted by IONOS SE, Elgendorfer Str. 57, 56410 Montabaur, Germany. The hoster receives the above-mentioned data as a processor.

d. How long is the data stored?

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. When the website is provided, this is the case when the respective session has ended. The log files are stored for a maximum of 48 hours and are accessible directly and exclusively to administrators. After that, they are only available indirectly via the reconstruction of backup tapes and are permanently deleted after a maximum of six weeks.

3. Rights of data subjects

a. Right to information

You can request information in accordance with Art. 15 GDPR about your personal data that we process.

b. Right to object:

You have the right to object for specific reasons (see point II).

c. Right to rectification

If the information concerning you is not (or no longer) correct, you can request a correction in accordance with Art. 16 GDPR. If your data is incomplete, you can request that it be completed.

d. Right to cancellation

You can request the erasure of your personal data in accordance with Art. 17 GDPR.

e. Right to restriction of processing

In accordance with Art. 18 GDPR, you have the right to request that the processing of your personal data be restricted.

f. Right to lodge a complaint

If you believe that the processing of your personal data violates data protection law, you have the right to lodge a complaint with a data protection supervisory authority of your choice in accordance with Art. 77 (1) GDPR. This also includes the data protection supervisory authority responsible for the controller: President of the Personal Data Protection Office (PUODO), ul. Stawki 2, 00-193 Warsaw, Poland, https://uodo.gov.pl/en.

g. Right to data portability

In the event that the requirements of Art. 20 para. 1 GDPR are met, you have the right to have data that we process automatically on the basis of your consent or in fulfilment of a contract handed over to you or to third parties. The collection of data for the provision of the website and the storage of log files are absolutely necessary for the operation of the website. They are therefore not based on consent pursuant to Art. 6(1)(a) GDPR or on a contract pursuant to Art. 6(1)(b) GDPR, but are justified pursuant to Art. 6(1)(f) GDPR. The requirements of Art. 20 (1) GDPR are therefore not fulfilled in this respect.

II. Right to object pursuant to Art. 21 (1) GDPR

You have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data which is based on point (f) of Article 6(1) GDPR. The controller will then no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims. The collection of data for the provision of the website and the storage of log files are absolutely necessary for the operation of the website.

III. Other recipients of the personal data

4. Payment processing (Stripe)

a. What data is processed and for what purpose?

We use the payment service provider Stripe to process payments. The following data is processed when using Stripe:

Payment information (e.g. credit card number, bank details)

Billing information (e.g. name, address)

IP address and other technical information required for fraud prevention purposes

The data is processed exclusively for the purpose of payment processing.

b. Legal basis of the processing:

The processing is carried out on the basis of Art. 6 (1) (b) GDPR (fulfilment of contract).

c. Recipient of the data:

Dhe data is passed on to Stripe Payments Europe, Ltd. which acts as a processor. Information on their privacy policy can be found at: https://stripe.com/en/privacy.

5. External services and content

a. Use of Cloudflare CDN

We use the Cloudflare service to improve the loading speed of our website, to ensure its security and to provide content such as fonts (Font Awesome) and the CookieConsent banner. The following data is processed:

IP address of the user

Access data (date, time, page accessed)

Technical information (e.g. browser type, operating system)

Cloudflare uses cookies to improve website functionality and security.

Legal basis:

Processing is carried out on the basis of Article 6(1)(f) GDPR (legitimate interest). Our legitimate interest lies in the secure and efficient provision of our website and an appealing design through services such as Font Awesome.

Further information:

Information on data processing by Cloudflare can be found at: https://www.cloudflare.com/privacypolicy/.

b. AI-Powered Text Generation and Chatbot (OpenAI GPT)

  • We use the OpenAI GPT service for the automated generation of text content (e.g., property descriptions, email templates) and for providing a support chatbot.
  • When using the chatbot, personal data (e.g., email address or free-text entries) may be processed depending on the user’s input. This data is used solely to handle your request.
  • Legal basis:
    • Art. 6(1)(f) GDPR (legitimate interest in efficient customer support),
    • or Art. 6(1)(b) GDPR (performance or initiation of a contract), if applicable.
  • Recipient: OpenAI, USA (processing based on EU standard contractual clauses).
  • Only data required for the respective function is transmitted. Chat conversations are not permanently stored without your explicit consent.
  • Chat histories are stored for quality assurance purposes for a period of 30 days and then automatically deleted, unless you have explicitly agreed to a longer storage period.
  • More information: OpenAI Privacy Policy.

c. Email Delivery (Mailgun)

  • We use Mailgun for sending emails (e.g., notifications, newsletters).
  • Processed data: email addresses and, if provided, names – no additional personal data.
  • Legal basis: Art. 6(1)(f) GDPR (legitimate interest in reliable customer communication).
  • Recipient: Mailgun (Mailgun Technologies, Inc., USA) (standard contractual clauses).
  • More information: Mailgun Privacy Policy.

7. Use of cookies

a. Which cookies are used?

Our website uses cookies to ensure functionality, improve the user experience and provide certain services. These are:

  • Necessary cookies: These cookies are necessary for the operation of our website. Without them, certain functions could not be provided.

b. Legal basis of the processing:

Processing is carried out on the basis of Art. 6(1)(f) GDPR (legitimate interest) for necessary cookies and on the basis of Art. 6(1)(a) GDPR (consent) for all other cookies.

c. How can cookies be managed?

You can disable or delete cookies in your browser settings. Please note that this may affect the functionality of our website.

8. Email Delivery on Behalf of Agents

  • What happens? Our realtor clients can send property exposés and email templates to their own prospects. On behalf of the agent, we transmit the following data to our email service provider (Mailgun):
    • Email address of the recipients
    • Optional: name of the recipients
    • Property metadata (e.g., address, price) – no other personal data
  • Data retention: The email addresses and related lead data remain stored in our CRM until they are deleted by the agent or legal retention periods expire. For delivery, they are also temporarily transmitted to Mailgun and stored there only as long as necessary for sending and analysing delivery reports.
  • Legal basis: Art. 6(1)(b) GDPR (performance of a contract) – we provide the email delivery service on behalf of our clients.
  • Recipients: Mailgun (Mailgun Technologies, Inc., USA) (standard contractual clauses).
  • Note to agents: Please ensure you have obtained the necessary consents from your recipients and update your own privacy policy to include a reference to Mailgun.