Privacy policy Frankfurt

THE FLAG Service Frankfurt GmbH

1. Data Protection Policy

This Data Protection Policy contains information on the extent to which we process your personal data (hereinafter referred to as “data”).

2. Controller

The controller in accordance with the General Data Protection Regulation (GDPR) is:

THE FLAG Service Frankfurt GmbH
Listertalstraße 73
57439 Attendorn


3. Data protection officer contact details


4. Data processing

We process data to operate our website. This also includes disclosure in the form of transfer to third parties and, if necessary, to so-called third countries outside the European Union (EU) and the European Economic Area.

The individual data affected, processing purposes, legal bases, recipients and transfer to third countries are stated below:

a)     Log files when visiting websites

We log your website visit. We process the name of the accessed web page, date and time of access, transferred data volume, browser type and version, your operating system, referrer URL (previously visited web page), your IP address and querying provider. This is necessary to ensure that the website is secure. We process the data on the basis of our legitimate interests in accordance with Art. 6 (1) lit. f GDPR, to guarantee the security of the website. Log files are deleted after seven days, unless they are required for clarifying or proving specific violations of the law that have been uncovered within the retention period.

b)     Hosting

All data related to the operation of this website is stored as part of the hosting process. The data is processed on the basis of our legitimate interests in accordance with Art. 6 (1) lit. f GDPR, to make it possible to operate the website. We use the services of web hosting providers to operate our website to whom we transfer the above-stated data (Section 4 b).

c)     Contacting us

If you contact us, we process your name, any contact details you provide and your message for the sole purpose of processing and handling your query. The data is processed on the basis of Art. 6 (1) lit. b GDPR for the fulfilment of the agreement and/or our pre-contractual obligations or on the basis of our legitimate interests in accordance with Art. 6 (1) lit. f GDPR for the purpose of processing your query.

d)     Contacting us for job applications

If you contact us to send us your job application, e.g. per e-mail or through a contact form, your data (e.g. name, e-mail address, requested place of work, if stated by you), your message and the submitted job application documents are processed for the sole purpose of processing and handling your job application. The predominant legal basis for these data processing activities is Section 26 of the Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG). It states that data may be processed which is required in connection with making a decision about concluding an employment contract with an applicant.

Should the data be required once the application process has closed, i.e. for prosecution purposes, the data may be processed to maintain our legitimate interests in accordance with Art. 6 (1) lit. f GDPR, namely for the assertion and/or defence of claims.

e)     Inclousion in our pool of applicants

By your request, we can include your application profile in our pool of applicants so that we can consider and invite you to apply for suitable vacancies. The data is processed on the basis of your consent in accordance with Art. 6 (1) lit. a GDPR.

f)     Central Customer data management

For the management of our customer data, we use the software systems of a service provider. This service provider processes the customer data on our behalf. Further information on the purposes and legal bases of the individual processing operations can be found in the following information. 

g)      Conclusion and performance of accommodation agreements

Within the scope of our accommodation offers, we process your data for initiating (reserving) and processing (booking) the future or existing contractual relationship between you and us. We require the following data for your booking or reservation, Arrival and departure dates: Forename and surname of all travelling persons, address of the person making the booking or reservation, e-mail address, credit card and/or bank details, Cookie ID, registration data (e.g. passport number).

You can send reservation requests and make bookings on our website. Your data is processed on the basis of Art. 6 (1) lit. b GDPR.

In our houses we offer you the possibility of a self-check-in and the digital booking of services and management of your accommodation data. For the provision of the software, we use a service provider who processes the previously mentioned data on our behalf.

We transfer your transaction data (name, date of booking, payment type, amount and recipient, bank or credit card details, if required) to the payment service provider engaged with processing the payment.

When booking online through our website, you are transferred to our external booking platform operator, TravelClick, INC., 7 Times Square, 38th Floor, NY 10036, USA (“TravelClick”) where you can complete your booking online. TravelClick processes data in the USA. There is no adequacy decision of the EU Commission for the USA. However, TravelClick establishes an adequate level of data protection via the EU standard contractual clauses. A copy of the contract can be found on the following page under “TravelClick Data Processing Agreement (EU & UK Customer)”:

Information on data protection

Alternatively, you can send us reservation requests directly through our website. If you do this, the communication is processed without data being transferred to TravelClick.

h)     Reporting process for accommodation providers

We process the following data if you are subject to the provisions of the Federal Reporting Act (Bundesmeldegesetzt – BMG): date of arrival and expected departure, surname, forename, date of birth, nationality, address, number of travelling persons and their nationalities, as well as passport number or number of temporary travel documentation for foreign persons.

This data is forwarded to the competent reporting authority.

The legal basis is our legal obligation in accordance with Art. 6 (1) lit. d GDPR in conjunction with Section 30 BMG.

i)     Processing of residential letting agreements.

In order to perform the existing residential letting agreements, we process your data from the respective letting agreement. The data is processed on the basis of Art. 6 (1) lit. b GDPR for the purpose of contractual fulfilment.

j)      Tenant´s disclosure of confidential information for residential letting agreements

In order to assess your reliability and credit rating as a future tenant, we, the landlord, require that you disclose corresponding confidential information. We process the following data in this respect, if provided by you: name, address, proof of income.

The data is processed on the basis of our legitimate interests in accordance with Art. 6 (1) lit. f GDPR to ensure that the potential letting agreement can be properly performed and processed properly. We also have the option to determine if the residential property on offer would meet your requirements as a tenant. Video surveillance in our properties

We occasionally use video surveillance in our properties. The monitored areas are marked with the following pictogram and information:

We use video surveillance to protect against burglaries and vandalism. The legal basis for this our legitimate interest in accordance with Art. 6 (1) lit. f GDPR regarding the protection of property against vandalism. All persons present in the marked area are recorded. All recordings are automatically deleted after 72 hours.

5. Cookies, website analysis and marketing

We use cookies to enable certain functions. These are small data packages that are stored on your device and exchanged with other providers. Some of the cookies used by us are deleted once you close your browser (session cookies). Other cookies remain on your device and make it possible to recognise your browser when you next visit (persistent cookies). Data processing activities due to cookies that serve the sole purpose of creating the functionality of our website are therefore performed on the basis of our legitimate interests in accordance with Art. 6 (1) lit. f GDPR.

You can delete all cookies stored on your device and adjust the settings of the popular browsers to prevent the installation of cookies. If you choose to do this, you may have to readjust the settings at every visit to this website. Some of the functions may also not be available to you.

We use additional services in connection with the following functionalities:

Google services

We use various services provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, (hereinafter referred to as “Google”) on our website. Google may transfer data to the USA during this process.

For further information on data protection please go to:

Google Analytics

We use the Google Analytics tracking tool on our website. It records and systematically analyses the interactions of website visitors primarily with the help of cookies. The following data is stored when you visit the website:

  • 3 bytes of the IP address of the accessed system of the website visitor (anonymised IP address)
  • Accessed website
  • Website from which the user accessed the page on our website (referrer)
  • Sub-pages that are accessed form the website
  • Duration of the website visit
  • Frequency of the website access

This data is transferred and stored on a Google server located in the USA. We use Google Analytics with the “anonymizeIp()” extension. This abbreviates the IP addresses prior to transferring them to the server in the USA (e.g. 192.158.79.***). This usually makes it impossible to create a direct link to a person. In particular, it is no longer possible to allocate the accessed computer or device of the website visitor. The unabbreviated IP address is only transferred to a server in the USA and abbreviated there in exceptional circumstances.

We use Google Analytics for analysing your use of the website, compiling website activity reports for the website operators, providing additional services related to the website use and improving the website’s user friendliness.

The data is processed on the basis of our prevailing interest in the optimal marketing of our website in accordance with Art. 6 (1) lit. f GDPR. Google never links your IP address to other Google data.

You can object to the processing of your data at any time and with future effect by using the deactivation add-on for browsers by Google Analytics which can be downloaded at

Please read the additional information on the use of data by Google in the Google partner network at:

6. Embedded external content

We use dynamic third-party content for optimising the display and offers of our website. When you visit our website, an application programming interface (API) automatically sends a query to the server of the respective content provider during which certain log data (i.e. IP address of the user) is transferred. The dynamic content is then transferred to, and displayed on, our website.

a)     Google Maps

We use Google Maps by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”) on our website to provide you with an interactive map. When displaying the map, data, including your IP address and location, is transferred to and stored on Google servers located in the USA. This data is processed on the basis of our prevailing interest in the optimal marketing of our website in accordance with Art. 6 (1) lit. f GDPR.

For further information on data protection please go to:  

b)     Google Fonts

We use external fonts by Google Fonts to create a more appealing website look. When you visit our website, these fonts are loaded from the servers of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).

Google does not store any cookies in your browser to do so. According to the information provided to us, however, the IP address of the user’s device is transferred to, and stored by, Google. This data is processed on the basis of our prevailing interest in the optimal marketing of our website in accordance with Art. 6 (1) lit. f GDPR.

For further information on data protection please go to:

7. Data retention period

We store your personal data only as long as it is required for the purposes for which it is processed or until you withdraw your previous consent for us to do so. The retention period for certain data may be up to 10 years in the event of us having to comply with statutory retention periods, regardless of the processing purposes.

8. Your right as the data subject

a)     Information

You can request free-of-charge information on all of your personal data that we have stored at any time.

b)    Correction, deletion and restriction of processing (block), objection

Sollten Sie mit der Speicherung Ihrer personenbezogenen Daten nicht mehr einverstanden oder sollten diese unrichtig geworden sein, werden wir auf eine entsprechende Weisung hin die Löschung oder Sperrung Ihrer Daten veranlassen oder die notwendigen Korrekturen vornehmen (soweit dies nach dem geltenden Recht möglich ist). Gleiches gilt, sofern wir Daten künftig nur noch einschränkend verarbeiten sollen. Ein Widerspruchsrecht steht Ihnen insbesondere in den Fällen zu, in denen Ihre Daten aufgrund der Wahrnehmung einer Aufgabe erforderlich sind, die im öffentlichen Interesse liegt oder unseres berechtigten Interesses erfolgt, sowie darauf gestützten Profilings. Ebenso steht Ihnen im Falle der Datenverarbeitung zum Zwecke von Direktwerbung ein solches Widerspruchsrecht zu.

c)     Data transferability

By your request, we shall provide you with your data in a standard, structured and machine-readable format so that you can transfer it to another controller.

d)     Right to revoke your consent with future effect

You can revoke any consent you may have given with future effect. Your revocation shall not affect the legitimacy of the processing up to the date of revocation.

e)     Right to complain

You may, at any time, complain to a supervisory authority with regard to your rights as the data subject:


f)      Restrictions

The above rights do not apply to data that we cannot use for identifying the data subject, such as data that has been anonymised for analysis purposes. Information, deletion, blocking, correction and transfer to another company with regard to this data may be possible if you provide us with additional information that enables us to identify the data subject.

9. Assertion of your rights as the data subject

Should you have questions regarding the processing of your personal data as well as information on, the correction, blocking and deletion of, and objection to data, or wish to transfer the data to another company, please contact

A protected home even in these times!

No matter where you are our guest in times of the Corona Pandemic, you benefit from the fact that we have always specialised in long-term accommodation.

Read more about our covid-19 measures here.