Data Protection Policy
This Data Protection Policy contains information on the extent to which we process your personal data (hereinafter referred to as “data”).
1. Data Controller
The controller in accordance with the General Data Protection Regulation (GDPR) is:
THE FLAG Senior Attendorn GmbH
2. Joint Processing
We process personal data jointly in THE FLAG group of companies to ensure effective internal management of personal data and group systems. To this end, we transfer your data to companies affiliated with us in accordance with section 18 et seq. of the German Stock Corporation Act (AktG), or process the data in systems that are jointly operated together with the companies affiliated with us.
You can view the stakeholders in our group of companies here: https://the-flag.de/wp-content/uploads/2021/05/the-flag-gruppe.pdf
The legal basis for the joint processing of data is our overriding legitimate interest in an effective administration and IT infrastructure pursuant to Art. 6 (1) f) GDPR.
We are jointly responsible together with our affiliated companies for the processes that are subject to joint data processing in accordance with Art. 26 GDPR. Accordingly, we have set out the internal authorities and responsibilities in a binding contract.
The information requirements under the GDPR will be fulfilled by the company that you contact first.
We have assigned the fulfilment of data subject rights internally to RMBC GmbH, which you can contact at firstname.lastname@example.org. You can also contact us at any time if you have any queries or would like to exercise your data protection rights using the contact details in section 1. We will then forward your query internally to the relevant department.
The specific processes that are covered by joint processing are indicated accordingly below.
3. General Information on data processing
We process data within the scope of our business and website operations.
This also includes disclosure in the form of transfer to third parties and, if necessary, to third countries outside the European Union (EU) and the European Economic Area (EEA). Insofar as we transfer data outside the EU or the EEA, we have indicated this accordingly below.
4. Data processing
The individual data affected, processing purposes, legal bases, recipients and transfer to third countries are stated below:
You can find information of a general nature on data processing on our website at https://the-flag.de/datenschutzerklaerung/.
b) Contacting us
If you contact us, we process the following data about you for the purpose of processing and handling your enquiry: Name, contact information – if you have provided it – and your message.
The legal basis for processing your data is our obligation to fulfil a contract and/or to fulfil our pre-contractual obligations pursuant to Art. 6 (1) b) GDPR and/or our overriding legitimate interest in processing your request pursuant to Art. 6 (1) f) GDPR.
This processing is carried out within the scope of joint responsibility set out in section 2 of this Data Protection Policy.
c) Contacting us for job applications
If you contact us to submit a job application, e.g. by e-mail or through a contact form, your data (e.g. name, e-mail address, requested place of work), your message and job application documents are processed for the sole purpose of processing and handling your job application.
The legal basis for these data processing activities is section 26 of the Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG), which states that data may be processed which are required in connection with making a decision about concluding an employment contract with an applicant.
Should the data be required once the application process has been completed, i.e. for litigation purposes, the data may be processed to maintain our legitimate interests in accordance with Art. 6 ( 1) f) GDPR, namely for the assertion and/or defence of claims.
d) Inclusion in our pool of applicants
If you wish, we can include your application profile in our pool of applicants so that we can consider and invite you to apply for suitable vacancies. The legal basis for inclusion in our applicant pool is your consent pursuant to Art. 6 (1) a) GDPR.
e) Contract processing
We process the data relating to your rental agreement in order to manage the contractual relationship between you and our company.
The legal basis for processing these data is the fulfilment of our contractual obligations in accordance with Art. 6 (1) b) GDPR, and in individual cases, the fulfilment of our statutory obligations pursuant to Art. 6 (1 c) GDPR.
This processing is carried out within the scope of joint responsibility set out in section of this Data Protection Policy.
f) Information provided by the tenant themselves for accommodation rentals
In order to assess your reliability and credit rating as a future tenant, we, the landlord, require that you disclose corresponding confidential information. We process the following data in this respect, if provided by you: name, address, proof of income.
The legal basis for processing data in the context of information provided by the tenant themselves is our legitimate interest pursuant to Art. 6 (1) f) GDPR in order to ensure that the prospective rental relationship can be conducted and managed properly. In addition, this gives us the opportunity to assess whether the accommodation offered meets your needs as a prospective tenant.
g) Client account
We process your master data (name, address, e-mail address, bank details) and user-related data (user name, password) in connection with the opening and use of a client account. This enables you to manage your orders and requests and we can identify you as a client. The legal basis for processing these data is your consent pursuant to Art. 6 (1) a) GDPR.
h) Waiting list registration
As a prospective tenant, you can have your tenant profile added to our waiting list. We will contact you immediately using the contact details you have provided once accommodation that matches your search becomes available.
The legal basis for registering for waiting lists is your consent pursuant to Art. 6 (1) a) GDPR.
j) Video surveillance in our properties
We occasionally use video surveillance in our properties. The monitored areas are marked with the following pictogram and information:
We use video surveillance to protect against burglaries and vandalism. The legal basis for this is our legitimate interest in accordance with Art. 6 (1) lit. f GDPR regarding the protection of property against vandalism. All persons present in the marked area are recorded. All recordings are automatically deleted after 72 hours.
5. Data retention period
We store your personal data only as long as it is required for the purposes for which it is processed or until you withdraw your previous consent for us to do so. The retention period for certain data may be up to 10 years in the event of us having to comply with statutory retention periods, regardless of the processing purposes.
6. Your right as the data subject
You can request free-of-charge information on all of your personal data that we have stored at any time.
b) Correction, deletion and restriction of processing (block), objection
Should you no longer agree to the storage of your personal data, or should your data have become incorrect, we shall initiate its deletion or block upon your corresponding request or make the respective corrections (if this is possible in accordance with the applicable laws). The same applies if you wish for us to restrict the processing of your data in the future. You have the right to object, in particular, if your data is required for the performance of a task that is in the interest of the public or in our legitimate interest as well as any profiling based thereon. You also have the same right to object to data processing for the purpose of direct advertising.
c) Right to revoke your consent with future effect
You may revoke any consent you have already given with future effect at any time. Revoking your consent will not affect the legitimacy of the processing up to the point when you revoke your consent.
d) Data transferability
You may exercise your right to transfer your data in cases where they are processed on the basis of a contract, pre-contractual negotiations, consent or by automated means. Upon request, we will provide you with your data in a standard, structured and machine-readable format to enable you to transfer them to another data controller if you so wish.
e) Restriction of processing
The above rights do not apply to data that we cannot use for identifying the data subject, such as data that has been anonymised for analysis purposes. Information, deletion, blocking, correction and transfer to another company with regard to this data may be possible if you provide us with additional information that enables us to identify the data subject.
f) Assertion of your rights as a data subject and right of complaint
Should you have questions regarding the processing of your personal data as well as information on, the correction, blocking and deletion of, and objection to data, or wish to transfer the data to another company, please contact email@example.com.
You may also submit a complaint to a supervisory authority with regard to your rights as a data subject.