Thank you for visiting the homepage of Quartillion and for taking an interest in our student apartments. We would like you to know that data protection and data security have a particularly high priority for us. This includes, of course, the protection of your personal data.
With this in mind, we will brief you in the sections below on relevant issues in accordance with Art. 13, EU General Data Protection Regulation (GDPR), or, whenever no data are directly collected, in accordance with Art. 14, GDPR.
We will therefore explain below which data we process for what purpose, and tell you what rights you have in this context, among other subjects. This Data Protection Statement applies to the processing of your personal data when you visit our homepage, especially if you are an interested party seeking to rent one of our student apartments, but also if you already are one of our tenants.
The responsible entity within the meaning of Art. 4, No. 7, GDPR, is:
Trei Real Estate GmbH
- Quartillion -
Phone.: +49 211 54011-000
For details about the responsible party, please see the Legal Notice (Imprint).
Data protection officer:
Tengelmann Audit GmbH
An der Pönt 45
Personal data will only be processed to the extent necessary for a given purpose, or if you expressly consent to such processing. Processing is principally based on the following lawful bases:
- Art. 6, Sec. 1, Letter a, GDPR (consent of the person concerned)
- Art. 6, Sec. 1, Letter b, GDPR (execution of a contractual relationship with the person concerned, pre-contractual measures at the request of the person concerned)
- Art. 6, Sec. 1, Letter c, GDPR (fulfilment of a legal obligation by our Company)
- Art. 6, Sec. 1, Letter d, GDPR (protection of vital interests of the data subject or of another natural person)
- Art. 6, Sec. 1, Letter e, GDPR (performance of a task in the public interest or in the exercise of official authority)
- Art. 6, Sec. 1, Letter f, GDPR (protection of a legitimate interest of our Company or of a third party, provided that the interests, fundamental rights and freedoms of the data subject, which require the protection of personal data, prevail (balancing of interests)).
Whenever consent constitutes the lawful basis for processing personal data, you can revoke your consent at any time without stating your reasons. Principally, revoking your consent is only effective for the future. Revoking your declaration of consent will therefore not render prior processing unlawful that preceded our receipt of the revocation of your consent.
We are firmly committed to ensuring end-to-end protection of your personal data on this website. Despite all technical and organisational measures taken by us, security gaps can sadly never be ruled out completely during the electronic transmission of data via the Internet. That is why we always give you the option to submit your required data by phone or via postal letter.
Rights of Persons Affected
To the extent that we process your personal data, you have the following rights in regard to our processing of your personal data, which you may assert against us at any time. Specifically, you have the right to demand
- information on, or the
- limited processing,
- deletion or
- release (data portability) of, your data.
In addition, you have the right to object to the processing of your data vis-à-vis the responsible party if such processing serves the purposes of direct marketing or profiling. You also have the right to object if the processing is done on the basis of a balancing of interests or based on a legitimate interest or on a lawful basis pursuant to Art. 6, Sec. 1, Letter e, GDPR.
Whenever the processing is based on your consent pursuant to Art. 6, Sec. 1, Letter a, GDPR, you have the right to revoke your consent with effect for the future at any time. The legitimacy of any data processing performed prior to the revocation remains unaffected by the revocation.
If you wish to assert your rights against us, please use the contact details above to get in touch with the responsible party.
Moreover, you have the right to complain about our processing of your personal data to the competent supervisory authority for data protection.
Unless stated otherwise in the following sections, it is not intended to transfer personal data to third countries or to international organisations.
We use neither profiling nor any other procedure for automated decision making.
Website Visits & Cookies
When visiting the Quartillion homepage purely for information purposes, meaning whenever you are not signed in or transmit information to us in some other way, your Internet browser will, for technical reasons, automatically transmit data to our web server as you access our website. Such data includes the date and time of your access, the URL of the referring website, the file accessed, the quantity of data sent, your browser type and version, your operating system and your IP address.
The purposes of processing the aforementioned data are to deliver the website to your computer/browser, to ensure the proper functioning of the site and to optimise it for the respective user, and also to ensure the safety of our information technology systems. In fact, it would be technically impossible to make our homepage available to you without a certain degree of data processing. These purposes also constitute our legitimate interest in the processing of your data pursuant to Art. 6, Sec. 1, Letter f, GDPR. This standard serves simultaneously as lawful basis for the data processing. The data are stored in so-called log files on our servers, and will be deleted as soon as they have served their purposes and unless the deletion is prevented by legal requirements. In the case of data stored in log files, this tends to be the case after seven days at the latest.
So-called cookies may also be used when you visit our website. A cookie is information that a web server sends to a browser, which the browser in turn sends back when it accesses the same web server later on (this is known as a “browser cookie” or “session cookie”). Technically necessary cookies make it possible to save information between web page requests, and allow a website server to recognise a given visitor’s browser and thus the visitor him- or herself or to remain recognised through the end of a session, in order to make the offer of our homepage technically flawless, secure and user-friendly for visitors. These purposes also constitute our legitimate interest in the processing of your data pursuant to Art. 6, Sec. 1, Letter f, GDPR.
Most of the cookies used by our website are so-called “session cookies.” They are automatically deleted at the end of your visit. These data, too, are stored separately from other data that you enter while using our website. There is no way for us to associate these data with any specific person.
A cookie can only contain information that the web site provider itself sends to the user; it cannot be used to read the user’s private data. Please also note that the cookie contents can only be retrieved by the entity that created the cookie, in this case by us.
In addition, our website uses optional cookies of the service providers detailed below, and these cookies are placed only if you consent to them pursuant to Art. 6, Sec. 1, Letter a, GDPR. If you would like to view and possibly change your settings for these cookies (in particular if you wish to revoke your consent), you may do so by clicking on the respective link below.
The following cookies are used:
You can change or decline your consent at any time by clicking the following link.
Depending on the browser used, you can principally reject the placement of cookies. To do so, you only need to adjust your browser settings. The respective procedure varies from one browser to the next. Again, depending on the browser, you can choose settings that will delete all cookies after you close your browser. Please note, however, that the principal rejection of cookies may limit your use of the features on this and other websites.
Use of Google Analytics
This website uses—assuming your consent—Google Analytics, an advertising analysis service provided by Google LLC (“Google”). Responsible for providing the service in the EU is Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). To this end, we signed a third-party processing agreement with Google. Google LLC is based in California/USA, and US government agencies may access the data stored by Google.
Google Analytics uses so-called “cookies,” i. e. text files placed on your computer, to help our website analyse the ways in which you use it. The information generated by the cookie about your use of the website will generally be transmitted to and stored by Google on servers in the United States. The reports provided by Google Analytics are used to analyse the performance of our website and the success of our marketing campaigns.
We use the function “anonymizeIP” (so-called IP masking): Since IP anonymisation is enabled on this website, Google will truncate your IP address in advance within any member state of the European Union or within any other member state of the Treaty on the European Economic Area. Only in exceptional situations will your full IP address be transmitted to a Google server in the United States and truncated there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for the website operator and providing other services relating to website activity and Internet usage.
The IP address submitted by your browser within the framework of Google Analytics is not merged with other data by Google. The data collected during your visit of our homepage includes, without being limited to:
- the pages you have called up, your “click trail”
- website targets achieved (conversions, e. g. registrations)
- your use pattern (e. g. clicks, dwell time, bounce rates)
- your approximate location (region)
- your IP address (in truncated form)
- technical details about your browser and the endpoint you use (e. g. language setting, screen resolution)
- your Internet provider
- the referrer URL (the website/advertising media from which you transferred to your website)
The data sent by us and linked to cookies are automatically deleted after 14 months. The data whose retention period has expired are automatically deleted once a month.
You can prevent the collection of data generated by our cookie and related to your use of our website (including your IP address) by Google and can also keep Google from processing these data by
- a. withholding your consent to the placement of cookies,
- b. downloading and installing the browser add-on for disabling Google Analytics here or
- c. preventing the placement of cookies in general via the relevant settings of your browser software (although doing so may limit your use of the features of this and other websites).
The lawful basis for this processing of personal data is your consent pursuant to Art. 6, Sec. 1, Sent. 1, Letter a, GDPR, or (in case the data are transmitted to the United States) pursuant to Art. 49, Sec. 1, Letter a, GDPR. You may revoke your consent at any time with effect for the future by calling up your Cookie Settings and changing them as needed.
This website uses the Google Maps service. It is provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The service enables us to display interactive maps directly on our website and lets you use the map function at your convenience. It is integrated into our website via a Java Script API.
Use of Google Maps, and thus the processing of personal data by Google Maps, is not possible unless you have consented to it through the cookie settings on this page (“Marketing” category). The lawful basis for this processing of personal data is your consent pursuant to Art. 6, Sec. 1, Sent. 1, Lit. a, GDPR, or (in case the data are transmitted to the United States) pursuant to Art. 49, Sec. 1, Lit. a, GDPR. You may revoke your consent with effect to the future via the same cookie settings at any time.
As a result of using Google Maps, Google will receive information that the corresponding (sub)page of our website was called up while also receiving the associated IP address. This will happen regardless of whether Google provides a user account through which you are logged in or whether no such user account exists. If you are signed into a Google service, your data will (probably) be directly associated with your account. If you do not wish to be associated with your profile on Google, you should log out of your Google account before clicking the button. Google stores the data collected about you in the form of a user profile and uses it for advertising purposes, market research and/or the need-based design of its websites. The purpose of such an analysis is specifically to generate customised advertising (even for users not logged in). You have a right to object to the creation of such a user profile, but you will have to contact Google directly to exercise that right.
The aforesaid personal data will be transferred to the United States during the use of Google Maps. Please note that the United States are classified as a so-called third country under current data protection legislation, and are subject to different statutory data protection regulations, so that the legally required level of data protection may be lower than that in the European Union. In addition to Google, government agencies may also gain access to this data under US law if certain legal conditions are met. This is regrettably not subject to our influence.
For more information on the purpose and scope of the collection of data and their processing by the provider of Google Maps, please see the provider’s data protection statements. If you do, Google will also provide more details about your rights and privacy settings (third-party link): http://www.google.com/policies/privacy.
In addition to the general and basic information provided above, the sections below will brief you on the processing of personal data in the context of your application for an apartment and within the framework of an existing tenancy:
If you wish to apply for a lease to an apartment (the “Applicant” button) or if you wish to request a viewing appointment for an apartment (the “Prospect” button), you will necessarily have to provide personal data to let us process your tenancy request. Such data include general information about your person and contact details like your name, address or e-mail address. In order to process your concrete tenancy request, we will need additional details, which you may submit via a self-disclosure form, substantiated by supporting evidence. You have the option to upload the documents or to send them in via postal letter.
We will process your data for the purpose of handling your request and signing a lease with you. We also need your data for the purposes of running a credit check on you and to review the local conditions to ensure they are adequate for the intended use.
The lawful basis for processing your data for the above purposes is the execution of the lease agreement or pre-contractual measures in accordance with Art. 6, Sec. 1, Letter b, GDPR, as well as our legitimate interest in accordance with Art. 6, Sec. 1, Letter f, GDPR, to minimise the risk of payment defaults by tenants through a qualified selection of applicants, to ensure the optimal use of the apartments, and to complete the processes involved as efficiently and effectively as possible. If you volunteer optional information when entering your data, you thereby consent to the processing of such data by us. Processing of your optional information is done on the lawful basis of your consent pursuant to Art. 6, Sec. 1, Letter a, GDPR.
In the context of your application, we use the so-called “double-opt-in procedure” unless your e-mail address was previously verified already. Once you have filled in the input masks, you will receive an e-mail from us, asking you to confirm your e-mail address by clicking a link. Your data will not be transmitted to us until you click the link. If you fail to click our confirmation link within a 7-day period, all your entries will be deleted and the request will not be processed. You will subsequently be given the opportunity to create a user account. Having your own account will enable you to process the uploaded data autonomously or inversely to delete all records as well as the account itself.
Just before the start of your lease term, at the latest, you will need to verify your data by presenting a government-issued photo ID.
Once you signed a lease agreement, you may use the tenant portal to take care of various things. Services such as the use of the notice board may require the entry of personal data (e. g. when carpooling); yet the decision to do so is always up to the user. In case of room reservations, the tenant portal will display your first name plus the initial of your last name. Your tenant ID is known to the property management for the sake of tracing damages (see “Disclosure to Any Third Party).
In the context of an existing tenancy, your data will be processed primarily for the purpose of executing the lease agreement, for administrative purposes, in conjunction with current maintenance, repairs and the further development of the properties/apartments or else to meet legal obligations. On top of that, asserting, exercising or defending legal claims may also necessitate processing of your data. Tenant data may also be processed in conjunction with possible processes related to internal quality assurance, compliance audits or internal audits.
The lawful basis for processing personal data to execute a lease agreement is Art. 6, Sec. 1, Letter b, GDPR, while the lawful basis for processing personal data to meet legal obligations is Art. 6, Sec. 1, Letter c, GDPR. Another legitimate interest in accordance with Art. 6, Sec. 1, Letter f, GDPR, is our right to examine, assert, exercise and defend legal claims. In accordance with Art. 6, Sec. 1, Letter f, GDPR, we also have a legitimate interest to carry out internal quality assurance measures, compliance audits or internal audits in order to maintain the necessary quality standard to ensure efficient and effective processes, to ensure compliance with the legal parameters, to prevent cases of fraud and abuse, and to guarantee IT and network security. Another lawful basis for such measures in accordance with Art. 6, Sec. 1, Letter c, GDPR, is constituted by certain legal obligations.
In the context of the management, maintenance, repairs and development of the property/apartments or associated facilities, the lawful basis is constituted, on the one hand, by the obligation to fulfil the lease agreement in accordance with Art. 6, Sec. 1, Letter b, GDPR (obligation of continuous provision and maintenance of the leased property). On the other hand, another lawful basis for processing the personal data toward this end is constituted by our legitimate interest in accordance with Art. 6, Sec. 1, Letter f, GDPR, to preserve and increase the value of our properties and to efficiently manage them.
When contacting us (using the contact form), your data will be stored and used for the purpose of processing your request. Your entries in the designated required fields are necessary for processing your request for information (including first and last name, e-mail address, request, your note to us), while all other disclosures are made at your discretion. Your data will be stored for the duration of processing your request and will be deleted after having served this purpose, subject to statutory retention periods that may apply.
If you contact us for the purpose of initiating the heads of terms or of executing a contract, the lawful basis for such processing is Art. 6, Sec. 1, Letter b, GDPR. In addition, Art. 6, Sec. 1, Letter f, GDPR, also qualifies as lawful basis:
The personal data you enter will only be used to contact you or to adequately process your request. Accordingly, we have the necessary legitimate interests in processing your data.
Disclosure to Any Third Party
Your data may be processed by associates of the responsible party as well as by third-party service providers within the scope of the contract initiation and in case of a lease signing. Relevant entities in this context include, for example, IT service providers, property managers, tradesmen, utility companies, network operators or other service companies. Contractual arrangements to ensure confidentiality and compliance with our data protection requirements have been signed with all of our partner companies.
In addition, data may be disclosed to banks (payment processing), authorities, government agencies or other state/public institutions. Depending on a given case, data may also be transmitted to lawyers, auditors or debt collection agencies.
As a matter of principle, we process personal data only for the period of time required for the processing purpose and will delete such data after the purpose has been fulfilled, unless the deletion is prevented by legal obligations to provide supporting evidence or to retain data, or unless legal claims relevant in this respect are asserted.
Data protection when using the myRENZbox parcel locker system.
The following sections provide supplementary data protection information in case you opted for the use of the myRENZbox parcel locker system at the Quartillion.
The general disclosures, e. g. concerning the responsible party, the right to lodge a complaint with the competent supervisory authority and with the data protection officer, remain in place.
The parcel locker system lets you receive parcels even when you are not home. To take advantage of the option, you sign a user agreement with us as the system’s operator while the system is managed by the property management (hereinafter “the Representative”). Creating an account in the online management portal of the parcel locker system will require the entry of your first and last name and of your e-mail address. During subsequent steps, you will have to disclose your data (plus your mobile phone number) to parcel service providers and grant drop-off permissions.
The online management portal for the parcel locker system is operated by the company Erwin Renz Metallwarenfabrik GmbH & Co KG (hereinafter “RENZ”). Within the framework of these activities, RENZ will process personal data on our behalf and for the purpose of using the parcel locker system.
RENZ and the operator’s representative act as commissioned data processor within the meaning of Art. 4, No. 8, GDPR, in this relationship.
1) Which data are processed?
a) User account in the myRENZ portal
Use of the parcel locker system requires a user account in the myRENZ portal.
To create the account in the user administration, your first and last name as well as your e-mail address will be required. Once your data have been submitted, you will receive your access data for the myRENZ portal. Following your first sign-in with your log-in name and password, you will be asked to accept the user agreement with us as the system operator.
You can change your password in the myRENZ portal in the “access data” tab. In the same tab, you will have to enter your landline number or alternatively your mobile phone number, which will be used, e. g., for text messages. You may also review the user agreement and the data protection statement here.
Required fields in the “user data” tab include the boxes “first name,” “last name,” “e-mail address” and “landline number” (or “mobile number”). Optional fields include, e. g., “salutation” or “comfort zone” (parcel lockers on a handicap-accessible level), and you may delete data of this type at your discretion any time.
To receive parcels via DHL and Parcellock (dpd, gls and Hermes) you need to have a user account with these providers and grant drop-off permissions to them. The “Logistics” tab is used to integrate parcel service providers. Here, your residential data, assuming you entered them, will be transmitted to the logistics service provider when you enable the process and will be deleted if you disable it again.
Go to the “history” tab to view your entire history of deliveries or collections. This tab will process information about the parcel service provider and the access procedures for each parcel locker. Such information includes particularly the date and time of access, the time spent accessing the locker, and the access authorisation used.
b) Processing Steps by the Operator or its Representative
As operator of the system, we or our manager will process the data for the (remote) management of the parcel lockers system, for the issuance of access authorisations to users and their suspension, for monitoring state and functionality of the system, for service notifications, as well as for enabling and disabling logistics processes.
c) Processing Routines Used by RENZ on Behalf of the Operator
RENZ will process the data on behalf of the operator for the purpose of analysing the utilisation rate of the system, the lockers, and the number of deliveries / collections. Moreover, RENZ processes personal data that are made available in conjunction with personal communication (e. g. via e-mail, fax or the online form available for this purpose) with RENZ via the stated contact options, again for the purpose of processing the submitted request. The responsible party for these data is RENZ.
d) Anonymised User Statistics
In order to retain the ability to adapt the services to user needs in the future, and in order to ensure the trouble-free use of the parcel locker system, user statistics may be collected in anonymised form.
This includes statistics on incoming / outgoing deliveries by date / time, total occupancy of parcel lockers of each size by service provider, and total occupancy of parcel lockers of each size.
2) Purpose and Lawful Basis for the Data Collection
Your data will be processed exclusively in connection with your use of the parcel locker system.
The lawful basis for processing your data is the execution of the agreement or of pre-contractual measures (Art. 6, Sec. 1, Letter b, GDPR), as well as the consent optionally granted for some of the data in the administrative portal and there in the “user data” tab (Art. 6, Sec. 1, Letter a, GDPR), which consent may be revoked with effect for the future at any time by deleting such data.
In conjunction with item d) under number 1), above, personal data may possibly be processed on the basis of our legitimate interest to ensure a smooth operation or use of the parcel locker system and to be able to check the cost effectiveness of providing the parcel locker system (Art. 6, Sec. 1, Sent. 1, Letter f, GDPR).
3) Who will Have Access to Your Data?
Your personal data may be transmitted to the following recipients:
- the operator’s employees and its representative for the parcel locker system
- RENZ employees in conjunction with the administration, maintenance and expansion of our portal
- logistics service providers and their employees
- providers of service amenities, software development, help desk services (third-party processing)
There is no intention to transfer your data to recipients in countries outside the European Union or the Treaty on the European Economic Area where the level of data protection cannot simply be assumed to be comparable with that of the European Union.
4) Retention Periods
Your data will be deleted 14 days after the termination of your user agreement or your revocation of the agreement, provided that doing so does not conflict with any statutory retention periods and / or longer retention period is necessary to meet statutes of limitation.
The user agreement begins with your consent and for an indefinite period. The user agreement will automatically end together with the termination of your tenancy or else can be terminated by either party during the tenancy at the end of each month, subject to a two-week notice period.
Our data protection statement and our accountability and liability in this context principally do not extend to third-party websites to which we set links or to which you are redirected. Nor are we, in the context of third-party websites, responsible for any data processing undertaken by the operators of these websites.
as of February 2021
Reservation of Right of Modification
Trei Real Estate GmbH, as operator of the website, reserves the right to change security and data protection measures whenever doing so becomes necessary, for instance in response to technological advances. In such cases, we will also adapt our notes on data protection accordingly. Please be sure therefore to take note of the latest version of our Data Protection Statement as amended.