Privacy statement

We care about protecting your privacy when you use our website or the Run this place app. Therefore, below we tell you about how we collect anonymous and personal data.

1. Provider / controller within the meaning of data protection 

Union Investment Real Estate Digital GmbH
Johannes-Brahms-Platz 1 20355 Hamburg
Email: info@run-this-place.com
Registration court: Hamburg Local Court (Amtsgericht Hamburg), commercial register B 162153
Board of Directors: Dr. Lars Scheidecker, Frederik Nieß
Supervisory Board Chairman: Dr. Gunter Haueisen

2. Data protection officer

ecolaw Gesellschaft für Datensicherheit und Datenschutz mbH, represented by the managing director Mr Florian König
Roseggerstraße 1, D-38440 Wolfsburg
Tel. +49 (0)5361 27 29 293
Fax +49 (0)5361 27 29 296
datenschutz@ecolaw.de
www.ecolaw.de
entered in the commercial register of the Braunschweig Local Court under HRB 203444

3. Competent supervisory body

The Hamburg Officer for Data Protection and Freedom of Information, Ludwig-Erhard-Str 22, 7. OG, 20459 Hamburg, Tel.: 040 / 428 54 – 4040, Fax: 040 / 428 54 – 4000, Email: mailbox@datenschutz.hamburg.de

4. General

We save and process your personal data (e.g. title, name, address, email address, vehicle registration) in compliance with the applicable legal data protection provisions, especially REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (Text with EEA relevance), the German Federal Data Protection Act (BDSG) and other data-related laws [e.g. the Telemedia Act (TMG)].

In accordance with the GDPR and other regulations, data processing and use are only permissible if explicitly permitted by the GDPR or another legal regulation or if the data subject gives their consent (prohibition with reservation of authorisation). Under these legal bases, data processing and use are particularly only permissible, if

a) the data subject has given consent to the processing of his or her personal data for one or more specific purposes;

b) processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;

c) processing is necessary for compliance with a legal obligation to which the controller is subject;

d) processing is necessary in order to protect the vital interests of the data subject or of another natural person;

e) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

f) processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

Accordingly, we only use and process your personal data in the permissible context of contract processing or if you have given your informed consent.

We generally do not pass on your personal data including your address and your email address to third parties. This excludes service partner who require transmission of the data to process the contractual relationship or if we have explicitly notified you of this. However, in such cases, the scope of the disclosed data is always limited to the absolute minimum amount of data required. For example, this relates to the vehicle registration assigned to you which we must pass on to the gate to the respective property.

5. Anonymous data collection

You can generally visit our website without telling us who you are. We only learn

  • the name of your internet service provider
  • the website from which you visit us (referrer URL)
  • the pages of our website that you visit
  • the data and time of the visit as well as the transferred data volume
  • report that the access was successful
  • browser type and version of the inquiring computer/ end device
  • the operating system of the inquiring computer/ end device
  • the IP address of the inquiring computer/ end device 

This information is only evaluated for statistical purposes. You as an individual user will generally remain anonymous and your personal data will of course not be merged, except where you have given your explicit consent or one of the cases listed below applies.

6. Collection of personal data when visiting our website or using our services generally

We generally only collect personal data if you provide these voluntarily and of your own accord. This can e.g. be by setting up a user account, concluding a contract, taking part in a survey or registering for services where personal data are required during registration (e.g. for orders, special campaigns, sweepstakes, newsletters etc.). In such cases, we generally only collect the data which we are legally authorised to collect and which are necessary to perform the services that you have requested (these are, e.g. for setting up a user account, your name, address, telephone number, email address and vehicle registration; or for signing up for a newsletter, only your email address). When we collect your personal data (e.g. via a contact or order form), you only ever need to enter the required data. Required data fields are marked with a star. Any additional data that you enter are provided voluntarily and you do not need to disclose these. If you nevertheless choose to enter them, you give your consent as a result of the disclosure to save and process these data for the stated purpose; in some cases, we may also ask for your explicit consent for the purposes under data protection law which require explicit consent which you may of course grant voluntarily, which is not bound to any further conditions and which you may revoke at any time for the future.

In order to ensure the highest possible security for your data, we will transmit this in an encrypted format using SSL/TLS encryption. This is to prevent abuse of the data by third parties. We exclusively save and process your data on servers in the European Union. They are not generally transmitted to third countries, except where we are authorised and/or obligated to do so based on a legal provision or if you have explicitly given your prior consent. But such cases will also be clearly marked in each case.

7. Data processing for contract performance

7.1 Purpose of the processing

You e.g. provide your personal data when you set up a user account. These are normally your name and email address as well as the shared vehicle registration. If you have not been assigned a space (e.g. by your employer or property), and you conclude a rental agreement with us for a space, we will ask for your personal data which are needed to conclude a contract. In this context, all information marked with a star is required information which is needed to conclude a contract with us. Of course you are not obligated to provide your personal data. But we cannot provide the requested service (e.g. contract performance) if you do not provide the required data (e.g. your address when concluding a contract). We generally use professional payment service providers that process the payment directly with you. In this context, the data protection provisions of the respective service provider apply who will be solely responsible for handling your data. In this case, we only receive a confirmation of payment. If we use our own payment process, you will be notified of this and informed of the use of your data. For some payment processes, we need the required payment information in order to pass these on to a payment service provider commissioned by us. In other words, the data entered during the order process are always processed for the purpose of contract performance.

For access to the respective properties, we use a technology provided by a service provider which identifies the vehicle registration that you have entered and we have saved. In this context, your vehicle registration is encrypted and sent to the IoT cloud of the company Bosch.IO GmbH, Ullsteinstrasse 128, 12109 Berlin, Germany; email: privacy@bosch.io, Tel.: +49 30 726112-0, where it is encrypted and saved. So-called car readers have been installed on the respective properties which use the latest security benchmarks to access the authorisation database using encryption and thus identify which registration is authorised to enter. The vehicle registrations are not saved on the reader devices and are also not publicly accessible otherwise.

7.2 Legal bases

The legal basis for this processing is Art. 6 para. 1 b) GDPR.

7.3 Recipient categories

Payment service provider
Property operator
Service provider for vehicle registration identification

Your personal data are not passed on to third parties except for the purposes listed below. In particular, without your consent, the data are not passed on to third parties e.g. for the purpose of advertising. We only pass on your personal data to third parties if you have given your explicit consent pursuant to Art. 6 para. 1 S. 1 lit. a) GDPR; this is necessary pursuant to Art. 6 para. 1 S. 1 lit. b) GDPR to process contractual relationships with you, e.g. to credit institutions to process the contractually agreed payments or, in case of non-performance of contractually agreed payments, to solicitors and legal service companies for the purpose of legal enforcement; the transfer is due to a legal obligation pursuant to Art. 6 para. 1 S. 1 lit. c) GDPR; or the transfer is necessary pursuant to Art. 6 para. 1 S. 1 lit. f) GDPR to assert, execute or defend against legal claims and there is no reason to assume that you have an overriding interest worthy of protection in your data not being transferred.

7.4 Storage duration

We save the data required for contract performance until the end of the statutory warranty periods and, if applicable, any contractual warranty periods. We save the data required under trade and tax law for the statutory periods, normally ten years (see § 257 HGB, § 147 AO). We delete email address which we only receive for sending the newsletter immediately when you unsubscribe from the newsletter.

8. Use of cookies

We use cookies in order to make your visit to our website more attractive and to enable you to use certain functions. Cookies are small text files which are saved on your computer. Most cookies used by us are deleted from your hard drive after the end of the browser session or when you log out (so-called session cookies). Other cookies stay on your computer and allow us to identify your computer on your next visit (so-called persistent cookies). Persistent cookies are saved for varying durations. When you visit our website for the first time, you will be shown a pop-up (a so-called cookie manager) with an explanation of the cookies used by us. By clicking on "All cookies", you give your consent that all cookies and plugins described in this cookie manager and in this privacy statement may be used. You can disable the use of cookies in your browser at any time. Please note that this may mean that our website may not work properly. You can amend your chosen settings in the cookie manager at any time.

The following overview shows you the necessary or functional cookies which we use on our website. Necessary cookies can be identified by the fact that they are necessary to use a website and ensure its functionality. They enable basic functions such as page navigation and saving of goods in the shopping basket until you complete the purchase or leave the site. The legal basis for this processing is Art. 6 para. 1 f) GDPR.

Name Provider Purpose Cookie duration
__cid Datadog Analatics 3 months
dogwebu Datadog Analatics 3 days
__zlcmid  Datadog Analatics 1 day
intercom-session Datadog Analatics 7 days
__dd_s Datadog Analatics 2 days

 

If you want to amend your saved cookie selection and, if applicable, withdraw your consent granted in the past for the future, you can make these changes in our cookie consent manager at any time. Alternatively, you can manually manage the settings for the use of cookies in your browser and delete cookies. Please note that your consent/ rejection status to cookies on our website is also stored in a cookie on your end device. If you delete all cookies, during your next visit to our website, you will again be asked to edit your cookie settings. You can find precise instructions for how to amend cookie settings for the most common browser types under the following links:

Mozilla Firefox

Microsoft Edge

Microsoft Internet Explorer

Google Chrome

Apple Safari

Opera

9. Data in the context of using iOS devices

If you use a device with iOS, such as your iPhone, your end device sends us the following data:

Diagnostics

Crash Data

Such as crash logs

Performance Data

Such as launch time, hang rate, or energy use

Other Diagnostic Data

Any other data collected for the purpose of measuring technical diagnostics related to the app

Data use

Analytics

Using data to evaluate user behavior, including to understand the effectiveness of existing product features, plan new features, or measure audience size or characteristics

App functionality Such as authenticate the user, enable features, prevent fraud, implement security measures, ensure server up-time, minimize app crashes, improve scalability and performance, or perform customer support

10. Google Firebase

In our app, we use the service "Firebase" to integrate various functionalities which is provided by the Google subsidiary of the same name, Firebase, located in San Francisco, California, USA. Google has its EU headquarters at Google Ireland Limited (Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland; below called "Google"). Our application uses the following Firebase tools:

- Firebase Crashlytics to track app crashes and for defect correction and bug fixing

- Firebase Cloud Messaging for the receipt of requested push notifications

We hereby point out that Google may also process your data in the USA which, according to the ruling of the European Court of Justice (ECJ), is not currently protected by an appropriate security level for data transfers. This involves a certain level of risk for your data. According to Google, any data transfers to the USA comply with the provisions of the underlying standard data protection clauses of the EU Commission.

For more information about data protection and data use by Google, please see the following Google website: Google.

For more information about data protection and data use by Firebase, please see the following link here.

a) Firebase Crashlytics

Our application uses the tool "Firebase Crashlytics" which generates error reports if the app crashes. By analysing anonymised crash reports, we can improve the stability and reliability of our app. This helps us to optimise our app and contributes to improving user experience.

In order to be able to provide us with anonymised crash reports, Firebase Crashlytics records information in the event of a crash or malfunction of the app and transmits this to Google servers in the USA.

This can e.g. be the following information:

- time stamp when the respective app was launched and when a crash occurred

- information about the status of the app at the time of the crash

- information about the installation UUID and the crash trace

- information about the device type, operating system version and the manufacturer of the mobile device as well as some additional technical data

- last log reports

The crash reports provided to us contain neither the IP address nor any other personal data based on which a user's identity could be traced. Your data are only collected in an anonymised format so that neither Google nor we are able to draw conclusions about your person. The information merely help us to diagnose malfunctions and solve issues in our application. You may object to the use of Crashlytics at any time by preventing the sending of error reports in the app settings.

The legal basis for this processing is Art. 6 para. 1 f) GDPR. Our legitimate interest consists in evaluating error reports and thereby be able to correct underlying malfunctions of our application. This requires us to receive and subsequently evaluate corresponding crash reports. It directly serves to further develop the functionality of our service and to ensure the integrity and security of our IT systems.

For more information about data protection and data use by Firebase Crashlytics, please see the following link here.

b) Firebase Cloud Messaging

Our application uses Firebase Cloud Messaging to send push notifications to our users. If you want to receive push notifications from our app, you must actively and independently select this option. The legal basis for this processing is your explicit consent based on Art. 6 para. 1 lit. a) GDPR.

All notifications or access options can be switched on or off in the settings menu later on. If you activate the push functionality, then, based on your explicit consent, your IP address will be sent to the servers of the company Google which operates the push service Firebase Cloud Messaging. Firebase then generates a computed key which is made up of the app ID and your device ID. This key is saved on our push platform with the settings chosen by you in order to make the contents available to you in line with your requests. The Firebase servers cannot draw any conclusions about the enquiries of the users or determine any other data concerning a person. Firebase acts exclusively as the transmitter.

For more information about data protection and data use by Firebase Cloud Messaging, please see the following link: https://firebase.google.com/products/cloud-messaging/

11. Payment service provider (Stripe

In order to be able to implement payment transactions, our website and our services use a solution by the US technology company and online payment service Stripe with headquarters in San Francisco, California, USA. The company's EU headquarters are at Stripe Payments Europe (Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland). If you decide to receive chargeable services from us, your payments will be processed using Stripe Payments. In this context, the data required for the payment process are forwarded to and saved by Stripe. This also includes personal data. We use Stripe Payments so that you payment can be processed quickly and safely on our structures.

The legal basis for this processing of your data is your explicit consent based on Art. 6 para. 1 lit. a) GDPR. The transmitted data are transaction data. Such data e.g. include the payment method (i.e. credit card, debit card and/or IBAN) as well as the currency, amount and data of the payment. During a transaction, your name, email address, customer number with us, invoice or delivery address and sometimes also the course of your transaction may also be transmitted. These data are necessary for Stripe to authenticate your person. In addition, Stripe may, in addition to technical data relating to your device (such as the IP address), also collect your name, address, telephone number and country in order for fraud prevention, financial reporting and to be able to fully offer its services.

The transfer of your data by Stripe to independent third parties (e.g. marketing companies) is prohibited. But the data may be transferred to internal departments, to a limited number of external Stripe partners or for compliance with legal requirements. Stripe also uses cookies to record data. You can find a list of possible cookies under "Use of cookies" in this privacy statement. In the same section, you can also find out how to delete, disable or manage cookies in your browser. But please note that this may mean that the payment process may no longer function without issues.

Personal data are generally saved for the duration of the provision of the service. However, in order to ensure that the legal and official obligations are met, Stripe may also save personal data for the duration of the provision of the service. Since Stripe is a company which trades globally, the data may also be saved in any country in which Stripe offers services. In this context, please note that data may also be saved outside your country, e.g. in the USA. You always have the right to information, rectification and erasure of your personal data. In case of questions, you can contact Stripe directly at any time via Stripe.

For more information about data protection and data use by Stripe, please see the following Webseite.

12. Withdrawing your consent

If you have granted us consent under data protection law for specific data uses and/or services, you can of course withdraw your consent at any time with effect for the future. For this, simply send a message to the following address:

Union Investment Real Estate Digital GmbH
Johannes-Brahms-Platz 1 20355 Hamburg, Germany
Email: info@run-this-place.com
Registration court: Hamburg Local Court (Amtsgericht Hamburg), commercial register B 162153
Board of Directors: Dr. Lars Scheidecker, Frederik Nieß
Supervisory Board Chairman: Dr. Gunter Haueisen

13. Your rights as the data subject

You as the data subject are entitled to various rights concerning your personal data. We as the controller have taken suitable measures to be able to send you as the data subject all information pursuant to Art. 13 and 14 GDPR and all notifications pursuant to Art. 15 to 22 and Art. 34 GDPR which relate to the processing in a precise, transparent, understandable and easily accessible format and in clear and simple language; this applies particularly to information aimed specifically at children. Information is transmitted in writing or in another format, if applicable also electronically. If you request this, the information can also be provided orally, to the extent that you can provide evidence of your identity as the data subject in another way.

Of course you also have the right at any time to demand written or electronic information about the data stored about your person and about its source, the recipient/s to whom the data are sent and the purpose of saving them. Furthermore, you have the right to demand that incorrect data be rectified and, if the legal conditions for this are met, that your data be deleted or blocked. For this, simply send a message to the following address:

Union Investment Real Estate Digital GmbH
Johannes-Brahms-Platz 1
20355 Hamburg, Germany
Email: info@runthisplace.com
Registration court: Hamburg Local Court (Amtsgericht Hamburg), commercial register B 162153
Board of Directors: Dr. Lars Scheidecker, Frederik Nieß
Supervisory Board Chairman: Dr. Gunter Haueisen

In detail, you mentioned the following rights:

13.1 Right to confirmation and information

You can demand a confirmation from us whether we process personal data concerning you.

If we process your data, you can demand details regarding the following information:

a) the purposes for which we process the personal data;

b) the categories of personal data which are being processed;

c) the recipients or categories of recipients to whom the personal data concerning you have been disclosed or are being disclosed;

d) the planned storage duration of the personal data concerning you or, if specific information about this is not available, the criteria for setting the storage duration;

e) the existence of a right to rectification or erasure of the personal data concerning you, a right to a restriction of processing by us or a right to object to this processing;

f) the existence of a right to lodge a complaint with a supervisory authority;

g) all available information about the source of the data if the personal data were not collected from the data subject;

h) the existence of automated decision-making including profiling pursuant to Art. 22 para. 1 and 4 GDPR and – at least in these cases – meaningful information about the logic involved, the scope and the intended effects of such processing on the data subject.

Furthermore, you have the right to demand information about whether the personal data concerning you are transferred to a third country or an international organisation. In this context, you can demand to be notified of suitable guarantees pursuant to Art. 46 GDPR in the context of the transmission.

13.2 Right to rectification

You have the right to rectification and/or completion in relation to us, to the extent that the processed personal data concerning you are incorrect or incomplete. We must of course implement the rectification immediately.

13.3 Right to restriction of processing

Under the following conditions, you can demand a restriction of processing of the personal data concerning you:

a) if you contest the accuracy of the personal data concerning you, for a period which enables us to verify the accuracy of the personal data;

b) if the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;

c) if we no longer need the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims, or

d) if you have objected to the processing pursuant to Art. 21 para. 1 GDPR pending the verification whether our legitimate grounds override yours.

Where processing of the personal data concerning you has been restricted, such data shall – with the exception of storage – only be processed by us or an authorised third party with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

If you have obtained restriction of processing pursuant to the above conditions, we will inform you before the restriction of processing is lifted.

13.4 Right to erasure

13.4.1 Erasure obligation

You have the right to obtain from us the erasure of the personal data concerning you without undue delay and we have the obligation to erase personal data without undue delay where one of the following grounds applies:

a) the personal data concerning you are no longer necessary in relation to the purposes for which they were collected or otherwise processed.

b) you withdraw consent on which the processing is based according to Art. 6 para. 1 lit. a) or Art. 9 para. 2 lit. a) GDPR, and there is no other legal ground for the processing.

c) you object to the processing pursuant to Art. 21 para. 1 GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 para. 2 GDPR.

d) the personal data concerning you have been unlawfully processed.

e) the personal data concerning you have to be erased for compliance with a legal obligation in Union or Member State law to which we are subject.

f) the personal data have been collected in relation to the offer of information society services referred to in Art. 8 para. 1 GDPR.

13.4.2 Informing third parties

If we have made the personal data concerning you public and are obliged pursuant to Art. 17 para. 1 GDPR to erase the personal data, we, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you as the data subject have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.

13.4.3 Exceptions

The right to erasure does not apply to the extent that processing is necessary

a) for exercising the right of freedom of expression and information;

b) for compliance with a legal obligation which requires processing by Union or Member State law to which we are subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in us;

c) for reasons of public interest in the area of public health in accordance with Art. 9 para. 2 lit. h) and i) as well as Art. 9 para. 3 GDPR;

d) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Art. 89 para. 1 GDPR in so far as the right referred to in para. a) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or

e) for the establishment, exercise or defence of legal claims. 

13.5 Right to notification

If you have asserted the right to rectification, erasure or restriction of processing towards us, we are obligated to inform all recipients to whom the data concerning you have been disclosed, of this rectification or erasure of the data or of the restriction of processing, except where this proves to be impossible or would involve disproportionate efforts.

You have the right against us to be notified of these recipients.

13.6 Right to data portability

You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format. You also have the right to transmit those data to another controller without hindrance, where

a) the processing is based on consent pursuant to Art. 6 para. 1 lit. a) GDPR or Art. 9 para. 2 lit. a) GDPR or on a contract pursuant to Art. 6 para. 1 lit. b) GDPR and

b) the processing is carried out by automated means.

In exercising your right to data portability, you have the right to have the personal data transmitted directly from us to another controller, where technically feasible. This must not adversely affect the rights and freedoms of others.

The right to data portability shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.

13.7 Right to object

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Art. 6 para. 1 lit. e) or f) GDPR, including profiling based on those provisions.

We shall then no longer process the personal data concerning you unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or if the processing serves the establishment, exercise or defence of legal claims.

Where the personal data concerning are processed for direct marketing purposes, then you have the right to object at any time to processing of the personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.

Where you object to processing for direct marketing purposes, the personal data concerning you shall no longer be processed for such purposes in future.

In the context of the use of information society services – notwithstanding Directive 2002/58/EC – you may exercise your right to object by automated means using technical specifications.

13.8 Right to withdraw declaration of consent under data protection law

You have the right to withdraw your declaration of consent under data protection law at any time. Revoking your consent does not affect the legality of any processing up to the revocation.

13.9 Automated individual decision-making including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision

a) is necessary for entering into, or performance of, a contract between you and us,

b) is authorised by Union or Member State law to which we are subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or

c) is based on your explicit consent.

However, these decisions must not be based on special categories of personal data referred to in Art. 9 para. 1 GDPR, unless Art. 9 para. 2 lit. a) or g) applies and suitable measures to safeguard your rights and freedoms and legitimate interests are in place.

In the cases referred to in a) and c), we shall implement suitable measures to safeguard your rights and freedoms and legitimate interests.

13.10 Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.

The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Art. 78 GDPR.

14. Email advertising

If you have registered separately for the newsletter, you email address will be used for our own advertising purposes until you unsubscribe from the newsletter. You can unsubscribe at any time without incurring any costs other than transmission costs according to your access provider's base rates. You can unsubscribe at any time directly via the newsletter, or by email to info@runthisplace.com.

15. Further information

If you have any further questions or suggestions relating to our "data protection", or if you want to request information about your data or demand their rectification or erasure, please write to us by email or letter to:

Union Investment Real Estate Digital GmbH
Johannes-Brahms-Platz 1 20355 Hamburg, Germany
Email: info@run-this-place.com
Registration court: Hamburg Local Court (Amtsgericht Hamburg), commercial register B 162153
Board of Directors: Dr. Lars Scheidecker, Frederik Nieß
Supervisory Board Chairman: Dr. Gunter Haueisen

Hamburg, in August 2022

Privacy statement

We care about protecting your privacy when you use our website or the Run this place app. Therefore, below we tell you about how we collect anonymous and personal data.

1. Provider / controller within the meaning of data protection 

Union Investment Real Estate Digital GmbH
Johannes-Brahms-Platz 1 20355 Hamburg
Email: info@run-this-place.com
Registration court: Hamburg Local Court (Amtsgericht Hamburg), commercial register B 162153
Board of Directors: Dr. Lars Scheidecker, Frederik Nieß
Supervisory Board Chairman: Dr. Gunter Haueisen

2. Data protection officer

ecolaw Gesellschaft für Datensicherheit und Datenschutz mbH, represented by the managing director Mr Florian König
Roseggerstraße 1, D-38440 Wolfsburg
Tel. +49 (0)5361 27 29 293
Fax +49 (0)5361 27 29 296
datenschutz@ecolaw.de
www.ecolaw.de
entered in the commercial register of the Braunschweig Local Court under HRB 203444

3. Competent supervisory body

The Hamburg Officer for Data Protection and Freedom of Information, Ludwig-Erhard-Str 22, 7. OG, 20459 Hamburg, Tel.: 040 / 428 54 – 4040, Fax: 040 / 428 54 – 4000, Email: mailbox@datenschutz.hamburg.de

4. General

We save and process your personal data (e.g. title, name, address, email address, vehicle registration) in compliance with the applicable legal data protection provisions, especially REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (Text with EEA relevance), the German Federal Data Protection Act (BDSG) and other data-related laws [e.g. the Telemedia Act (TMG)].

In accordance with the GDPR and other regulations, data processing and use are only permissible if explicitly permitted by the GDPR or another legal regulation or if the data subject gives their consent (prohibition with reservation of authorisation). Under these legal bases, data processing and use are particularly only permissible, if

a) the data subject has given consent to the processing of his or her personal data for one or more specific purposes;

b) processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;

c) processing is necessary for compliance with a legal obligation to which the controller is subject;

d) processing is necessary in order to protect the vital interests of the data subject or of another natural person;

e) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

f) processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

Accordingly, we only use and process your personal data in the permissible context of contract processing or if you have given your informed consent.

We generally do not pass on your personal data including your address and your email address to third parties. This excludes service partner who require transmission of the data to process the contractual relationship or if we have explicitly notified you of this. However, in such cases, the scope of the disclosed data is always limited to the absolute minimum amount of data required. For example, this relates to the vehicle registration assigned to you which we must pass on to the gate to the respective property.

5. Anonymous data collection

You can generally visit our website without telling us who you are. We only learn

  • the name of your internet service provider
  • the website from which you visit us (referrer URL)
  • the pages of our website that you visit
  • the data and time of the visit as well as the transferred data volume
  • report that the access was successful
  • browser type and version of the inquiring computer/ end device
  • the operating system of the inquiring computer/ end device
  • the IP address of the inquiring computer/ end device 

This information is only evaluated for statistical purposes. You as an individual user will generally remain anonymous and your personal data will of course not be merged, except where you have given your explicit consent or one of the cases listed below applies.

6. Collection of personal data when visiting our website or using our services generally

We generally only collect personal data if you provide these voluntarily and of your own accord. This can e.g. be by setting up a user account, concluding a contract, taking part in a survey or registering for services where personal data are required during registration (e.g. for orders, special campaigns, sweepstakes, newsletters etc.). In such cases, we generally only collect the data which we are legally authorised to collect and which are necessary to perform the services that you have requested (these are, e.g. for setting up a user account, your name, address, telephone number, email address and vehicle registration; or for signing up for a newsletter, only your email address). When we collect your personal data (e.g. via a contact or order form), you only ever need to enter the required data. Required data fields are marked with a star. Any additional data that you enter are provided voluntarily and you do not need to disclose these. If you nevertheless choose to enter them, you give your consent as a result of the disclosure to save and process these data for the stated purpose; in some cases, we may also ask for your explicit consent for the purposes under data protection law which require explicit consent which you may of course grant voluntarily, which is not bound to any further conditions and which you may revoke at any time for the future.

In order to ensure the highest possible security for your data, we will transmit this in an encrypted format using SSL/TLS encryption. This is to prevent abuse of the data by third parties. We exclusively save and process your data on servers in the European Union. They are not generally transmitted to third countries, except where we are authorised and/or obligated to do so based on a legal provision or if you have explicitly given your prior consent. But such cases will also be clearly marked in each case.

7. Data processing for contract performance

7.1 Purpose of the processing

You e.g. provide your personal data when you set up a user account. These are normally your name and email address as well as the shared vehicle registration. If you have not been assigned a space (e.g. by your employer or property), and you conclude a rental agreement with us for a space, we will ask for your personal data which are needed to conclude a contract. In this context, all information marked with a star is required information which is needed to conclude a contract with us. Of course you are not obligated to provide your personal data. But we cannot provide the requested service (e.g. contract performance) if you do not provide the required data (e.g. your address when concluding a contract). We generally use professional payment service providers that process the payment directly with you. In this context, the data protection provisions of the respective service provider apply who will be solely responsible for handling your data. In this case, we only receive a confirmation of payment. If we use our own payment process, you will be notified of this and informed of the use of your data. For some payment processes, we need the required payment information in order to pass these on to a payment service provider commissioned by us. In other words, the data entered during the order process are always processed for the purpose of contract performance.

For access to the respective properties, we use a technology provided by a service provider which identifies the vehicle registration that you have entered and we have saved. In this context, your vehicle registration is encrypted and sent to the IoT cloud of the company Bosch.IO GmbH, Ullsteinstrasse 128, 12109 Berlin, Germany; email: privacy@bosch.io, Tel.: +49 30 726112-0, where it is encrypted and saved. So-called car readers have been installed on the respective properties which use the latest security benchmarks to access the authorisation database using encryption and thus identify which registration is authorised to enter. The vehicle registrations are not saved on the reader devices and are also not publicly accessible otherwise.

7.2 Legal bases

The legal basis for this processing is Art. 6 para. 1 b) GDPR.

7.3 Recipient categories

Payment service provider
Property operator
Service provider for vehicle registration identification

Your personal data are not passed on to third parties except for the purposes listed below. In particular, without your consent, the data are not passed on to third parties e.g. for the purpose of advertising. We only pass on your personal data to third parties if you have given your explicit consent pursuant to Art. 6 para. 1 S. 1 lit. a) GDPR; this is necessary pursuant to Art. 6 para. 1 S. 1 lit. b) GDPR to process contractual relationships with you, e.g. to credit institutions to process the contractually agreed payments or, in case of non-performance of contractually agreed payments, to solicitors and legal service companies for the purpose of legal enforcement; the transfer is due to a legal obligation pursuant to Art. 6 para. 1 S. 1 lit. c) GDPR; or the transfer is necessary pursuant to Art. 6 para. 1 S. 1 lit. f) GDPR to assert, execute or defend against legal claims and there is no reason to assume that you have an overriding interest worthy of protection in your data not being transferred.

7.4 Storage duration

We save the data required for contract performance until the end of the statutory warranty periods and, if applicable, any contractual warranty periods. We save the data required under trade and tax law for the statutory periods, normally ten years (see § 257 HGB, § 147 AO). We delete email address which we only receive for sending the newsletter immediately when you unsubscribe from the newsletter.

8. Use of cookies

We use cookies in order to make your visit to our website more attractive and to enable you to use certain functions. Cookies are small text files which are saved on your computer. Most cookies used by us are deleted from your hard drive after the end of the browser session or when you log out (so-called session cookies). Other cookies stay on your computer and allow us to identify your computer on your next visit (so-called persistent cookies). Persistent cookies are saved for varying durations. When you visit our website for the first time, you will be shown a pop-up (a so-called cookie manager) with an explanation of the cookies used by us. By clicking on "All cookies", you give your consent that all cookies and plugins described in this cookie manager and in this privacy statement may be used. You can disable the use of cookies in your browser at any time. Please note that this may mean that our website may not work properly. You can amend your chosen settings in the cookie manager at any time.

The following overview shows you the necessary or functional cookies which we use on our website. Necessary cookies can be identified by the fact that they are necessary to use a website and ensure its functionality. They enable basic functions such as page navigation and saving of goods in the shopping basket until you complete the purchase or leave the site. The legal basis for this processing is Art. 6 para. 1 f) GDPR.

Name Provider Purpose Cookie duration
__cid Datadog Analatics 3 months
dogwebu Datadog Analatics 3 days
__zlcmid Datadog Analatics 1 day
intercom-session Datadog Analatics 7 days
__dd_s Datadog Analatics 2 days

 

If you want to amend your saved cookie selection and, if applicable, withdraw your consent granted in the past for the future, you can make these changes in our cookie consent manager at any time. Alternatively, you can manually manage the settings for the use of cookies in your browser and delete cookies. Please note that your consent/ rejection status to cookies on our website is also stored in a cookie on your end device. If you delete all cookies, during your next visit to our website, you will again be asked to edit your cookie settings. You can find precise instructions for how to amend cookie settings for the most common browser types under the following links:

Mozilla Firefox

Microsoft Edge

Microsoft Internet Explorer

Google Chrome

Apple Safari

Opera

9. Data in the context of using iOS devices

If you use a device with iOS, such as your iPhone, your end device sends us the following data:

Diagnostics

Crash Data

Such as crash logs

Performance Data

Such as launch time, hang rate, or energy use

Other Diagnostic Data

Any other data collected for the purpose of measuring technical diagnostics related to the app

Data use

Analytics

Using data to evaluate user behavior, including to understand the effectiveness of existing product features, plan new features, or measure audience size or characteristics

App functionality Such as authenticate the user, enable features, prevent fraud, implement security measures, ensure server up-time, minimize app crashes, improve scalability and performance, or perform customer support

10. Google Firebase

In our app, we use the service "Firebase" to integrate various functionalities which is provided by the Google subsidiary of the same name, Firebase, located in San Francisco, California, USA. Google has its EU headquarters at Google Ireland Limited (Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland; below called "Google"). Our application uses the following Firebase tools:

- Firebase Crashlytics to track app crashes and for defect correction and bug fixing

- Firebase Cloud Messaging for the receipt of requested push notifications

We hereby point out that Google may also process your data in the USA which, according to the ruling of the European Court of Justice (ECJ), is not currently protected by an appropriate security level for data transfers. This involves a certain level of risk for your data. According to Google, any data transfers to the USA comply with the provisions of the underlying standard data protection clauses of the EU Commission.

For more information about data protection and data use by Google, please see the following Google website: Google.

For more information about data protection and data use by Firebase, please see the following link here.

a) Firebase Crashlytics

Our application uses the tool "Firebase Crashlytics" which generates error reports if the app crashes. By analysing anonymised crash reports, we can improve the stability and reliability of our app. This helps us to optimise our app and contributes to improving user experience.

In order to be able to provide us with anonymised crash reports, Firebase Crashlytics records information in the event of a crash or malfunction of the app and transmits this to Google servers in the USA.

This can e.g. be the following information:

- time stamp when the respective app was launched and when a crash occurred

- information about the status of the app at the time of the crash

- information about the installation UUID and the crash trace

- information about the device type, operating system version and the manufacturer of the mobile device as well as some additional technical data

- last log reports

The crash reports provided to us contain neither the IP address nor any other personal data based on which a user's identity could be traced. Your data are only collected in an anonymised format so that neither Google nor we are able to draw conclusions about your person. The information merely help us to diagnose malfunctions and solve issues in our application. You may object to the use of Crashlytics at any time by preventing the sending of error reports in the app settings.

The legal basis for this processing is Art. 6 para. 1 f) GDPR. Our legitimate interest consists in evaluating error reports and thereby be able to correct underlying malfunctions of our application. This requires us to receive and subsequently evaluate corresponding crash reports. It directly serves to further develop the functionality of our service and to ensure the integrity and security of our IT systems.

For more information about data protection and data use by Firebase Crashlytics, please see the following link here.

b) Firebase Cloud Messaging

Our application uses Firebase Cloud Messaging to send push notifications to our users. If you want to receive push notifications from our app, you must actively and independently select this option. The legal basis for this processing is your explicit consent based on Art. 6 para. 1 lit. a) GDPR.

All notifications or access options can be switched on or off in the settings menu later on. If you activate the push functionality, then, based on your explicit consent, your IP address will be sent to the servers of the company Google which operates the push service Firebase Cloud Messaging. Firebase then generates a computed key which is made up of the app ID and your device ID. This key is saved on our push platform with the settings chosen by you in order to make the contents available to you in line with your requests. The Firebase servers cannot draw any conclusions about the enquiries of the users or determine any other data concerning a person. Firebase acts exclusively as the transmitter.

For more information about data protection and data use by Firebase Cloud Messaging, please see the following link: https://firebase.google.com/products/
cloud-messaging/

11. Payment service provider (Stripe

In order to be able to implement payment transactions, our website and our services use a solution by the US technology company and online payment service Stripe with headquarters in San Francisco, California, USA. The company's EU headquarters are at Stripe Payments Europe (Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland). If you decide to receive chargeable services from us, your payments will be processed using Stripe Payments. In this context, the data required for the payment process are forwarded to and saved by Stripe. This also includes personal data. We use Stripe Payments so that you payment can be processed quickly and safely on our structures.

The legal basis for this processing of your data is your explicit consent based on Art. 6 para. 1 lit. a) GDPR. The transmitted data are transaction data. Such data e.g. include the payment method (i.e. credit card, debit card and/or IBAN) as well as the currency, amount and data of the payment. During a transaction, your name, email address, customer number with us, invoice or delivery address and sometimes also the course of your transaction may also be transmitted. These data are necessary for Stripe to authenticate your person. In addition, Stripe may, in addition to technical data relating to your device (such as the IP address), also collect your name, address, telephone number and country in order for fraud prevention, financial reporting and to be able to fully offer its services.

The transfer of your data by Stripe to independent third parties (e.g. marketing companies) is prohibited. But the data may be transferred to internal departments, to a limited number of external Stripe partners or for compliance with legal requirements. Stripe also uses cookies to record data. You can find a list of possible cookies under "Use of cookies" in this privacy statement. In the same section, you can also find out how to delete, disable or manage cookies in your browser. But please note that this may mean that the payment process may no longer function without issues.

Personal data are generally saved for the duration of the provision of the service. However, in order to ensure that the legal and official obligations are met, Stripe may also save personal data for the duration of the provision of the service. Since Stripe is a company which trades globally, the data may also be saved in any country in which Stripe offers services. In this context, please note that data may also be saved outside your country, e.g. in the USA. You always have the right to information, rectification and erasure of your personal data. In case of questions, you can contact Stripe directly at any time via Stripe.

For more information about data protection and data use by Stripe, please see the following Webseite.

12. Withdrawing your consent

If you have granted us consent under data protection law for specific data uses and/or services, you can of course withdraw your consent at any time with effect for the future. For this, simply send a message to the following address:

Union Investment Real Estate Digital GmbH
Johannes-Brahms-Platz 1 20355 Hamburg, Germany
Email: info@run-this-place.com
Registration court: Hamburg Local Court (Amtsgericht Hamburg), commercial register B 162153
Board of Directors: Dr. Lars Scheidecker, Frederik Nieß
Supervisory Board Chairman: Dr. Gunter Haueisen

13. Your rights as the data subject

You as the data subject are entitled to various rights concerning your personal data. We as the controller have taken suitable measures to be able to send you as the data subject all information pursuant to Art. 13 and 14 GDPR and all notifications pursuant to Art. 15 to 22 and Art. 34 GDPR which relate to the processing in a precise, transparent, understandable and easily accessible format and in clear and simple language; this applies particularly to information aimed specifically at children. Information is transmitted in writing or in another format, if applicable also electronically. If you request this, the information can also be provided orally, to the extent that you can provide evidence of your identity as the data subject in another way.

Of course you also have the right at any time to demand written or electronic information about the data stored about your person and about its source, the recipient/s to whom the data are sent and the purpose of saving them. Furthermore, you have the right to demand that incorrect data be rectified and, if the legal conditions for this are met, that your data be deleted or blocked. For this, simply send a message to the following address:

Union Investment Real Estate Digital GmbH
Johannes-Brahms-Platz 1
20355 Hamburg, Germany
Email: info@runthisplace.com
Registration court: Hamburg Local Court (Amtsgericht Hamburg), commercial register B 162153
Board of Directors: Dr. Lars Scheidecker, Frederik Nieß
Supervisory Board Chairman: Dr. Gunter Haueisen

In detail, you mentioned the following rights:

13.1 Right to confirmation and information

You can demand a confirmation from us whether we process personal data concerning you.

If we process your data, you can demand details regarding the following information:

a) the purposes for which we process the personal data;

b) the categories of personal data which are being processed;

c) the recipients or categories of recipients to whom the personal data concerning you have been disclosed or are being disclosed;

d) the planned storage duration of the personal data concerning you or, if specific information about this is not available, the criteria for setting the storage duration;

e) the existence of a right to rectification or erasure of the personal data concerning you, a right to a restriction of processing by us or a right to object to this processing;

f) the existence of a right to lodge a complaint with a supervisory authority;

g) all available information about the source of the data if the personal data were not collected from the data subject;

h) the existence of automated decision-making including profiling pursuant to Art. 22 para. 1 and 4 GDPR and – at least in these cases – meaningful information about the logic involved, the scope and the intended effects of such processing on the data subject.

Furthermore, you have the right to demand information about whether the personal data concerning you are transferred to a third country or an international organisation. In this context, you can demand to be notified of suitable guarantees pursuant to Art. 46 GDPR in the context of the transmission.

13.2 Right to rectification

You have the right to rectification and/or completion in relation to us, to the extent that the processed personal data concerning you are incorrect or incomplete. We must of course implement the rectification immediately.

13.3 Right to restriction of processing

Under the following conditions, you can demand a restriction of processing of the personal data concerning you:

a) if you contest the accuracy of the personal data concerning you, for a period which enables us to verify the accuracy of the personal data;

b) if the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;

c) if we no longer need the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims, or

d) if you have objected to the processing pursuant to Art. 21 para. 1 GDPR pending the verification whether our legitimate grounds override yours.

Where processing of the personal data concerning you has been restricted, such data shall – with the exception of storage – only be processed by us or an authorised third party with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

If you have obtained restriction of processing pursuant to the above conditions, we will inform you before the restriction of processing is lifted.

13.4 Right to erasure

13.4.1 Erasure obligation

You have the right to obtain from us the erasure of the personal data concerning you without undue delay and we have the obligation to erase personal data without undue delay where one of the following grounds applies:

a) the personal data concerning you are no longer necessary in relation to the purposes for which they were collected or otherwise processed.

b) you withdraw consent on which the processing is based according to Art. 6 para. 1 lit. a) or Art. 9 para. 2 lit. a) GDPR, and there is no other legal ground for the processing.

c) you object to the processing pursuant to Art. 21 para. 1 GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 para. 2 GDPR.

d) the personal data concerning you have been unlawfully processed.

e) the personal data concerning you have to be erased for compliance with a legal obligation in Union or Member State law to which we are subject.

f) the personal data have been collected in relation to the offer of information society services referred to in Art. 8 para. 1 GDPR.

13.4.2 Informing third parties

If we have made the personal data concerning you public and are obliged pursuant to Art. 17 para. 1 GDPR to erase the personal data, we, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you as the data subject have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.

13.4.3 Exceptions

The right to erasure does not apply to the extent that processing is necessary

a) for exercising the right of freedom of expression and information;

b) for compliance with a legal obligation which requires processing by Union or Member State law to which we are subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in us;

c) for reasons of public interest in the area of public health in accordance with Art. 9 para. 2 lit. h) and i) as well as Art. 9 para. 3 GDPR;

d) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Art. 89 para. 1 GDPR in so far as the right referred to in para. a) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or

e) for the establishment, exercise or defence of legal claims. 

13.5 Right to notification

If you have asserted the right to rectification, erasure or restriction of processing towards us, we are obligated to inform all recipients to whom the data concerning you have been disclosed, of this rectification or erasure of the data or of the restriction of processing, except where this proves to be impossible or would involve disproportionate efforts.

You have the right against us to be notified of these recipients.

13.6 Right to data portability

You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format. You also have the right to transmit those data to another controller without hindrance, where

a) the processing is based on consent pursuant to Art. 6 para. 1 lit. a) GDPR or Art. 9 para. 2 lit. a) GDPR or on a contract pursuant to Art. 6 para. 1 lit. b) GDPR and

b) the processing is carried out by automated means.

In exercising your right to data portability, you have the right to have the personal data transmitted directly from us to another controller, where technically feasible. This must not adversely affect the rights and freedoms of others.

The right to data portability shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.

13.7 Right to object

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Art. 6 para. 1 lit. e) or f) GDPR, including profiling based on those provisions.

We shall then no longer process the personal data concerning you unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or if the processing serves the establishment, exercise or defence of legal claims.

Where the personal data concerning are processed for direct marketing purposes, then you have the right to object at any time to processing of the personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.

Where you object to processing for direct marketing purposes, the personal data concerning you shall no longer be processed for such purposes in future.

In the context of the use of information society services – notwithstanding Directive 2002/58/EC – you may exercise your right to object by automated means using technical specifications.

13.8 Right to withdraw declaration of consent under data protection law

You have the right to withdraw your declaration of consent under data protection law at any time. Revoking your consent does not affect the legality of any processing up to the revocation.

13.9 Automated individual decision-making including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision

a) is necessary for entering into, or performance of, a contract between you and us,

b) is authorised by Union or Member State law to which we are subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or

c) is based on your explicit consent.

However, these decisions must not be based on special categories of personal data referred to in Art. 9 para. 1 GDPR, unless Art. 9 para. 2 lit. a) or g) applies and suitable measures to safeguard your rights and freedoms and legitimate interests are in place.

In the cases referred to in a) and c), we shall implement suitable measures to safeguard your rights and freedoms and legitimate interests.

13.10 Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.

The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Art. 78 GDPR.

14. Email advertising

If you have registered separately for the newsletter, you email address will be used for our own advertising purposes until you unsubscribe from the newsletter. You can unsubscribe at any time without incurring any costs other than transmission costs according to your access provider's base rates. You can unsubscribe at any time directly via the newsletter, or by email to info@runthisplace.com.

15. Further information

If you have any further questions or suggestions relating to our "data protection", or if you want to request information about your data or demand their rectification or erasure, please write to us by email or letter to:

Union Investment Real Estate Digital GmbH
Johannes-Brahms-Platz 1 20355 Hamburg, Germany
Email: info@run-this-place.com
Registration court: Hamburg Local Court (Amtsgericht Hamburg), commercial register B 162153
Board of Directors: Dr. Lars Scheidecker, Frederik Nieß
Supervisory Board Chairman: Dr. Gunter Haueisen

Hamburg, in August 2022