RMB rooms.berlin

Datenschutzerklärung

Privacy Policy

Introduction
The following privacy policy provides information about the nature, scope, and purposes of the processing of your personal data (hereinafter referred to as "data") by us. This policy applies to all processing of personal data conducted by us in the course of providing our services, including but not limited to our websites, mobile applications, and external online presences, such as our social media profiles (collectively referred to as the "online offering").

The terms used are gender-neutral.

Last updated: 23 June 2025

Overview

  • Introduction
  • Controller
  • Overview of processing
  • Legal bases for processing
  • Security measures
  • Data deletion
  • Use of cookies
  • Provision of the online offering and web hosting
  • Contact and inquiry management
  • Changes to this privacy policy
  • Rights of data subjects
  • Definitions

Controller
RMB rooms.berlin GmbH
Westring 2a
15366 Neuenhagen b. Berlin
Germany

Authorized representative: Regina Münzfeld
Email: [email protected]

Overview of Processing

Types of data processed:

  • Contact data
  • Content data
  • Usage data
  • Meta/communication data

Categories of data subjects:

  • Communication partners
  • Users

Purposes of processing:

  • Contractual service provision and customer support
  • Handling contact requests and communication
  • Security measures
  • Managing and responding to inquiries
  • Firewall
  • Feedback
  • Providing our online offering and user-friendliness
  • IT infrastructure

Legal Bases for Processing

The following is an overview of the legal bases under the GDPR on which we process personal data. Please note that national data protection regulations may also apply in your or our country of residence.

  • Performance of a contract or pre-contractual measures (Art. 6(1)(b) GDPR): Processing is necessary for the performance of a contract to which the data subject is a party or for the implementation of pre-contractual measures.
  • Legitimate interests (Art. 6(1)(f) GDPR): Processing is necessary for the purposes of the legitimate interests pursued by the controller or a third party, provided such interests are not overridden by the interests or fundamental rights and freedoms of the data subject.

In addition to the GDPR, national data protection provisions in Germany apply, particularly the Federal Data Protection Act (BDSG), which includes specific regulations on data subject rights, processing of special categories of data, employment-related data processing, and more.

Security Measures

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, taking into account the state of the art, implementation costs, and the nature, scope, context, and purposes of processing.

Measures include securing the confidentiality, integrity, and availability of data through access control (physical and electronic), input control, data transmission security, availability, and separation. We also have procedures to enable data subject rights, data deletion, and responses to data threats.

IP address masking: Where IP addresses are processed, we use IP masking to anonymize addresses unless full processing is necessary.

TLS encryption (https): We use TLS encryption to protect data transmitted via our website. You can recognize encrypted connections by the prefix "https://" in your browser.

Data Deletion

Data we process will be deleted in accordance with legal requirements as soon as the basis for processing ceases to apply (e.g., consent withdrawn or purpose no longer relevant). If data must be retained for legal reasons (e.g., tax or commercial retention), processing will be restricted.

Use of Cookies

Cookies are small text files that store and retrieve information on users’ devices. They serve various purposes, such as ensuring functionality, improving security and usability, and analyzing user behavior.

Consent information: Cookies are used based on user consent unless legally exempt. Consent is clearly communicated and can be withdrawn at any time.

Cookie duration:

  • Session cookies: Deleted after browser is closed.
  • Persistent cookies: Remain stored and may last up to two years unless otherwise specified.

Users can withdraw consent or object to cookie use at any time via browser settings or websites such as https://optout.aboutads.info or https://www.youronlinechoices.com.

Cookie Consent Management: We use a cookie consent management tool (Complianz), hosted on our servers with no third-party data sharing. Consent logs may be retained for up to two years.

Provision of the Online Offering and Web Hosting

We process usage data (e.g., visited pages, access times, IP addresses) to provide and maintain our online services.

Hosting: We use rented server infrastructure (e.g., from IONOS by 1&1) to deliver our website. Server log files may include IP address, browser type, pages visited, etc., and are deleted after 30 days unless needed for legal purposes.

Firewall: Security is reinforced via firewall technologies (e.g., Wordfence by Defiant, Inc., with standard contractual clauses for third-country processing).

Contact and Inquiry Management

We process personal data when users contact us (e.g., via forms, email, phone, social media) and as part of user or business relationships. Data may include contact details, submitted content, and usage metadata.

Legal bases: Legitimate interests (Art. 6(1)(f) GDPR), or where applicable, contract performance (Art. 6(1)(b) GDPR).

Privacy Policy Updates

We may update this privacy policy as necessary to reflect changes in data processing. We will notify you if your consent or individual notification is required.

Rights of Data Subjects

Under the GDPR, you have the following rights:

  • Right to object (Art. 21 GDPR): To processing based on Art. 6(1)(e) or (f) GDPR.
  • Right to withdraw consent: At any time without affecting prior processing.
  • Right of access (Art. 15 GDPR): To confirmation and information about your personal data.
  • Right to rectification (Art. 16 GDPR): To correct or complete inaccurate data.
  • Right to erasure and restriction (Art. 17, 18 GDPR): Under certain conditions.
  • Right to data portability (Art. 20 GDPR): To receive or transfer your data.
  • Right to lodge a complaint: With a supervisory authority if you believe your data is being processed unlawfully.

Definitions

Personal data: Any information related to an identified or identifiable natural person.

Controller: The entity deciding the purposes and means of processing personal data.

Processing: Any operation performed on personal data, whether automated or not, including collection, storage, use, transmission, or deletion.

Firewall: A security system protecting computers or networks from unauthorized access.

+49 15563 883861

Westring 2a, Neuenhagen b. Berlin, Germany 15366.
[email protected]
©2025 RMB rooms.berlin All rights reserved - Powered byLodgify