Preamble
With the following privacy policy, we would like to explain what types of personal data (hereinafter also referred to as "data") we process, for what purposes, and to what extent. This privacy policy applies to all processing of personal data carried out by us, both in the context of providing our services and, in particular, on our websites, in mobile applications, and within external online presences, such as our social media profiles (hereinafter collectively referred to as "online services").
The terms used are not gender-specific.
Stand: 26.06.2025
Responsible party for JUNE APARTMENTS: Strahl; Aneta, Ahrens, Sandra GbR, Schlägerstraße 30B, 30171 Hannover
Represented by: Aneta Strahl, Sandra Ahrens Email address: info@june-apartments.de Legal notice: https://www.june-apartments.com
Overview of the processing activities.
The following overview summarizes the types of data processed, the purposes of processing, and the data subjects. Types of data processed
Inventory data.
Payment details.
Location data.
Contact details.
Content data.
Contract details.
Usage data.
Metadata, communication data and process data.
Log data.
Categories of affected persons
Recipients of services and clients.
Interested parties.
Communication partners.
Users.
Business and contractual partners.
Purposes of processing
Provision of contractual services and fulfillment of contractual obligations.
Communication.
Safety measures.
Organizational and administrative procedures.
Return message.
Marketing.
Provision of our online services and user-friendliness.
Information technology infrastructure.
Public relations.
Business processes and business management procedures.
Relevant legal bases
Security measures
In accordance with legal requirements, and taking into account the state of the art, implementation costs, and the nature, scope, related and purposes of processing, as well as the varying likelihood and severity of the threat to the rights and freedoms of natural persons, we implement appropriate organizational measures to ensure a level of security appropriate to the risk. These measures include, in particular, ensuring the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data, as well as access to, input of, disclosure of, and ensuring the availability and separation of the data. Furthermore, we have established procedures that guarantee the exercise of data subject rights, the erasure of data, and responses to data breaches. We also consider the protection of personal data during the development and selection of hardware, software, and processes, in accordance with the principles of data protection by design and by default.
Transfer of personal data
As part of our processing of personal data, it may be necessary to transfer or disclose this data to other entities, companies, legally independent organizational units, or individuals. Recipients of this data may include, for example, IT service providers or providers of services and content integrated into a website. In these cases, we comply with legal regulations and, in particular, conclude appropriate contracts or agreements with the recipients of your data to protect your data.
International data transfers
General information on data storage and deletion
We delete personal data that we process in accordance with legal regulations, provided that the underlying consents are withdrawn or no other legal basis for processing exists. This applies to cases in which the original processing purpose no longer applies or the data is no longer needed. Exceptions to this rule exist if legal obligations or special interests require longer retention or archiving of the data. In particular, data that must be retained for commercial or tax law reasons, or whose storage is necessary for legal proceedings or for the protection of the rights of other natural or legal persons, must be archived accordingly. Our privacy policy contains additional information on the retention and deletion of data that applies specifically to certain processing activities. If several retention periods or deletion deadlines are specified for a given date, the longest period always applies. If a period does not explicitly begin on a specific date and is at least one year, it automatically begins at the end of the calendar year in which the event triggering the period occurred. In the case of ongoing contractual relationships where data is stored, the event triggering the retention period is the effective date of the termination or other end of the legal relationship. Data that is no longer retained for its originally intended purpose, but is retained due to legal requirements or other reasons, is processed by us exclusively for the purpose that justifies its retention.
Rights of data subjects
Payment methods
Within the framework of contractual and other legal relationships, due to legal obligations, or otherwise based on our legitimate interests, we offer data subjects efficient and secure payment options and, in addition to banks and credit institutions, use other service providers for this purpose (collectively, "payment service providers"). The data processed by the payment service providers includes master data, such as name and address, bank details, such as account numbers or credit card numbers, passwords, TANs and checksums, as well as contract, amount, and recipient-related information. This information is necessary to process the transactions. However, the entered data is processed and stored only by the payment service provider. This means that we do not receive any account or credit card-related information, but only confirmation or rejection of the payment. The payment service provider may transmit the data to credit reference agencies. This transmission serves the purpose of identity and creditworthiness verification. For this purpose, we refer to the terms and conditions and privacy policy of the payment service provider. The terms and conditions and privacy policies of the respective payment service providers, which can be accessed on their respective websites or transaction applications, apply to payment transactions. We also refer to these for further information and to assert your rights of withdrawal, access, and other data subject rights.
Types of data processed: Inventory data (e.g., full name, home address, contact information, customer number, etc.); payment data (e.g., bank details, invoices, payment history); contract data (e.g., subject matter of the contract, term, customer category); usage data (e.g., page views and time spent on the site, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions). Metadata, communication data, and procedural data (e.g., IP addresses, timestamps, identification numbers, persons involved).
Affected persons: Service recipients and clients; business and contractual partners; interested parties.
Purposes of processing: Provision of contractual services and fulfillment of contractual obligations. Business processes and operational procedures.
Storage and deletion: Deletion according to the information in the section “General information on data storage and deletion”.
Legal basis: Contract performance and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR). Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).
Further information on processing procedures, methods and services:
Klarna: Payment services (technical integration of online payment methods); Service provider: Klarna Bank AB (publ), Sveavägen 46, 111 34 Stockholm, Sweden; Legal basis: Contract performance and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR); Website: https://www.klarna.com/de. Privacy policy: https://www.klarna.com/de/datenschutz.
PayPal: Payment services (technical integration of online payment methods) (e.g., PayPal, PayPal Plus, Braintree); Service provider: PayPal (Europe) S.à rl et Cie, SCA, 22-24 Boulevard Royal, L-2449 Luxembourg; Legal basis: Contract performance and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR); Website: https://www.paypal.com/de. Privacy policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full.
Stripe: Payment services (technical integration of online payment methods); Service provider: Stripe, Inc., 510 Townsend Street, San Francisco, CA 94103, USA; Legal basis: Contract performance and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR); Website: https://stripe.com. Privacy policy: https://stripe.com/de/privacy.
Provision of the online service and web hosting
We process user data to provide our online services. For this purpose, we process the user's IP address, which is necessary to transmit the content and functions of our online services to the user's browser or device.
Types of data processed: Usage data (e.g., page views and time spent on the site, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions); metadata, communication data, and procedural data (e.g., IP addresses, timestamps, identification numbers, persons involved). Log data (e.g., log files concerning logins or data retrieval or access times).
Affected persons: Users (e.g. website visitors, users of online services).
Purposes of processing: Provision of our online services and user-friendliness; Information technology infrastructure (operation and
Provision of information systems and technical equipment (computers, servers, etc.). Security measures.
Storage and deletion: Deletion according to the information in the section “General information on data storage and deletion”.
Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).
Further information on processing procedures, methods and services:
Collection of access data and log files: Access to our online services is logged in the form of so-called "server log files." These server log files may include the address and name of the accessed web pages and files, the date and time of access, the amount of data transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page), and, as a rule, IP addresses and the requesting provider. Server log files may be used for security purposes, e.g., to prevent server overload (especially in the case of malicious attacks, so-called DDoS attacks), and to ensure server capacity and stability. Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR). Data deletion: Log file information is stored for a maximum of 30 days and then deleted or anonymized. Data that needs to be retained for evidentiary purposes will be accepted for deletion until the respective incident has been fully resolved.
Use of cookies
The term "cookies" refers to functions that store information on and read it from users' devices. Cookies can also be used for various purposes, such as ensuring the functionality, security, and user-friendliness of online services, as well as analyzing visitor traffic. We use cookies in accordance with legal regulations. Where necessary, we obtain users' consent beforehand. If consent is not required, we rely on our legitimate interests. This applies particularly when storing and reading information is essential to providing explicitly requested content and functions. This includes, for example, saving settings and ensuring the functionality and security of our online services. Consent can be withdrawn at any time. We clearly inform you about the scope and specific cookies used.
Information on the legal basis for data protection: Whether we process personal data using cookies depends on consent. If consent has been given, it serves as the legal basis. Without consent, we rely on our legitimate interests, which are explained above in this section and in the context of the respective services and procedures.
Storage duration: The following types of cookies are used with regard to storage duration:
Temporary cookies (also: session cookies): Temporary cookies are deleted at the latest after a user has left an online service and closed their device (e.g. browser or mobile application).
Persistent cookies: Persistent cookies remain stored even after the user closes their device. This allows, for example, login status to be saved and preferred content to be displayed directly when the user revisits a website. User data collected via cookies can also be used for audience measurement. Unless we provide users with explicit information about the type and storage duration of cookies (e.g., when obtaining consent), they should assume that these cookies are persistent and can be stored for up to two years.
General information on revocation and objection (opt-out): Users can revoke their consent at any time and also object to the processing in accordance with legal requirements, including via their browser's privacy settings.
Types of data processed: Metadata, communication data and procedural data (e.g. IP addresses, timestamps, identification numbers, persons involved).
Affected persons: Users (e.g. website visitors, users of online services).
Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR). Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR).
Further information on processing procedures, methods and services:
Processing of cookie data based on consent: We use a consent management solution to obtain user consent for the use of cookies or for the processes and providers mentioned within the consent management solution. This process serves to obtain, log, manage, and revoke consent, particularly regarding the use of cookies and similar technologies used to store, read, and process information on users' devices. Within this process, user consent for the use of cookies and the associated processing of information, including the specific processing activities and providers mentioned in the consent management process, is obtained. Users also have the option to manage and revoke their consent. The declarations of consent are stored to avoid repeated requests and to provide proof of consent in accordance with legal requirements. Storage takes place server-side and/or in a cookie (so-called opt-in cookie) or using comparable technologies to assign the consent to a specific user or their device. Unless specific details regarding the providers of consent management services are available, the following general information applies: Consent is stored for up to two years. A pseudonymous user identifier is created, which is stored along with the time of consent, details regarding the scope of consent (e.g., categories of cookies and/or service providers concerned), and information about the browser, system, and device used; legal basis: consent (Art. 6 para. 1 sentence 1 lit. a) GDPR).
Contact and Inquiry Management When you contact us (e.g. by mail, contact form, email, telephone or via social media) and within the framework of existing user and business relationships, the information of the inquiring persons is processed insofar as this is necessary to answer the contact requests and any requested measures.
Types of data processed: Inventory data (e.g., full name, home address, contact information, customer number, etc.); contact data (e.g., postal and email addresses or telephone numbers); content data (e.g., textual or image messages and posts, as well as information relating to them, such as authorship or time of creation); usage data (e.g., page views and time spent on the site, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions). Metadata, communication data, and procedural data (e.g., IP addresses, timestamps, identification numbers, persons involved).
Affected persons: Communication partners.
Purposes of processing: Communication; organizational and administrative procedures; feedback (e.g., collecting feedback via online form). Provision of our online services and user-friendliness.
Storage and deletion: Deletion according to the information in the section “General information on data storage and deletion”.
Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR). Contract performance and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR).
Further information on processing procedures, methods and services:
Contact form: When you contact us via our contact form, email, or other communication channels, we process the personal data you provide to answer and process your request. This typically includes information such as your name, contact details, and any other information you provide that is necessary for proper processing. We use this data exclusively for the stated purpose of contacting you and communicating with you; legal bases: performance of a contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR), legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).
Customer reviews and rating procedures
We participate in review and rating processes to evaluate, optimize, and promote our services. When users rate us or otherwise provide feedback via the participating rating platforms or processes, the providers' terms and conditions and privacy policies also apply. Generally, rating also requires registration with the respective providers. To ensure that the individuals being rated have actually used our services, we transmit the necessary data regarding the customer and the service used (including name, email address, and order number or item number) to the respective rating platform with the customer's consent. This data is used solely to verify the user's authenticity.
Types of data processed: Contract data (e.g., subject matter of the contract, term, customer category); usage data (e.g., page views and time spent on the site, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions). Metadata, communication data, and procedural data (e.g., IP addresses, timestamps, identification numbers, persons involved).
Affected persons: Service recipients and clients. Users (e.g., website visitors, users of online services).
Purposes of processing: Feedback (e.g., collecting feedback via online form). Marketing.
Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).
Further information on processing procedures, methods and services:
Rating Widget: We integrate so-called "rating widgets" into our online service. A widget is a functional and content element integrated into our online service that displays dynamic information. It can be displayed, for example, as a seal or similar element, sometimes also called a "badge." While the widget's content is displayed within our online service, it is retrieved from the servers of the respective widget provider at that moment. This is the only way to ensure that the content shown is always up-to-date, especially the current rating. For this to work, a data connection must be established between the webpage accessed within our online service and the widget provider's server. The widget provider receives certain technical data (access data, including IP address) necessary to deliver the widget's content to the user's browser. Furthermore, the widget provider receives information that users have visited our online service. This information can be stored in a cookie and used by the widget provider to identify which online services participating in the evaluation process have been visited by the user. The information can be stored in a user profile and used for advertising or market research purposes; legal basis: legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).
Presence in social networks (Social Media)
We maintain online presences within social networks and process user data in this context to communicate with users active there or to provide information about ourselves. We would like to point out that user data may be processed outside the European Union. This may pose risks for users, as it could, for example, make it more difficult to enforce their rights. Furthermore, user data within social networks is generally processed for market research and advertising purposes. For example, user profiles can be created based on usage patterns and the resulting user interests. These profiles may then be used for other purposes, such as displaying advertisements within and outside the networks that are presumably tailored to the users' interests. Therefore, cookies are typically stored on users' computers to record their usage patterns and interests. In addition, user profiles may also store data independently of the devices used by the users (especially if they are members of the respective platforms and are logged in). For a detailed description of the respective processing methods and the options to object (opt-out), please refer to the privacy policies and information provided by the network operators. Regarding requests for information and the assertion of data subject rights, we would also like to point out that these can be most effectively addressed directly with the providers. Only the latter have access to user data and can take appropriate action and provide information directly. Should you still require assistance, you can contact us.
Types of data processed: Contact data (e.g., postal and email addresses or telephone numbers); content data (e.g., textual or image messages and posts, as well as relevant information such as authorship details or time of creation); usage data (e.g., page views and time spent on the site, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions).
Affected persons: Users (e.g. website visitors, users of online services).
Purposes of processing: Communication; feedback (e.g., collecting feedback via online form). Public relations.
Storage and deletion: Deletion according to the information in the section “General information on data storage and deletion”.
Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).
Further information on processing procedures, methods and services:
Instagram: Social network that allows users to share photos and videos, comment on and like posts, send messages, and subscribe to profiles and pages; Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.instagram.com. Privacy policy: https://privacycenter.instagram.com/policy/.
Plug-ins and embedded functions as well as content
We integrate functional and content elements into our online services that are hosted on the servers of their respective providers (hereinafter referred to as "third-party providers"). These may include, for example, graphics, videos, or maps (hereinafter collectively referred to as "content"). This integration always requires that the third-party providers of this content process the user's IP address, as they cannot send the content to the browser without it. The IP address is therefore necessary for displaying this content or these functions. We are confident that we only use content from providers who use the IP address solely for delivering the content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. These pixel tags allow information such as visitor traffic on the pages of this website to be analyzed. The pseudonymous information can also be stored in cookies on users' devices and may include, among other things, technical information about the browser and operating system, referring websites, the time of visit, and other information about the use of our online services. This information may also be combined with information from other sources. Legal basis: If we have asked users for their consent to the use of the third-party provider, the legal basis for data processing is permission. Otherwise, user data is processed based on our legitimate interests (i.e., our interest in efficient, economical, and user-friendly services). In this context, we would also like to draw your attention to the information on the use of cookies in this privacy policy.
Types of data processed: Usage data (e.g., page views and time spent on the site, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions); metadata, communication data, and procedural data (e.g., IP addresses, timestamps, identification numbers, individuals involved). Location data (information about the geographic position of a device or person).
Affected persons: Users (e.g. website visitors, users of online services).
Purposes of processing: Provision of our online service and user-friendliness.
Retention and deletion: Deletion according to the information in the section "General information on data storage and deletion". Cookies are stored for up to 2 years (Unless otherwise specified, cookies and similar storage methods may be stored on users' devices for a period of two years).
Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR). Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).
Further information on processing procedures, methods and services:
Google Maps: We integrate maps from the "Google Maps" service provided by Google. The data processed may include, in particular, users' IP addresses and location data; Service provider: Google Cloud EMEA Limited, 70 Sir John Rogerson's Quay, Dublin 2, Ireland; Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR); Website: https://mapsplatform.google.com/. Privacy policy: https://policies.google.com/privacy.
Created with the Datenschutz-Generator.de by Dr. Thomas Schwenke. Location data (information about the geographical position of a device or person).
Affected persons: Users (e.g. website visitors, users of online services).
Purposes of processing: Provision of our online service and user-friendliness.
Retention and deletion: Deletion according to the information in the section "General information on data storage and deletion". Cookies are stored for up to 2 years (Unless otherwise specified, cookies and similar storage methods may be stored on users' devices for a period of two years).
Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR). Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR). Further information on processing operations, procedures and services:
Google Maps: We integrate maps from the "Google Maps" service provided by Google. The data processed may include, in particular, users' IP addresses and location data; Service provider: Google Cloud EMEA Limited, 70 Sir John Rogerson's Quay, Dublin 2, Ireland; Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR); Website: https://mapsplatform.google.com/. Privacy policy: https://policies.google.com/privacy. Created with the Datenschutz-Generator.de by Dr. Thomas Schwenke. Location data (information on the geographical position of a device or person).
Affected persons: Users (e.g. website visitors, users of online services).
Purposes of processing: Provision of our online service and user-friendliness.
Retention and deletion: Deletion according to the information in the section "General information on data storage and deletion". Cookies are stored for up to 2 years (Unless otherwise specified, cookies and similar storage methods may be stored on users' devices for a period of two years).
Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR). Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR). Further information on processing operations, procedures and services:
Google Maps: We integrate maps from the "Google Maps" service provided by Google. The data processed may include, in particular, users' IP addresses and location data; Service provider: Google Cloud EMEA Limited, 70 Sir John Rogerson's Quay, Dublin 2, Ireland; Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR); Website: https://mapsplatform.google.com/. Privacy policy: https://policies.google.com/privacy. Created with the Datenschutz-Generator.de by Dr. Thomas Schwenke
