Eigentum²
v130 March 2026

Privacy Policy

Version 1.0

1. Controller and Data Protection Officer

The controller responsible for the processing of your personal data within the meaning of the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG), and other applicable data protection legislation is:

Ilya Baskakov (Operating as: Eigentum²) Von-Müller-Straße 15a 82467 Garmisch-Partenkirchen, Germany

VAT ID (USt-IdNr.): DE356119638

Email: support@dein-eigentum.de Phone: +49 176 26554582

If you have any questions regarding the processing of your personal data or wish to exercise your data subject rights, please contact us at: support@dein-eigentum.de

Data Protection Officer: A Data Protection Officer has not been appointed, as the conditions under § 38 BDSG (fewer than 20 persons regularly engaged in automated processing of personal data) are not met. For all data protection inquiries, please contact us at the email address above.

2. Scope of This Privacy Policy

This Privacy Policy explains how Eigentum² ("we," "us," "our") collects, processes, stores, and protects your personal data when you:

  • Visit our website(s) and web application;
  • Create an account and use our property management platform;
  • Communicate with us via email, contact forms, or other channels;
  • Subscribe to our newsletter or marketing communications;
  • Use our mobile applications (if applicable).

This Privacy Policy applies to all users of our platform, including property owners, landlords, property managers, tenants (where data is provided by a landlord user), and visitors to our website.

Where we process personal data on behalf of our users (e.g., tenant data entered by a landlord), we act as a data processor under Article 28 GDPR. In such cases, the user who enters the data is the data controller, and a separate Data Processing Agreement (DPA) governs that relationship. This Privacy Policy covers processing activities where we act as the data controller.

3. Categories of Personal Data We Collect

3.1 Account and Authentication Data

When you create an account, we collect:

  • Email address
  • First name and last name
  • Password (stored only in hashed form; we never store plaintext passwords)
  • Phone number (optional)
  • Profile image (optional)
  • Preferred language and currency settings

If you sign up or log in via Google OAuth, we receive the following data from Google:

  • Email address
  • Given name and family name
  • Profile picture URL
  • Email verification status

We also store OAuth tokens (access token, refresh token, ID token) to maintain your authenticated session with Google. These tokens are stored securely and are not shared with any third party.

3.2 Session and Device Data

Each time you log in, we create a session record containing:

  • Session token (unique identifier)
  • IP address
  • User agent string (browser type, operating system, device information)
  • Session creation, update, and expiration timestamps

This data is necessary for maintaining your authenticated session and for security purposes (e.g., detecting unauthorized access).

3.3 Contact and Tenant Data

If you use our platform to manage properties and tenants, you may enter the following data about your contacts (tenants, guarantors, property managers, etc.):

  • Salutation, first name, last name
  • Date of birth and nationality
  • Company name and VAT number
  • Full postal address (street, city, postal code, country)
  • Contact methods (email, phone, mobile, fax) with verification status
  • Banking details (IBAN, BIC, bank name)
  • Emergency contact information (name, relationship, phone number)
  • Preferred language and contact method
  • Identity verification status
  • Internal notes and metadata
  • Contact acquisition source

Important: When you enter personal data of third parties (such as tenants), you are the data controller for that data under GDPR. You are responsible for ensuring that you have a valid legal basis (e.g., the tenancy agreement) for entering and processing that data on our platform. We process this data on your behalf as your data processor, governed by our Data Processing Agreement.

3.4 Property Data

We collect and store detailed information about properties you manage:

  • Property title and description
  • Full address (street, city, postal code, country, state/region, district)
  • GPS coordinates (latitude, longitude — optional)
  • Property type (house, apartment, land, commercial, multi-family, mixed-use)
  • Year built, building condition, quality, and renovation history
  • Area measurements and room counts
  • Purchase details (price, date, currency)
  • Land and building values for depreciation
  • Energy efficiency data and certificates
  • Legal attributes (monument protection, flood risk, contamination status, easements, zoning, tenure type)
  • Distance metrics (to public transport, city center, schools, shopping)
  • Market indicators and investment scores
  • Custom fields and metadata

3.5 Financial Data

Our platform processes the following financial information:

Payments and Rent:

  • Payment amounts (expected, paid, balance)
  • Payment method (bank transfer, direct debit, cash, card, platform payout, cheque)
  • Bank reference, sender name, and sender IBAN
  • Card details (last 4 digits and brand only — we never store full card numbers)
  • Due dates, receipt dates, and clearing dates
  • Payment status and reminder history

Security Deposits:

  • Deposit amounts and holding type
  • Bank account details for deposit accounts
  • Interest tracking
  • Return calculations and deduction records

Loans and Mortgages:

  • Lender information (name, type, reference number)
  • Loan principal, interest rates, and terms
  • Repayment schedules and payment history
  • German-specific features (Zinsbindung, Sondertilgung)
  • Borrower and guarantor information

Subscription Billing (via Stripe):

  • Stripe customer ID
  • Subscription and product identifiers
  • Payment method identifier (last 4 digits only)
  • Subscription status, start date, and renewal dates
  • Billing email address

3.6 Lease Contract Data

  • Contract number and type
  • Letting mode and contract form
  • Duration, start and end dates, notice period
  • Rent model (fixed, stepped, indexed, turnover-based)
  • Rent components (base rent, operating cost prepayments, utilities, surcharges)
  • Contractual area (square metres) and room count
  • Special terms (furnished, pets, subletting, smoking, commercial use)
  • Fixed-term justification details (in compliance with § 575 BGB)
  • Guarantor associations

3.7 Ownership Transfer Data

If you use our ownership transfer feature, we process:

  • Transfer type (sale, gift, divorce settlement), status, and phase
  • Agreed price, asking price, and assessed values
  • Participant information (buyer, seller, notary, agent) including names, emails, roles, and permissions
  • Transfer documents (deeds, certificates, identity documents, powers of attorney)
  • Fee and tax calculations
  • Key dates and milestones
  • Invite tokens and short codes for participant onboarding
  • IP address and user agent for transfer event audit trail

3.8 Property Valuation and AI-Processed Data

We offer AI-powered property valuation features. When you request a valuation, the following data may be processed:

  • Property characteristics (type, size, condition, location, year built)
  • Property address and geographic data
  • Market context and comparable property data
  • The language/locale of your request

This data is sent to third-party AI service providers (see Section 7) to generate:

  • Estimated property values and confidence scores
  • Value ranges (low/high estimates)
  • Comparable property analyses
  • Market context and trend reports

AI model versions and prompt metadata (hashed, not raw content) are stored for quality assurance and deduplication purposes.

We do not use your property data to train AI models. Your data is processed solely to generate the valuation you requested.

3.9 Documents and Files

  • Property documents and files (filename, MIME type, file size, category, storage path)
  • Property images (filename, MIME type, file size, category, storage path)
  • Folder structures for document organisation
  • Upload and update timestamps with user attribution

3.10 Property Sharing Data

When you share property information with others:

  • Recipient email address
  • Optional message/note to the recipient
  • Expiration date for the share link
  • Selection of shared folders and files
  • View timestamp (when the recipient accessed the shared content)

3.11 Organisation and Membership Data

  • Organisation name and slug
  • Subscription tier and billing information
  • Billing address (street, city, postal code, country, company name)
  • Tax ID (for business customers)
  • Member roles and permissions
  • Invitation details (email, token, status, timestamps)
  • Storage quota and usage

3.12 Legal Document Acceptance Records

When you accept legal documents (e.g., this Privacy Policy, Terms of Service):

  • User ID and document version accepted
  • Timestamp of acceptance
  • IP address at the time of acceptance
  • User agent at the time of acceptance

This data is collected to maintain a legally required audit trail of your consent and acceptance.

3.13 Audit Log Data

For security and compliance, we log:

  • Entity type and action performed (create, update, delete, status change)
  • User who performed the action
  • Timestamp of the action
  • IP address and user agent
  • Request ID for tracing
  • Change details (before/after values)

3.14 Automatically Collected Technical Data (Server Log Files)

When you access our website or application, our servers automatically collect:

  • IP address
  • Date and time of access
  • HTTP request method and URL requested
  • HTTP status code and response size
  • Referrer URL (the page you came from)
  • User agent string (browser, operating system, device)

This data is processed on the basis of our legitimate interest in ensuring the security, stability, and optimal performance of our services (Article 6(1)(f) GDPR). Server log files are retained for a maximum of 30 days and are then automatically deleted.

4. Purposes and Legal Bases of Processing

We only process your personal data where we have a valid legal basis under Article 6(1) GDPR. Below, we set out each purpose of processing together with the applicable legal basis.

4.1 Provision of Our Services (Contract Performance)

Legal basis: Article 6(1)(b) GDPR — processing is necessary for the performance of a contract or for pre-contractual measures.

We process your data to:

  • Create and manage your user account
  • Provide our property management platform and all its features
  • Process rent payments, deposit management, and cost settlements
  • Manage lease contracts and tenant relationships
  • Facilitate property valuations
  • Enable property sharing with third parties you designate
  • Process ownership transfers
  • Manage your subscription and billing
  • Provide customer support

4.2 Compliance with Legal Obligations

Legal basis: Article 6(1)(c) GDPR — processing is necessary for compliance with a legal obligation.

We are subject to various legal retention and documentation obligations, including under the German Commercial Code (HGB § 257) and the German Fiscal Code (AO § 147). We process and retain data to:

  • Maintain accounting and tax records (retention: 10 years per AO § 147)
  • Retain commercial correspondence and business letters (retention: 6 years per HGB § 257)
  • Comply with anti-money laundering regulations where applicable
  • Respond to lawful requests from public authorities
  • Maintain audit trails for legal document acceptance (GDPR accountability)

4.3 Legitimate Interests

Legal basis: Article 6(1)(f) GDPR — processing is necessary for the purposes of the legitimate interests pursued by the controller or a third party, except where such interests are overridden by the interests or fundamental rights of the data subject.

We rely on legitimate interests for the following processing activities:

Processing ActivityLegitimate Interest Pursued
Server log file analysisEnsuring IT security, detecting and preventing attacks, maintaining system stability
Audit logging of user actionsSecurity, fraud prevention, and compliance monitoring
Session management (IP, user agent)Account security, detection of unauthorised access
Error monitoring and crash reportingImproving service reliability and resolving technical issues
Aggregated, anonymised usage analyticsImproving our services and user experience
Communication about service changesInforming users of material changes to the platform
Assertion and defence of legal claimsProtecting our rights and interests

You have the right to object to processing based on legitimate interests at any time (see Section 10.7).

4.4 Consent

Legal basis: Article 6(1)(a) GDPR — the data subject has given consent.

We process data based on your consent for:

  • Non-essential cookies and tracking technologies (§ 25(1) TDDDG)
  • Newsletter and marketing communications
  • Optional sharing of property data with third parties you designate

You may withdraw your consent at any time with effect for the future, without affecting the lawfulness of processing carried out prior to the withdrawal. To withdraw consent, please contact us at support@dein-eigentum.de or use the relevant opt-out mechanism (e.g., cookie settings, unsubscribe link).

4.5 Processing of Special Categories of Data

We do not intentionally collect or process special categories of personal data as defined in Article 9(1) GDPR (e.g., racial or ethnic origin, political opinions, religious beliefs, health data, biometric data). If such data is incidentally included in free-text fields (e.g., notes), the processing is based on Article 9(2)(a) GDPR (explicit consent) or Article 9(2)(f) GDPR (establishment, exercise, or defence of legal claims).

5. Cookies and Similar Technologies

5.1 Legal Framework

The use of cookies and similar technologies is governed by § 25 of the German Telecommunications Digital Services Data Protection Act (TDDDG) and the GDPR.

5.2 Strictly Necessary Cookies

Certain cookies are strictly necessary for the operation of our website and platform. These are placed without your consent in accordance with § 25(2) No. 2 TDDDG, as they are essential for providing the service you have explicitly requested.

CookiePurposeDuration
Session cookieMaintaining your authenticated sessionSession / until expiry
CSRF tokenProtection against cross-site request forgery attacksSession
Language preferenceRemembering your selected language1 year
Cookie consentStoring your cookie consent preferences1 year

5.3 Analytics and Performance Cookies

We may use analytics cookies to understand how visitors interact with our platform and to improve our services. These cookies are only set with your prior consent (Article 6(1)(a) GDPR in conjunction with § 25(1) TDDDG).

5.4 Managing Your Cookie Preferences

You can manage your cookie preferences at any time via our cookie consent banner or by clicking the "Cookie Settings" link in the footer of our website. You can also configure your browser to block or delete cookies, though this may affect the functionality of our platform.

6. Recipients and Categories of Recipients

We share your personal data with third parties only where necessary and only to the extent described below. We do not sell your personal data.

6.1 Service Providers (Data Processors)

We engage the following categories of service providers who process data on our behalf under Data Processing Agreements pursuant to Article 28 GDPR:

Service ProviderPurposeLocationTransfer Mechanism
Vercel Inc.Hosting, content delivery, serverless computeEU (Frankfurt)EU processing; no third-country transfer
Google Cloud Platform (Google LLC)File and document storage (Firebase Cloud Storage)EU (Frankfurt) / USAEU-US Data Privacy Framework (DPF); Standard Contractual Clauses (SCCs)
Stripe, Inc.Subscription billing and payment processingUSA / IrelandEU-US Data Privacy Framework (DPF); Stripe Ireland acts as EU establishment
Mailjet SAS (Sinch Group)Transactional email delivery (verification, password reset, notifications)France / EUEU processing; no third-country transfer
OpenAI, Inc.AI-powered property valuation (data processed per API request, not used for model training under API terms)USAEU-US Data Privacy Framework (DPF); Standard Contractual Clauses (SCCs)
Google Ireland Ltd.OAuth authentication (Google Sign-In)Ireland / USAEU-US Data Privacy Framework (DPF)

6.2 Third Parties Designated by You

When you use our property sharing feature, the recipients you designate will receive access to the property data and documents you have chosen to share. We facilitate this sharing on your instruction; you are responsible for ensuring the recipient is appropriate.

6.3 Ownership Transfer Participants

In the context of an ownership transfer, data is shared with participants (buyers, sellers, notaries, agents) you have invited to the transfer. Participants only receive access to data relevant to their role, as controlled by the granular permission settings you configure.

6.4 Public Authorities

We may disclose personal data to public authorities (e.g., tax authorities, law enforcement, data protection authorities) where we are legally obligated to do so or where disclosure is necessary for the assertion, exercise, or defence of legal claims.

6.5 Corporate Transactions

In the event of a merger, acquisition, restructuring, or sale of assets, your personal data may be transferred to the acquiring entity. We will notify you of any such transfer and of any changes to the applicable privacy policy.

7. International Data Transfers

Some of our service providers are established in or process data in countries outside the European Economic Area (EEA), in particular the United States. We ensure that any such transfer is subject to appropriate safeguards in accordance with Chapter V of the GDPR:

7.1 EU-US Data Privacy Framework (DPF)

Where our US-based service providers are certified under the EU-US Data Privacy Framework (adequacy decision of the European Commission of 10 July 2023, renewed and upheld by the European General Court on 3 September 2025), transfers are based on this adequacy decision pursuant to Article 45 GDPR.

7.2 Standard Contractual Clauses (SCCs)

Where a service provider is not certified under the DPF or is located in a country without an adequacy decision, we rely on the European Commission's Standard Contractual Clauses (Commission Implementing Decision (EU) 2021/914) pursuant to Article 46(2)(c) GDPR, supplemented by additional safeguards where necessary based on a Transfer Impact Assessment.

7.3 United Kingdom

The European Commission has renewed the adequacy decision for the United Kingdom (effective until 27 December 2031). Data transfers to the UK are therefore permitted without additional safeguards under Article 45 GDPR.

7.4 Switzerland

Switzerland is recognised as providing an adequate level of data protection by the European Commission. The Swiss Federal Act on Data Protection (nDSG/FADP), in force since 1 September 2023, is broadly aligned with the GDPR. The Swiss-US Data Privacy Framework has been in effect since 15 September 2024.

You may request a copy of the relevant transfer safeguards by contacting us at support@dein-eigentum.de.

8. Data Retention

We retain your personal data only for as long as necessary for the purposes for which it was collected, or as required by law. The specific retention periods are:

Data CategoryRetention PeriodLegal Basis
Account dataDuration of the contractual relationship + 30 days after account deletion (grace period), then deletedArt. 6(1)(b) GDPR
Session dataMaximum 24 hours after session expiryArt. 6(1)(f) GDPR
Server log files30 daysArt. 6(1)(f) GDPR
Financial and accounting records (invoices, payments, transactions)10 years from end of calendar year§ 147 AO, § 257 HGB
Commercial correspondence6 years from end of calendar year§ 257 HGB
Lease contract dataDuration of lease + 10 years (statutory retention)§ 147 AO
Security deposit recordsUntil deposit fully returned + 10 years§ 147 AO
Loan and mortgage dataDuration of loan + 10 years§ 147 AO
Property valuation dataDuration of account + statutory retention periodArt. 6(1)(b) GDPR
Audit log data10 years§ 147 AO; Art. 5(2) GDPR (accountability)
Legal document acceptance recordsIndefinite (audit trail required by GDPR)Art. 5(2), Art. 7(1) GDPR
Consent records (cookie, marketing)3 years after last interaction or until withdrawalArt. 7(1) GDPR; § 25 TDDDG
Ownership transfer dataCompletion + 10 years (statutory retention); archived property snapshots retained indefinitely for audit§ 147 AO
Property sharing dataUntil expiration of share link or account deletionArt. 6(1)(b) GDPR
Contact/tenant data (entered by user)Until deleted by the user (data controller) or account deletionArt. 28 GDPR (processor obligation)
Email communication logs6 years§ 257 HGB

After the applicable retention period expires, data is securely deleted or irreversibly anonymised.

Soft deletion: When you delete data in the platform (e.g., a contact record), it is initially soft-deleted (marked as deleted with a timestamp and reason) and permanently removed after the applicable retention period. This ensures compliance with statutory retention obligations while respecting your deletion requests.

9. Automated Decision-Making and Profiling

9.1 AI-Powered Property Valuations

Our platform uses artificial intelligence (AI) to generate property valuations. This constitutes automated processing within the meaning of Article 22 GDPR. However, these valuations are provided as informational estimates only and do not produce any legal or similarly significant effects on you. No binding decisions are made solely on the basis of automated processing.

You always have the option to:

  • Review and disregard any AI-generated valuation;
  • Request a manual review of any valuation result;
  • Contact us for clarification on the methodology used.

Transparency regarding AI systems (EU AI Act Art. 50): Our property valuation feature uses AI models provided by third-party providers (currently OpenAI). The AI analyses property characteristics, location data, and market comparables to generate an estimated value range. The AI-generated content is clearly labelled as such in the user interface. We do not use AI for any decision-making that produces legal effects or similarly significantly affects you.

9.2 No Profiling for Automated Decisions

We do not engage in profiling that produces legal effects or similarly significantly affects you. We do not use your data for automated credit scoring, automated rejection of applications, or any other form of automated individual decision-making with legal or similarly significant effect.

10. Your Rights as a Data Subject

You have the following rights under the GDPR and applicable national data protection law. To exercise any of these rights, please contact us at support@dein-eigentum.de. We will respond to your request within one month of receipt (extendable by two further months for complex requests, with prior notification).

We may ask you to verify your identity before processing your request in order to protect your data against unauthorised access.

10.1 Right of Access (Article 15 GDPR)

You have the right to obtain confirmation as to whether we process personal data concerning you and, if so, to receive a copy of that data together with information about the purposes, categories, recipients, retention periods, and the source of the data.

10.2 Right to Rectification (Article 16 GDPR)

You have the right to request the correction of inaccurate personal data and the completion of incomplete personal data concerning you.

10.3 Right to Erasure (Article 17 GDPR)

You have the right to request the deletion of your personal data where:

  • The data is no longer necessary for the purpose for which it was collected;
  • You withdraw your consent and no other legal basis applies;
  • You object to processing and there are no overriding legitimate grounds;
  • The data was processed unlawfully;
  • Erasure is required by law.

This right does not apply where processing is necessary for compliance with a legal obligation (e.g., statutory retention periods) or for the establishment, exercise, or defence of legal claims.

10.4 Right to Restriction of Processing (Article 18 GDPR)

You have the right to request the restriction of processing where:

  • You contest the accuracy of the data (for the period of verification);
  • Processing is unlawful but you oppose erasure;
  • We no longer need the data but you need it for legal claims;
  • You have objected to processing pending verification of overriding grounds.

10.5 Right to Data Portability (Article 20 GDPR)

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit it to another controller, where the processing is based on consent or contract performance and is carried out by automated means.

10.6 Right to Withdraw Consent (Article 7(3) GDPR)

Where processing is based on your consent, you may withdraw that consent at any time with effect for the future. The withdrawal of consent does not affect the lawfulness of processing carried out prior to the withdrawal.

10.7 Right to Object (Article 21 GDPR)

You have the right to object at any time, on grounds relating to your particular situation, to processing of your personal data based on Article 6(1)(e) or (f) GDPR, including profiling based on those provisions. We will cease processing unless we demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing serves the establishment, exercise, or defence of legal claims.

Where personal data is processed for direct marketing purposes, you have the right to object at any time to such processing. If you object, your data will no longer be processed for direct marketing purposes.

10.8 Right to Lodge a Complaint with a Supervisory Authority (Article 77 GDPR)

You have the right to lodge a complaint with a data protection supervisory authority, in particular in the Member State of your habitual residence, place of work, or the place of the alleged infringement.

The supervisory authority for our company is:

Bayerisches Landesamt für Datenschutzaufsicht (BayLDA) Promenade 18, 91522 Ansbach, Germany https://www.lda.bayern.de poststelle@lda.bayern.de

A list of all German supervisory authorities and their contact details is available at: https://www.bfdi.bund.de

If you are located in Austria, you may also contact: Österreichische Datenschutzbehörde Barichgasse 40-42, 1030 Vienna, Austria https://www.dsb.gv.at

If you are located in Switzerland, you may also contact: Eidgenössischer Datenschutz- und Öffentlichkeitsbeauftragter (EDÖB) Feldeggweg 1, 3003 Bern, Switzerland https://www.edoeb.admin.ch

10.9 Right to Effective Judicial Remedy (Article 79 GDPR)

You have the right to an effective judicial remedy against a controller or processor if you consider that your rights under the GDPR have been infringed.

10.10 Right to Compensation (Article 82 GDPR)

Any person who has suffered material or non-material damage as a result of an infringement of the GDPR has the right to receive compensation from the controller or processor for the damage suffered.

11. Data Security

We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, in accordance with Article 32 GDPR. These measures include, but are not limited to:

  • Encryption in transit: All data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher.
  • Encryption at rest: Sensitive data stored in our databases is encrypted at rest.
  • Password security: User passwords are never stored in plaintext; they are hashed using industry-standard algorithms.
  • Access controls: Role-based access controls (RBAC) ensure that users and employees can only access data relevant to their role and authorisation level.
  • Session security: Sessions are secured with unique tokens, IP binding, and automatic expiration.
  • Infrastructure security: Our hosting infrastructure (Vercel, Google Cloud) maintains SOC 2 Type II, ISO 27001, and other industry certifications.
  • Audit logging: All data-modifying actions are logged with full audit trails for forensic analysis.
  • Incident response: We maintain an incident response plan for data breaches in accordance with Articles 33 and 34 GDPR.
  • Employee training: Personnel with access to personal data receive regular data protection training.
  • Vendor assessment: Third-party service providers are assessed for data protection compliance before engagement and regularly thereafter.

12. Obligation to Provide Data

12.1 Contractual Requirement

The provision of certain personal data (email, name, password) is necessary for the conclusion and performance of the contract between you and us. Without this data, we cannot create your account or provide our services.

12.2 Legal Requirement

In certain cases, we are legally obligated to collect and retain data (e.g., billing data for tax compliance). Failure to provide such data may prevent us from offering certain features or fulfilling our legal obligations.

12.3 Voluntary Provision

All other data you provide (e.g., phone number, profile image, property details, tenant data) is voluntary. Not providing this data may limit the functionality of certain features but will not prevent you from using the platform.

13. Third-Party Links and Services

Our platform may contain links to third-party websites or services that are not operated by us. We are not responsible for the privacy practices or content of such third-party services. We encourage you to review the privacy policies of any third-party service you interact with.

14. Children's Data

Our services are not directed at children under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that we have inadvertently collected personal data from a child under 16, we will take steps to delete that data promptly. If you are a parent or guardian and believe that your child has provided us with personal data, please contact us at support@dein-eigentum.de.

In Austria, the applicable age for digital consent is 14 years (§ 4(4) Austrian DSG).

15. Multi-Jurisdictional Notice

15.1 European Economic Area (EEA)

This Privacy Policy is designed to comply with Regulation (EU) 2016/679 (GDPR) and applicable national implementing legislation across all EEA Member States.

15.2 Germany

In addition to the GDPR, the following German laws apply:

  • Bundesdatenschutzgesetz (BDSG): Federal Data Protection Act
  • Telekommunikation-Digitale-Dienste-Datenschutz-Gesetz (TDDDG): Governs cookies and similar technologies (§ 25 TDDDG)
  • Handelsgesetzbuch (HGB) and Abgabenordnung (AO): Statutory retention obligations

15.3 Austria

In Austria, the Datenschutzgesetz (DSG) supplements the GDPR. Notable differences include:

  • The right to data secrecy (§ 1 DSG) has constitutional force and extends to legal persons.
  • The age of digital consent is 14 years (§ 4(4) DSG).

15.4 Switzerland

If you are located in Switzerland, the Swiss Federal Act on Data Protection (nDSG/FADP), in force since 1 September 2023, applies in addition to the GDPR where applicable. Key differences include:

  • Criminal liability for data protection violations is personal (fines up to CHF 250,000 against individuals, not organisations).
  • The supervisory authority is the Federal Data Protection and Information Commissioner (FDPIC/EDÖB).
  • The Swiss-US Data Privacy Framework has been in effect since 15 September 2024.

16. Dispute Resolution

We are committed to resolving any complaints about the collection or use of your personal data. If you have a concern, please contact us at support@dein-eigentum.de. We will endeavour to resolve your complaint within 30 days.

If we cannot resolve your complaint, you have the right to lodge a complaint with the competent supervisory authority (see Section 10.8).

We are neither obligated nor willing to participate in dispute resolution proceedings before a consumer arbitration board (Verbraucherschlichtungsstelle) within the meaning of § 36 VSBG.

17. Changes to This Privacy Policy

We reserve the right to update this Privacy Policy to reflect changes in our data processing practices, legal requirements, or business operations. When we make material changes, we will:

  • Update the version number and effective date at the top of this document;
  • Notify you through the platform (via a blocking or non-blocking acceptance prompt, depending on the nature of the change);
  • Provide a summary of changes in each supported language.

The current version of this Privacy Policy is always available at https://dein-eigentum.de/legal/privacy.

Previous versions are archived and available upon request.

18. Contact

If you have any questions, concerns, or requests regarding this Privacy Policy or our data processing practices, please contact us at:

Email: support@dein-eigentum.de Postal Address: Ilya Baskakov, Von-Müller-Straße 15a, 82467 Garmisch-Partenkirchen, Germany

The effective date of this version is displayed above this document.