Privacy and Data Protection Policy

We, Quartier Heidestraße GmbH (hereinafter ‘we’ or ‘Quartier Heidestrasse’), appreciate your interest in our company.

We take the protection and confidential treatment of your personal data very seriously. Your personal data will be processed exclusively within the framework of the statutory provisions of the data protection regulations of the European Union, specifically, the General Data Protection Regulation (GDPR) as well as the other applicable regulations.

This Privacy and Data Protection Policy will inform you about the processing of your personal data on our website and your rights to privacy under the GDPR.


1. Name and contact details of the party responsible for processing data

This Privacy and Data Protection Policy applies to the processing of data by:

Quartier Heidestraße GmbH

Joachimsthaler Str. 34, 10719 Berlin, Germany


Phone: +49 030 2000 914 34


2 The subject of data protection

In this Privacy and Data Protection Policy, the subject of the data protection is ‘personal data’. Personal data is all information that relates to an identified or identifiable natural person (the ‘data subject/affected person’). This can include, for example, personal information such as your name, postal and email address, telephone number, and the IP address of your computer or device.

Specific information on the personal data that we process can be found below.


3. Collection and storage of personal data and the type and purpose of its use

3.1 When visiting the website

When you visit our website, the browser on your device automatically sends information to our website’s server. This information is stored temporarily in a log file. Without any action on your part, the following information is collected and stored by us and automatically deleted after three months:

  • IP address of the requesting computer
  • date and time of access
  • name and URL of the retrieved file
  • website from which our website is accessed (referrer URL)
  • website accessed via our website
  • browser used and, if necessary, your computer’s operating system as well as the name of your access provider

The processing of the data listed above is for the following purposes:

  • to ensure a smooth connection to our website
  • to ensure the functionality and ease of use of our website
  • for evaluation of our system’s security and stability
  • other administrative purposes

We process the personal data listed above in pursuing our legitimate interests. The basis for such processing is in accordance with Art. 6 (1) (f) of the GDPR, and under no circumstances do we use the data collected for identifying you as a natural person.


3.2 Email contact

If you have any questions, please contact us via the email address provided. In this case, the personal data you provide us will be stored by us, together with your email address.

The data processing for purposes of making contact is in accordance with Art. 6 (1) (f) GDPR. If the contact is about terminating a contract, an additional legal basis for processing in accordance with Art. 6 (1) (b) GDPR will also come into effect.

Provided no further processing is necessary, all personal data collected by us will be deleted after completion of your request.


3.3 Social media

Shariff social media buttons are integrated into our website. These simple HTML links redirect you to the services of Facebook and Twitter while protecting your data and form part of the so-called 'Shariff solution'. The Shariff solution also uses scripts to contact social networks to retrieve the number of times the share button on a page was clicked. However, your personal data, including your IP address, will not be transmitted during this process. Only our server address will be transmitted to Facebook and Twitter and also Google. You will not be in direct contact with Facebook, Twitter or Google until you choose to actively connect with them. Prior to that, the social networks are unable to collect any data about you. As long as you do not click on a link to share content, you remain invisible to the networks. If you click on the link, the obligation to inform you about data collection and processing no longer resides with us, but with the operator of the social network.


4. Rights of persons affected

You have the right:

  • in accordance with Art. 15 GDPR, to demand information about the personal data that we process and the purpose of the data collection and processing, the categories of personal data involved, the recipients or categories of recipients to whom your data has been or will be disclosed, the storage period for the data; to request the rectification, deletion, or restriction of processing or the objection to such processing of your personal data; to lodge a complaint; to know the source of the personal data where the data was not collected by us; to information about the existence of automated decision-making processes, including profiling and, if necessary, demand meaningful information about the logic involved in such processing;
  • in accordance with Art. 16 GDPR, to demand immediate rectification of inaccurate personal data stored by us;
  • in accordance with Art. 17 GDPR, to demand the deletion of your personal data stored by us, insofar as this information is not required to exercise the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise or defence of legal claims;
  • in accordance with Art. 18 GDPR, to demand the restriction of processing of your personal data, insofar as you dispute the accuracy of the data; the processing of the data is unlawful; you oppose its deletion; we no longer need the data; or you require it to establish, exercise or defend legal claims; or you have filed an objection to the processing of the data in accordance with Art. 21 GDPR;
  • in accordance with Art. 20 GDPR, to obtain a copy of your personal data provided to us, in a structured, usable, and machine-readable format or to demand that we transfer it to another responsible party;
  • in accordance with Art. 7 (3) GDPR, to withdraw your consent to the processing of your data at any time. As a result, we are no longer permitted to continue processing your personal data in the future based on this consent; and
  • in accordance with Art. 77 GDPR, to lodge a complaint with a competent regulatory authority. In general, you can contact the regulatory authority located where you normally live or work, or in the state where our company has its headquarters.


5. Right to object

Insofar as your personal data is processed on the basis of legitimate interests in accordance with Art. 6 (1) (f ) GDPR, you have the right to lodge an objection to the processing of your personal data for reasons relating to your particular situation or for reasons relating to direct marketing in accordance with Art. 21 GDPR. In the latter case, you have a general right to object, which will be immediately implemented by us without the need for you to specify your reason(s).

If you wish to exercise your right to withdraw consent or object to the processing of your data, simply send an email to


6 Further information

In accordance with Art. 13 (2) (e) GDPR, we would like to point out the following:

Provision of personal data is not compulsory by law or necessary for the completion of a contract. You are not obliged to provide us with personal data. There are also no negative consequences for you should you choose not to provide personal data.

In accordance with Art. 13 (2) (f) GDPR, we also point out the following:

We do not process personal data for the purposes of automated decision-making.


7 Data security

We use SSL (Secure Socket Layer) encryption technology, the industry standard for protecting the security of your data during transmission. The level of the encryption will depend on your browser. For most browsers this is 256-bit encryption. However, if your browser does not support 256-bit encryption, we will use 128-bit v3 technology instead. You can see whether the pages you visit on our website use data encryption by the appearance of a padlock icon in your browser's address bar.

We also use the appropriate technical and organisational security measures to protect personal data against accidental or deliberate manipulation, partial or complete loss, and destruction or unauthorised access by third parties. In addition to that, we are also continuously improving our security measures in line with the latest technological developments.


8 Validity and amendments to this Privacy and Data Protection Policy

This Privacy and Data Protection Policy is current as of June 2018.

It may become necessary to amend this policy due to future development of our website, changes to what we offer on the website or changes in statutory or regulatory requirements. You can view or print our current Privacy and Data Protection Policy at