Skip to content

Principles of data processing at SAVVY Group GmbH

The protection of your privacy and your personal data was and is important to us.

We collect and process your data within the framework of exclusively taking into account the applicable legal regulations, in particular the Europäische Datenschutzgrundverordnung (DSGVO) [European Data Protection Regulations, GDPR] and the Bundesdatenschutzgesetz (BDSG) [Federal Data Protection Act] and, where applicable, the Telemediengesetz (TMG) [Telemedia Act].

1. General notes

As a matter of principle, we only process your personal data insofar as this is necessary for the provision of SAVVY’s offers.

We collect this data directly from you/your legal representative (Art. 13 GDPR) or from other sources of information (Art. 14 GDPR).

Our employees are sworn to secrecy and are only given access to your data if you require it to fulfil the purpose of processing. The data may also be transferred to service providers/third parties for the purposes stated in each case. The involvement of service providers is required, for example, as part of the management and maintenance of IT systems. In doing so, we only use service providers as contractors who guarantee us an appropriate level of data protection and thus ensure the protection of your data in accordance with our requirements. If there is a legal or official obligation and therefore a corresponding necessity, we also transfer your personal data to public bodies and institutions, such as the Bundesanstalt für Finanzdienstleistungsaufsicht [German Federal Financial Supervisory Authority], the Europäische Bankenaufsichtsbehörde [European Banking Authority] or law enforcement agencies. In addition, this data may be forwarded to Group companies, e.g. as part of corporate communications or Group management.

We only transfer your data to service providers outside the European Economic Area (EEA) if the EU Commission confirms that this third country has an adequate level of data protection or if other appropriate data protection guarantees (e.g. binding internal company data protection regulations or EU standard contractual clauses) ensure the protection of your data. You can request detailed information on this and on the level of data protection at our service providers in third countries via the contact information above.

We delete your personal data as soon as we no longer need it, i.e. as soon as the purpose of processing no longer applies. This is the case, for example, when a tenancy or business relationship ends. Under certain circumstances, however, EU regulations, laws or other provisions to which we are subject may require us to retain data for up to ten (10) years. In addition, in very rare cases, personal data is stored for a period of up to thirty (30) years, if claims of the data subjects or legal requirements require this. In this case, the data concerned will be blocked for further processing and all other data will be deleted.

2. Who is responsible for data processing?

The responsible party in terms of data protection law is the

Comood GmbH

Plinganserstraße 150

D-81369 Munich

You will find further information about our company, details of the persons authorised to represent it and also further contact options in the site notice of our website

3. Which of your data do we process? And for what purposes?

If we have received data from you, we will generally only process it for the purposes for which we received or collected it.

The personal data collected in the course of the tenancy are required by the Landlord to ensure that the Landlord’s obligations under this Agreement and its performance towards the Tenant(s) can be fulfilled and that the Landlord can verify the Tenant(s)’ performance of its obligations (performance of the Agreement). For this purpose, we collect personal data from prospective tenants using the EverReal real estate platform as part of the process of initiating a tenancy agreement. For more information on the processing of your data by EverReal GmbH, please refer to the company’s privacy policy at

In order to be able to map the property management digitally, we work together with another service provider: casavi GmbH, AG München HRB 218832, Sandstraße 33, D-80335 Munich, Germany

Data processing for other purposes shall only be considered if the legal requirements necessary in this respect pursuant to Art. 6 (4) GDPR exist. We will, of course, comply with any information obligations pursuant to Art. 13 (3) GDPR and Art. 14 (4) GDPR in this case.

Type of data collected, purposes and legal basis of data processing

The Landlord or his authorised representatives process data in order to establish, implement and terminate the tenancy, in particular

  • Last name, first name, date of birth, telephone numbers, postal address at the time of signing the tenancy agreement;
  • Special requirements by the Tenant for the apartment (e.g. accessibility, parking space);
  • Data on payments and outstanding receivables, if any;
  • as far as necessary, information about the condition and equipment of the apartment, e.g. on handover and return of the rented property or if tenants report damage or defects;
  • Establish the number and identity of persons living in the household and the contents of subletting agreements to prevent overcrowding and unauthorised subletting;
  • Account details;
    • for the purpose of billing the operating costs, the consumption data for heating/hot water are collected by the contracted metering service company. This (and any subsequent data) will be forwarded to the contracted billing company;
  • to the extent necessary, information on Tenant behaviour when using the apartment, e.g. on breaches of contract and behaviour that may lead to damage;
  • to the extent necessary, other information provided by the tenants to the Landlord or its service providers (e.g. property management, craftsmen, service employees) or perceived by them.
  • Surveillance cameras may be installed in the entrance area and/or in front of the rented property. For more information, please refer to the respective notice board on site.
  • The Landlord may also receive information from third parties about tenants or persons living in the household, e.g. in connection with complaints. In this case, depending on the facts of the case and the assessment of the notice, the Landlord may request a statement from the Tenant and/or collect further information.

As a rule, your personal data will be collected and processed directly when you initiate the tenancy agreement.

In certain constellations, your personal data is also collected from other bodies due to legal requirements. This includes, in particular, event-related inquiries of information relevant for the tenancy at the responsible Employment Agency, Office for Social Security (housing subsidies), or in rare cases, after consultation, also at your employer. In addition, we may have received data from third parties (e.g. brokerage websites, brokers, credit information service providers).

4. What is the legal basis for this?

The legal basis for processing personal data is in principle – unless there are still specific legal provisions – Art. 6 GDPR. The following options can be considered here in particular:

  • Consent (Art. 6 (1) (a) GDPR)
  • Data processing for the fulfilment of contracts (Art. 6 (1) (b) GDPR (establishment, implementation and termination of the tenancy)
  • Data processing on the basis of weighing of interests involved (Art. 6 (1) (f) GDPR)
  • Data processing for the compliance with a legal obligation (Art. 6 (1) (c) GDPR) (Legal obligations as Landlord)

In individual cases, e.g. in the case of information on creditworthiness, the investigation of criminal offences or the internal exchange of data for administrative purposes, your data will also be processed by us or by third parties (e.g. public authorities) in order to safeguard legitimate interests pursuant to Art. 6 (1) (f) GDPR.

In certain cases, we are obliged to carry out a legitimation check for the establishment of a tenancy in order to prevent money laundering.

In addition, European anti-terrorism regulations 2580/2001 and 881/2002 require us to check your data against so-called “terror lists” or “sanctions lists” to ensure that no funds or other economic resources are provided for terrorist purposes.

We only process special categories of personal data if you give us your express consent to do so or if the processing serves the exercise of rights and obligations arising from social security or social protection law.

If personal data is collected on the basis of consent, you have the right to withdraw your consent at any time with effect for the future vis-à-vis ourselves.

When we process data on the basis of a weighing of interests involved, you as the data subject have the right to object to the processing of the personal data, taking into account the provisions of Art. 21 GDPR.

5. How long will the data be stored?

We process the data as long as this is necessary for the respective purpose.

The personal data of the Tenant is regularly stored until the expiry of the statutory three-year standard limitation period (Section 195 BGB [German Civil Code]) and deleted upon expiry of this period. If the Landlord is obliged to store data for a longer period of time in accordance with Article 6 (1) clause 1 (c) GDPR due to retention and documentation obligations under tax and commercial law, or if the Tenant has consented to storage beyond this period in accordance with Article 6 (1) clause 1 (a) DSGVO, these periods shall apply.

6. Which recipients is the data passed on to?

Your personal data will only be passed on to third parties if this is necessary for the performance of the agreement with you, if the transfer is based on a weighing of interests involved within the meaning of  Art. 6 (1) (f) GDPR, if we are legally obliged to pass on the data or if you have given your consent to do so.

Recipients of personal data of the Tenant are:

  • Employees of the Tenant or the Tenant’s authorised representatives;
  • employees of companies that process data bound by instructions on behalf of the Landlord,
  • third parties, as far as necessary for the execution of the tenancy, e.g. craftsmen, service providers or experts or the respective building insurer and liability insurer of the property;
  • public agencies, e.g. registration authorities, in the case of publicly subsidised housing the Office of Housing;
  • public third parties (e.g., housing assistance) who pay, have paid, or may pay rent or the security deposit for the Tenant, or advise the debtor, regarding information on rent arrears, ability to pay, or security deposit, to avoid homelessness;
  • credit bureaus, for the purpose of credit reporting;
  • after termination of the rental agreement, prospective tenants receive the Tenant’s telephone number for the purpose of arranging an appointment to view the apartment; the Tenant is informed of this in the termination confirmation and can object to the disclosure;
  • energy supply companies (e.g. meter readings after moving out);
  • collection agencies, credit agencies, lawyers, courts, bailiffs, if outstanding debts are not paid despite several reminders.
  • For the purpose of fulfilling legal claims, other tenants shall be granted access to all original receipts and consumption records on which the respective annual statements of account are based upon their request.

A list of the companies that work on our behalf can be found here:

7. Where is the data processed?

Your personal data is processed by us exclusively in data centres in the Federal Republic of Germany.

Transfer to third countries

A transfer of data to third countries does not take place. If your data is transferred to a third country, you will be informed about the processing in each individual case.

8. Your rights as a “data subject”

You have the right to obtain information about the personal data we process about you.

In the case of a request for information that is not made in writing, we ask for your understanding that we may then require proof from you that you are the person you claim to be.

Furthermore, you have a right to rectification or deletion or to restriction of processing, insofar as you are entitled to this by law.

Furthermore, you have the right to object to the processing within the framework of the legal requirements. A right to data portability also exists within the framework of data protection law.

In particular, you have the right to object to the processing of your data in connection with direct marketing in accordance with Art. 21 (1) and (2) DSGVO, if this is done on the basis of a balancing of interests.

9. Our data protection officer

We have appointed a data protection officer in our company. You can reach them using the following contact options:

Comood GmbH
– Data Protection Officer –
Plinganserstrasse 150

D-81369 Munich


10. Right to complain

You have the right to complain about the processing of personal data by us to a data protection supervisory authority.

Version as at: 29/12/2021