Privacy policy

Privacy policy according to EU Data Protection Regulation (DSGVO)

(Regulation EU (2016/679 of the European Parliament and of the Council of 27.04.2016 on the protection of individuals with regard to the processing of personal data, on the free movement of such data and repealing Directive 95/46EG in the Official Journal of the European Union, OJ L 119/1; entry into force: 25 May 2018).

to the website

We, Citrocasa GmbH, as the provider of the aforementioned telemedia service, take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection provisions under European law (esp. in accordance with the Data Protection Regulation/DSGVO and the German Telemedia Act/TMG) and the following declaration.

This data protection declaration refers solely to the aforementioned website. If you are forwarded to other websites via links on this website, please inform yourself there about the respective handling of your data and its processing and responsibility there.

The legal basis for data processing, including on websites, is essentially the following provisions and legal regulations:

  • Your consent (Art. 6 para. 1 lit. a DSGVO)
  • Fulfillment of contracts or other legal relationships as well as legal obligations (Art. 6 para. 1 lit. b and lit. c DSGVO)
  • Safeguarding legitimate interests / balancing of interests (Art. 6 para. 1 lit. f DSGVO)

In accordance with the principles of data avoidance and data economy, we process personal data only for as long as is necessary in the sense of the following statement or as long as is required by law (statutory storage period). If the purpose or the right to process the collected personal data ceases to apply or the permissible storage period ends, we block or delete the data; unless their - temporary - further processing is necessary, in particular for the following purposes:

  • Compliance with commercial and tax retention periods, in particular in accordance with the German Commercial Code (HGB) and the German Fiscal Code (AO). The retention and documentation periods specified there are two to a maximum of ten years.
  • Preservation of evidence within the framework of the statute of limitations. According to Sections 195 et seq. of the German Civil Code (BGB), these limitation periods can be up to 30 years, with the regular limitation period being three years.
  • Warranty or guarantee claims on your part

However, in order to be able to take a data block into account at any time, it is necessary to keep the data in a blocking file for control purposes. If there is no legal archiving obligation, you can also request the deletion of such data. If there is a legal archiving obligation, we will block such data if you so request. If the provision of personal data is required by law or contract, or is necessary for the conclusion of a contract, we point out the adverse consequences due to non-provision.

In particular, the following terms used in this Agreement are defined in accordance with Art. 4 GDPR as follows:

  • personal data: any information relating to an identified or identifiable natural person (hereinafter "data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
  • Data subject: any identified or identifiable natural person whose personal data are processed by the controller.
  • Processing: any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

For further definitions and information on the scope of the statutory data protection provisions, we refer in particular to Art. 4 DSGVO (

1. processing of personal data; nature and purpose of use

a. Calling up the website (server log files)

When accessing this website information is automatically sent to the server of this website by the browser used on your terminal device. This information is temporarily stored in a log file. The following information is collected without your intervention and stored until automated deletion:

  • IP address of the requesting computer (host name)
  • Date and time of access
  • Name and URL of the retrieved file
  • Website from which the access is made (referrer URL)
  • Browser used and, if applicable, the operating system of your computer
  • Name of your access provider.

Conclusions about your person are not possible through this automatically generated information. The aforementioned data is processed by us for the following purposes:

  • Ensuring a smooth connection establishment of the website
  • Ensuring a comfortable use of our website
  • Evaluation of system security and stability
  • for other administrative purposes

The legal basis for this data processing is Art. 6 para. 1 p. 1 lit. f DSGVO. Our legitimate interest follows from the purposes for data collection listed above. In no case do we use the collected data for the purpose of drawing conclusions about your person.

In this respect, we only store access data without personal reference. Non-personal information includes all information that is processed anonymously and cannot be assigned to a person. This includes aggregated key figures, such as the average time spent on or the frequency with which websites are called up (see above under section 2.a.). When non-personal information is stored, the IP addresses and domain data of visitors in particular are also only stored in abbreviated form, so that it is not possible to draw conclusions about individual visitors.

b. Data processing when contacting

You can contact us by mail or e-mail (especially via, see contact details in the imprint). We will then process the data that you provide to us when contacting us. This may include in particular your full name (first name/last name), your postal address (street, house number, postal code, city), your telephone number and your e-mail addresses. We process the data you provide when contacting us for the purpose of providing you with appropriate feedback.

The personal data collected by us for your contact and received from you will be deleted after completion of your request, unless there is a legitimate interest for further - temporary - storage (eg applicant data or for subsequent correspondence) or you give your consent otherwise.

Data processing for the purpose of contacting us is based on your voluntarily given consent according to Art. 6 para. 1 p. 1 lit. a DSGVO.

c. Google Search Console

For this website, the SEO tool Google Search Console is used for optimization purposes. Personal data is not collected, stored or processed in any other way. Cookies are not set, tracking does not take place. You can find more information about the Google Search Console here:

2. disclosure of personal data

Your personal data will only be transferred to third parties for the purposes listed below. We only pass on your personal data to third parties

  • if you have given your express consent to do so in accordance with Art. 6 (1) p. 1 lit. a DSGVO
  • if the disclosure is necessary for the assertion, exercise or defense of legal claims pursuant to Art. 6 (1) p. 1 lit. f DSGVO and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data
  • if there is a legal obligation for the disclosure according to Art. 6 para. 1 p. 1 lit. c DSGVO
  • if this is legally permissible and necessary according to Art. 6 para. 1 p. 1 lit. b DSGVO for the processing of contractual relationships with you
  • if this is necessary to protect vital interests of you or other natural persons
  • if this is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
  • on the basis of an order processing agreement (AVV) concluded by us with a processor in accordance with Art. 28 DSGVO

Insofar as we intend to use the personal data for a purpose other than the aforementioned purposes, we will provide you with information about this other purpose and all other relevant information in accordance with Article 13 (2) of the GDPR prior to this further processing.

3. cookies

4. tracking tools

The tracking measures listed below and used by us are carried out on the basis of Art. 6 (1) p. 1 lit. f DSGVO.

With the tracking measures used, we want to ensure a needs-based design and the ongoing optimization of our website. On the other hand, we use the tracking measures to statistically record the use of our website and to evaluate it for the purpose of optimizing our website offering for you.

These interests are to be regarded as legitimate within the meaning of the aforementioned provision. The respective data processing purposes and data categories can be found in the corresponding tracking tools.

a) Matomo

Description and purpose

This website uses Matomo (formerly Piwik), an open source software for statistical analysis of visitor traffic. The provider of Matomo is InnoCraft Ltd, 150 Willis St, 6011 Wellington, New Zealand.

Matomo uses cookies that are stored on your computer, which make an anonymous analysis of your website usage possible. As a rule, it is not possible to draw conclusions about a specific person, as your IP address is anonymized immediately after processing and before storage.

We use Matomo to improve the quality of our website and its content. By learning how our website is used, we can continuously optimize our website offering.

The following data is stored when you call up the individual pages of our website:

1. two bytes of the IP address of the user's calling system.

2. the accessed web page

3. the web page from which the user has reached the accessed web page (referrer url)

4. subpages that are called from the called web page

5. dwell time on the website

6. frequency of access to the website.

The software runs exclusively on the servers of our website or our website support, a storage of the personal data of the users takes place exclusively there. The IP address of the user is not stored in full but only shortened by masking only 2 bytes of the IP address. An assignment of the IP address shortened in this way to the end device of the user is then not possible.

The processing of users' personal data enables the analysis of usage behavior on our website.

Legal basis

The legal basis for this processing of your personal data is Art. 6 para. 1 lit. f) DSGVO.

Data recipients, data sharing and data transfer to third countries

The recipient of your anonymized data is the website operator and website support. A data transfer to a third country does not take place. There is also no other transfer of data to third parties.

Duration and scope of data storage

The data will be deleted as soon as the data is no longer required to achieve the purpose for which it was collected and processed. Likewise, the data will be deleted if you assert your right to data deletion pursuant to Art. 17 (1) DSGVO.

For further data subject rights, see below in this privacy statement.

There is no contractual or legal obligation for the provision of the data.

Further information on the processing of your personal data by Matomo can be found here: .

5. social media plug-ins

Plug-ins that directly link you to our website or, conversely, directly link this website to your social media account, for example, and by which a certain usage behavior of yours would be recognizable, are not used by us on this website.

6. data subject rights

You have the right in each case free of charge

  • in accordance with Art. 15 DSGVO to request information about your personal data processed by us. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of complaint, the origin of your data if it has not been collected by us, as well as the existence of automated decision-making including profiling and, if applicable, meaningful information about its details;
  • in accordance with Art. 16 DSGVO to immediately demand the correction of incorrect or completion of your personal data stored by us;
  • pursuant to Art. 17 DSGVO, to request the erasure of your personal data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of overriding public interest or one of ours, or for the establishment, exercise or defense of legal claims; the same applies in the case of restriction of processing
  • to request the restriction of the processing of your personal data in accordance with Art. 18 DSGVO, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you object to its erasure and we no longer require the data, but you need it for the assertion, exercise or defense of legal claims or you have objected to the processing in accordance with Art. 21 DSGVO;
  • pursuant to Art. 20 DSGVO to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request the transfer to another controller;
  • to revoke your consent at any time in accordance with Art. 7 (3) DSGVO. This has the consequence that we may no longer continue the data processing based on this consent for the future.
  • not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you, unless the decision (1) is necessary for entering into, or the performance of, a contract between the data subject and the controller, or (2) is permitted by Union or Member State law to which the controller is subject, and that law contains suitable measures to safeguard the data subject's rights and freedoms and legitimate interests, or (3) is based on the data subject's explicit consent. If the decision (1) is necessary for entering into, or the performance of, a contract between the data subject and the controller, or (2) it is made with the data subject's explicit consent, we shall implement suitable measures to safeguard the data subject's rights and freedoms and legitimate interests, which include at least the right to obtain the data subject's involvement on the part of the controller, to express his or her point of view and contest the decision. If the data subject wishes to exercise the rights concerning automated decisions, he or she may, at any time, contact any employee of the controller

To exercise the rights of the data subject, send an e-mail to

7. right of objection and right of revocation

Insofar as your personal data is processed on the basis of legitimate interests pursuant to Art. 6 (1) p. 1 lit. f DSGVO, you have the right to object to the processing of your personal data pursuant to Art. 21 DSGVO.

If your personal data is processed on the basis of your express consent pursuant to Art. 6 (1) p. 1 lit. a DSGVO, you may revoke this consent - provided that there are reasons for this that arise from your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right of objection, which will be implemented by us without specifying a particular situation.

If you wish to exercise your right of revocation or objection, simply send an e-mail to with the corresponding request.

8. data security

Within the website visit, we use the widespread SSL procedure (Secure Socket Layer) in connection with the highest encryption level supported by your browser. As a rule, this is a 256-bit encryption. You can tell whether an individual page of our website is encrypted when you see the closed key or lock symbol in the lower status bar of your browser.

We also use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.

9. up-to-dateness and modification of this privacy policy

This privacy policy is currently valid and has the status of 25 May 2018 (entry into force of the GDPR).

Due to the further development of our website and offers on it or due to changing legal or regulatory requirements, it may become necessary to change this privacy policy. The data protection declaration will then always apply in the correspondingly adapted version published here.

Contact form

Please enable JavaScript in your browser to complete this form.