Privacy Policy
Information on the protection of your data
1. Responsible
The entity responsible for data processing on this website is:
MyHomeScout UG i.Gr.
Selchowstrasse 15
12489 Berlin
Deutschland
Email: info@myhomescout.de
Phone: +49 176 80839552
The responsible entity is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data.
2. Collection and Storage of Personal Data
We collect personal data when you voluntarily provide it during registration, inquiries, or search requests. This may include:
- First Name, Last Name
- Address (Street, House Number, ZIP Code, City, Country)
- Email Address
- Phone Number
- Search Criteria for Properties (e.g., Location, ZIP Code, Size, Price Range)
- Payment and billing data (e.g., PayPal transaction ID, booking reference; complete bank details are processed exclusively by the payment service provider)
- Device and usage data of the app as well as push tokens for sending notifications
The processing of this data is carried out in accordance with Art. 6 para. 1 lit. b GDPR for the fulfillment of a contract or for the implementation of pre-contractual measures.
3. Purpose of Processing
We process your data particularly for the following purposes:
- To provide suitable property offers
- To contact providers regarding your search request
- To send notifications (Email/SMS) about new offers
- To respond to your inquiries
- For processing payments and invoicing
- For security as well as to prevent fraud and abuse (e.g., two-factor authentication, protection against automated access)
4. Server Logfiles
When you access our website, our server automatically collects and stores information that your browser transmits (so-called server logfiles):
- Browser type and browser version
- Operating system used
- Referrer URL (previously visited page)
- Hostname of the accessing computer
- Time of the server request
- IP address
This data will not be merged with other data sources. The collection is based on Art. 6 para. 1 lit. f GDPR; we have a legitimate interest in the technically error-free provision, stability, and security of our website (especially for the detection and prevention of attacks and abuse). The log files will be deleted after a maximum of 30 days, unless they are needed to clarify a specific case of abuse.
5. Contact form and inquiries via email or phone
If you contact us via our contact form, by email, or by phone, we store your information including the contact details you provided in order to process your inquiry and in case of follow-up questions. When using the contact form, we additionally store your IP address to prevent abuse and automated spam sending (limiting the number of inquiries).
The processing is based on Art. 6 para. 1 lit. b GDPR, provided that your inquiry is related to the fulfillment of a contract or the execution of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective handling of inquiries directed to us (Art. 6 para. 1 lit. f GDPR).
We do not share this data without your consent. It remains with us until you request deletion or the purpose of storage ceases. Mandatory legal retention periods remain unaffected.
6. User account and registration
A user account is required to use our service. During registration, we collect the mandatory data you provided as well as your IP address and the time of registration. To confirm your email address, we send you an activation code or an activation link (double opt-in procedure). The legal basis is Art. 6 para. 1 lit. b GDPR.
If you activate two-factor authentication, we additionally process your email address or your phone number. To protect your account and prevent abuse, we log security-relevant events (e.g., logins, password and email changes) with the time and IP address. The legal basis is Art. 6 para. 1 lit. f GDPR. You can have your account deleted at any time.
7. Promotional emails and consent
We send service emails regarding your account, your matches, messages, applications, payments, and package durations to fulfill our contract (Art. 6 para. 1 lit. b GDPR). These are necessary for using our service; you can adjust the scope and channels in your notification settings.
In addition, we will send you tips for apartment searches, offers, and news only if you have explicitly consented to this (Art. 6 para. 1 lit. a GDPR, § 7 para. 2 no. 2 UWG). You give your consent voluntarily by checking a separate, unchecked checkbox during registration or at any time later in your notification settings. Granting consent is not a prerequisite for using our service.
To prove your consent, we log the time of granting or revoking consent, the language version of the consent text used, your IP address, and your browser identification (Art. 7 para. 1 GDPR). The confirmation of your email address takes place in the double opt-in procedure through the activation of your account.
You can revoke your consent at any time with effect for the future – via the unsubscribe link at the end of each promotional email, through the unsubscribe function of your email program, or in your notification settings. The legality of the processing carried out until the revocation remains unaffected. Your service emails are not affected by the revocation.
8. Automated matching and automated applications
The core of our service is an automated process: We match the search requests you create (including location, postal code, price range, size, number of rooms, and other criteria) with the recorded property offers. For each offer, a matching value is calculated, based on which the offer is displayed to you as suitable (positive match) or not suitable (negative match). The legal basis is Art. 6 para. 1 lit. b GDPR.
If you request the automated application function, we will transmit the application data you provided to the respective providers of the identified suitable properties on your behalf and at your request. You determine which data is provided; the triggering occurs based on your order.
An automated decision within the meaning of Art. 22 GDPR, which has legal effects on you or significantly affects you in a similar way, does not take place. The decision regarding your application and the conclusion of a contract is made exclusively by the respective providers or landlords.
9. Data Transfer
Your data will only be shared if:
- You have explicitly consented (Art. 6 para. 1 lit. a GDPR)
- The transfer is necessary for the fulfillment of contractual obligations (Art. 6 para. 1 lit. b GDPR)
- There is a legal obligation (Art. 6 para. 1 lit. c GDPR)
10. Referral and affiliate program
We operate a referral program. If you reach our website via a referral link with a referral code, we store the time of the call, the referral code used, and your IP address to assign a later registration to the referring user and to correctly calculate the compensation. We also store the call in your session.
The legal basis is our legitimate interest in the billing and abuse control of the referral program (Art. 6 para. 1 lit. f GDPR) as well as, in relation to the referring user, the fulfillment of the affiliate agreement (Art. 6 para. 1 lit. b GDPR). Referring users are shown only aggregated evaluations; your identity is not disclosed.
11. Mobile App and Push Notifications
Our app processes the same account data as the website. Additionally, we store a session token on your device for login purposes. This local storage is technically necessary for the operation of the app (§ 25 Abs. 2 TDDDG).
If you allow push notifications, a device-specific push token will be generated and transmitted to us. We use it exclusively for sending the notifications you have activated (e.g., new matches, messages, payments, package duration) via Google Firebase Cloud Messaging. The legal basis for service notifications is Art. 6 Abs. 1 lit. b GDPR, for advertising notifications your consent (Art. 6 Abs. 1 lit. a GDPR).
You can deactivate push notifications at any time in the app settings or your operating system. Upon cancellation or deletion of your account, the push token will be deleted.
Voice input in the AI assistant
In the AI assistant of our app, you can optionally enter your question by voice. Tapping the microphone icon will start the voice recognition of your Android device. The recording and conversion to text is not done by us, but by the voice recognition service set up on your device – usually the service from Google (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland). Depending on your device settings, your voice input will be transmitted to Google servers and processed there; transmission to the USA cannot be excluded.
We do not receive the audio recording nor do we process your voice. Only the already recognized text is transmitted to us and treated like a typed input. The use of voice input is voluntary; you can type your question at any time instead. Access to the microphone occurs only with your explicit permission (Art. 6 para. 1 lit. a GDPR) and only during voice input. You can revoke the microphone permission at any time in your device settings. The processing by the voice recognition service is subject to its privacy policy; you can find Google's policy at policies.google.com/privacy.
12. Engaged service providers (processors)
To provide our service, we use carefully selected service providers who process personal data on our behalf and according to our instructions (processing according to Art. 28 GDPR). This includes in particular:
- Hosting and server operation in a data center in Germany
- Payment processing via PayPal (PayPal (Europe) S.à r.l. et Cie, S.C.A., Luxembourg)
- Sending notifications: Push messages via Google Firebase Cloud Messaging as well as SMS and authentication messages via Twilio
- AI-supported functions (e.g., application and chat assistance) via the API of Anthropic
- Protection against automated access via Google reCAPTCHA
- Technical data acquisition of real estate offers via a specialized service provider (scraping infrastructure)
- AreaOne (AreaOne mh UG (limited liability), Hardenbergstraße 38, 10623 Berlin) – Provision of real estate offer data via a technical interface based on a contract for data processing. To conduct your search, we transmit the search criteria of your search requests (e.g., postal code, location, price range, area, number of rooms) to AreaOne. Your name, contact details, and application data are not transmitted. The legal basis is the fulfillment of our contract with you (Art. 6 para. 1 lit. b GDPR). The processing takes place on servers within the European Union.
13. Data transfer to third countries
Some of the aforementioned service providers are based or process data in the USA or other countries outside the EU or the EEA. If personal data is transferred to a third country, this is done on the basis of appropriate safeguards within the meaning of Art. 44 et seq. GDPR, in particular based on EU standard contractual clauses and – where applicable for the respective provider – a certification under the EU-U.S. Data Privacy Framework. Further information can be obtained upon request via the contact details mentioned above.
We would like to point out that the USA does not provide a level of data protection that is fully equivalent to that of Europe, according to the European Court of Justice. US companies may be required to disclose personal data to security authorities without you being able to take effective legal action against it. We have no influence on such processing.
14. Storage Duration
Your data will only be stored as long as necessary to fulfill the mentioned purposes or as required by legal retention periods.
Unless a more specific storage duration is mentioned in this privacy policy, your data will remain with us until the purpose of processing ceases. If you assert a legitimate deletion request or revoke consent, the relevant data will be deleted unless there are legally permissible reasons for further storage. If your data has been transmitted to providers as part of an application, they are responsible for its storage and deletion there.
15. Your Rights
You have the right:
- Obtain information about your stored data (Art. 15 GDPR)
- Request correction of inaccurate data (Art. 16 GDPR)
- Request deletion of your data (Art. 17 GDPR)
- Request restriction of processing (Art. 18 GDPR)
- Obtain data portability (Art. 20 GDPR)
- Object to processing (Art. 21 GDPR)
- To revoke a granted consent at any time for the future (Art. 7 Abs. 3 GDPR)
Many processing activities are only possible with your explicit consent. You can revoke a consent already given at any time. The legality of the processing carried out until the revocation remains unaffected. To exercise your rights, a simple informal notification to the contact details mentioned above is sufficient.
16. Right to Object (Art. 21 GDPR)
If processing is based on Art. 6 Abs. 1 lit. e or f GDPR, you have the right to object to the processing of your personal data at any time for reasons arising from your particular situation. If you object, we will no longer process the relevant data unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or the processing is necessary for the establishment, exercise, or defense of legal claims (Art. 21 Abs. 1 GDPR).
If your personal data is processed for the purpose of direct marketing, you have the right to object to this processing at any time. If you object, your data will no longer be used for direct marketing purposes (Art. 21 Abs. 2 GDPR).
The use of the contact details published in the imprint for sending unsolicited advertising is hereby objected to. We expressly reserve the right to take legal action in the case of unsolicited advertising.
17. Right to lodge a complaint with the supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR), in particular in the member state of your residence, your workplace, or the place of the alleged infringement. The Berlin Commissioner for Data Protection and Freedom of Information is responsible for us.
18. Data Security
We implement technical and organizational security measures to protect your data against manipulation, loss, destruction, or unauthorized access. Our security measures are continuously improved in line with technological developments.
This website uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content. You can recognize an encrypted connection by the fact that the address bar of your browser starts with "https://" and a lock symbol is displayed. We store passwords exclusively as cryptographic hashes and never in plain text.
We would like to point out that data transmission over the Internet – for example, when communicating via email – may have security vulnerabilities. A complete protection of the data against access by third parties is not possible.
19. Use of Cookies
Our website uses cookies to facilitate usage and provide certain features. You can disable cookies in your browser settings.
Cookie Categories
| Category |
Purpose |
Legal basis |
Storage duration |
| Necessary |
Session management, login, shopping cart, language setting, CSRF protection, storage of your cookie selection |
Art. 6 para. 1 lit. b and f GDPR, § 25 para. 2 TDDDG |
Session up to 12 months |
| Statistics |
Anonymized reach measurement and improvement of our services |
Art. 6 para. 1 lit. a GDPR, § 25 para. 1 TDDDG |
up to 12 months |
| Marketing |
Measurement of advertising campaigns and recommendations (affiliate tracking) |
Art. 6 para. 1 lit. a GDPR, § 25 para. 1 TDDDG |
up to 12 months |
Used services
- Google reCAPTCHA (Google Ireland Ltd.) – Protection of our forms against automated access and abuse. In this process, IP address and usage data may be transmitted to Google. Legal basis: legitimate interest in combating spam and abuse (Art. 6 para. 1 lit. f GDPR).
- PayPal (PayPal (Europe) S.à r.l. et Cie, S.C.A.) – Processing of payments and subscriptions. Loaded only on the payment pages. Legal basis: contract fulfillment (Art. 6 para. 1 lit. b GDPR).
- Google Fonts (Google Ireland Ltd.) – Display of the Arabic font. Your IP address is transmitted to Google.
- Content Delivery Networks (jsDelivr, Cloudflare) – Delivery of layout and function libraries (Bootstrap, Font Awesome, Flatpickr). These are technically necessary for the display of the website; your IP address is transmitted to the respective provider.
Revoke or change consent
You can revoke or adjust your cookie consent at any time with effect for the future. To do this, click on the following button or on the cookie symbol at the bottom right of each page. Additionally, you can delete cookies at any time in your browser settings.
Change cookie settings
20. Changes to this Privacy Policy
We reserve the right to adjust this privacy policy to ensure it meets current legal requirements or to implement changes in our services.