Correct as of: January 2020
Thank you for your interest in our company and our website.
The protection and integrity of your personal information are important to us, as is safeguarding your private sphere.
What is personal information?
You can get more information in our FAQs.
Controller pursuant to art. 4 para. 7 of the European Union’s General Data Protection Regulation (GDPR) responsible for data processing by us is:
International Campus GmbH
Blumenstrasse 28, 80331 Munich
Telephone: +49 89 212 6880 – 0
Fax: +49 89 212 6880 – 290
Jointly responsible for our data processing is:
IC Service GmbH
Blumenstrasse 28, 80331 Munich
Telephone: +49 89 212 6880 – 0
Fax: +49 89 212 6880 – 290
International Campus Austria GmbH
Muthgasse 19, 1190 Vienna
Telephone: +43 1 375 0032
We recommend that you get in touch with our Data Protection Officer for the assertion of your rights, reporting of data protection incidents and for suggestions and complaints with regard to the processing of your personal data as well as for the revocation of your consent:
Mr. Konstantinos Katsanos
Data Protection Officer
International Campus GmbH
General information on the type of data we collect
Information which you provide to us
The data collected by us includes all data which you provide to us voluntarily, e.g. if you subscribe to our newsletter or get in contact with us using the contact form provided on our website, write us an e-mail or call us, register with us, open a user account and save information about yourself there, or conclude a rental agreement with us.
Information which is automatically collected by us
We also collect some data from you automatically (functional data or cookies), such as when you simply visit our website or use our Internet connections. It is possible that we record data such as the type of device you are using to access our website, the operating system and version of said operating system, your IP address, your geographic location disclosed by your IP address, your type of browser, the pages that you view on our website, and whether and how you interact with the content on our website.
Information which we receive from other sources
Information from children
Our entire service range and web offering are not aimed at children and young people under the age of 18. Even though young people and children under the age of 18 can use our website, we neither knowingly nor deliberately collect information about them without the corresponding consent of their parents. If we become aware that our services are being used by a minor without parental consent, we will immediately delete all data collected in relation to this individual unless we are legally obligated to store it.
Interactions with us
Using our website
If you only use the website for information purposes (without establishing contact with us), we only collect the personal information which your browser sends to our server. If you wish to surf our website, we collect the data which is technically required for us to display our website for you, and which is necessary to guarantee stability and security.
IP address, date and time of the request, time zone difference to Greenwich Mean Time (GMT), content of the request (specific page), access status/HTTP status code, respective amount of data transferred in each case, website from which the request originates, browser, operating system and its interface, language and version of the browser software
Legal basis: Art. 6 para. 1 sentence [R2] 1 f) GDPR.
Name, e-mail address, IP address, information which is collected via cookies
Legal basis: Art. 6 para. 1 sentence 1 f) GDPR.
Concluding rental agreements with us / using the service range offered by us
Our business model consists of letting furnished student apartments as well as providing a comprehensive media (e.g. Internet use) and leisure offering, such as organizing social events in our buildings. As part of the initiation, fulfilment and execution of the contractual relationships existing with us, information about you is collected which is required for the respective execution of contract, or which is created by the use of our services (e.g. using the Internet).
Name, address, telephone number, e-mail address, nationality, date of birth (optional:) information about your course of study, payment information (bank account details), IP address when using the Internet connection operated by us.
Art. 6 para. 1 sentence 1 b), f) GDPR.
Attention: Your payment information is only stored by us if you have concluded a rental agreement or are using other payable services. Personal information which is requested by others within this context is only stored for as long as is required for execution of contract and possible subsequent contract-related correspondence. Documents relevant legally for commercial or/and taxation matters which contain personal information are stored for as long as required by the legally stipulated retention periods of the German Commercial Code and the Fiscal Code for the retention of said documents. The traffic data, which is collected if you use the Internet connection offered and operated by us, is saved by us for 7 days for purposes of checking misuse and solving disruptions, and is then deleted to the extent that this is legally permitted. Special categories of personal data sent voluntarily, such as health-related information, are only saved by us for as long as is required for fulfilment of contract or is legally required. If you send us special categories of personal data which we do not require for fulfilment of contract, this information is immediately deleted.
Tenants of our buildings
Security for our tenants plays an important role for us. In order to guarantee security, video cameras can sometimes be operating in the vicinity of our buildings, though these are clearly visible and marked as such. The video cameras’ sole purpose is to prevent any specific dangers for tenants and the property as a whole, and therefore serve our legitimate interests.
Art. 6 para. 1 f) GDPR
Image data relating to you which is no longer required will be deleted by us without delay. This generally takes place within an evaluation period which is a maximum of  hours.
The range of services offered by us includes setting up so-called Facebook Communities for each respective location. If you have concluded a rental agreement with us, you have the opportunity to enter discussion groups with other tenants of the site within Facebook Communities. Access to the respective Facebook Community is only granted to tenants of the respective location, as well as our employees who manage the respective Community.
Facebook Communities [DK1] [RB2] are a service provided by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland (“Facebook”).
When you visit our Facebook page, Facebook will collect your IP address and other information in the form of cookies on your computer, among other things. This information is used to provide us, as the operator of the Facebook page, with statistical information about the use of the Facebook page.
Facebook provides more information on this at the following link:
The data collected about you in this context will be processed by Facebook and, as part of this, possibly transferred to countries outside of the European Union. Facebook describes what information it obtains and how this data is used in general terms in its data policy. Within this policy, you will also find information on ways to contact Facebook and possible settings for advertisements.
The data policy is available at the following link:
The full data use policy of Facebook can be found here:
The way in which Facebook uses the data from visits to Facebook pages for its own purposes, the extent to which activities on the Facebook page are associated with individual users, how long Facebook stores this data and whether data from a visit to the Facebook page is passed on to third parties is not conclusively and clearly stated by Facebook and it is not known to us.
When you access a Facebook page, the IP address assigned to your device is transmitted to Facebook. According to Facebook, this IP address is anonymized (for “German” IP addresses) and deleted after 90 days. In addition, Facebook also stores information about its users’ devices (e.g. as part of the “Login Notification” function); Facebook may therefore be able to assign IP addresses to individual users.
If you are currently logged in to Facebook as a user, a cookie with your Facebook ID is located on your device. This enables Facebook to see your visit to this page and how you used it. This also applies to all other Facebook pages. Facebook buttons which are integrated into websites allow Facebook to record your visits to the pages of these websites and assign them to your Facebook profile. Content or advertising can be offered which is tailored to you on the basis of this data.
With this data, we enable you from day one to get in contact with fellow tenants within your building and enjoy the unique student experience of an international community within a city of your choice. As a Communities provider, we also collect and process the following data stemming from the use of the service:
Art. 6 para. 1 sentence 1 f) GDPR.
How we use your data / legal basis
We exclusively use your data to be able to provide you with our services, execute our contracts with you, answer your enquiries, adhere to our legal obligations as well as design and develop our offering to be attractive and appropriate for you.
All data collected in this way has either been voluntarily provided to us by you, or we require it for the establishment, drafting or changing of the contractual relationship (inventory data), or we are legally obliged to collect it, or have a legitimate interest in its collection (e.g. for marketing purposes: to analyze and improve our offering, our services and the content on our websites, or to avert risks).
Note on the right of cancellation: If we process your personal information based on our legitimate interests and an “exit option” exists, e.g. based on a corresponding standard formulation[R4] , you can make use of your right of cancellation at any time by sending us an e-mail at [firstname.lastname@example.org]. You can find more information on this under your rights.
How we forward your information to third parties
We will never offer your information for sale to third parties.
We only transfer personal information to third parties if this is required as part of execution of contract, e.g. banks entrusted with payment processes, if we are legally obligated to or if the division of labor within our company requires the forwarding of this information to our partners and subsidiaries.
The basis for data processing is article 6 paragraph 1 b) GDPR, which permits the processing of data for fulfilment of a contract or pre-contractual measures, art. 6 c) GDPR if we are legally obligated to process your personal information, e.g. by national registration authorities (e.g. sections 19, 30 of the Federal Registration Act [Bundesmeldegesetz]) and article 6 f) to the extent that data is forwarded to affiliated subsidiaries and partner companies.
We share your information with subsidiaries and partner companies affiliated with us for business purposes such as internal management, the promotion of our products and the provision of our services for our customers (e.g. our website). It is in our legitimate interest to share your personal information for these purposes with these companies or to have this information processed by these companies on our behalf. Most of these companies are located within the European Union, as are the corresponding servers on which your data is stored. In addition, your data could also be forwarded to non-European countries for the purposes of internal administration, e.g. Canada or the USA. As part of this we strive to offer outstanding protection for your data by either only transferring to non-EU countries which the European Commission has made an adequacy decision on, or by using so-called standard contractual clauses from the European Commission (e.g.: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/model-contracts-transfer-personal-data-third-countries_en)
We disclose your personal information to law enforcement authorities, investigative authorities, our subsidiaries or in legal proceedings if we are legally obligated to do so or it is absolutely essential to do so for the execution of services, or the protection of our rights or the rights of our subsidiaries or users.
Sale or merger
In the case of a merger, takeover or sale of all or part of our assets, we may pass on your personal information. It goes without saying that we will announce this via e-mail and/or with a clearly visible notification on our website, and inform you about your rights.
Transfer and disclosure of aggregated data
We share data in aggregated form and/or in a form which does not allow the recipient to identify you using this data – such as third parties for industry analysis.
How we ensure the security of the data collected by us
Protecting your personal information is very important to us. Although we use appropriate protective measures to protect your personal information which we collect, please note that security systems are not infallible.
We use several appropriate technical and organizational measures and industry standards to protect your personal information, and therefore guard against loss, theft, misuse, unauthorized access and publication, changes and destruction. The personal information collected from you and stored by us is located on computer systems with limited access. In addition, we require the third parties appointed by us to safeguard appropriate security measures for the data sent by us. When you visit our website or send us information via the website, your data is protected using encryption technologies, e.g. transport layer security (HTTPS encryption).
How long we store your data for
You have the following rights in relation to us when it comes to the use of your personal information:
Right to information pursuant to art. 15 GDPR
You can ask us to send you a copy of the personal data which we have collected about you.
The right to rectification or erasure pursuant to art. 16, 17 GDPR
You may notify us if your personal information has changed or if you want us to change the personal information we have collected about you.
In specific cases, you can ask us to erase the personal information we have collected about you.
The right to restriction of processing pursuant to art. 18 GDPR
In specific cases you have the right to request that we limit the processing of your data
The right to withdraw consent and object to the processing of data pursuant to art. 7 para. 3, art. 21 GDPR
If you have already provided your consent for processing your data, you are able to withdraw this consent at any time effective for the future. If you exercise this right, this will affect our ability to process your personal information after expressing this wish to withdraw consent.
Insofar as we base the processing of your personal information on the balance of interests, you may object to this processing. This is particularly the case if said processing is not necessary for the fulfilment of a contract with you, for instance. When exercising such a right of withdrawal, we ask you to explain the reasons why we should not process your personal data as we have done previously. In the event of you submitting your justified objection, we will examine the situation and either stop or adjust data processing or explain to you our legitimate reasons to continue processing your information.
Right to lodge a complaint pursuant to art. 77 GDPR
We are always committed to finding a solution with you if you identify problems with our use of data. However, if you should be of the opinion that we were unable to help solve the problem, you also have the right to lodge a complaint with a data protection supervisory body about our processing of your personal information.
We rely on you to ensure that your personal information is complete, correct and up-to-date. Please inform us immediately about changes to or inaccuracies in your personal information by sending an e-mail to [email@example.com].
In an effort to make a visit to our website more attractive, in addition to the data named above, so-called cookies are also saved on your computer when you use our website. Cookies are small text files which are saved to the storage assigned to your Internet browser on your hard disk. The cookie set by a body (in this case us) is then used to transmit certain information back to the body. Cookies cannot run programs or transfer viruses to your computer. The following types of cookies could be set by us:
Transient cookies are automatically deleted when you close your browser. These particularly include session cookies. These store a so-called session ID which assigns the various requests from your browser during the joint session. This allows your computer to be recognized again when you return to the site. Session cookies are deleted when you log out or close the browser.
Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie. You can delete cookies at any time using the security settings within your browser.
To the extent that personal information is collected or saved by the implemented cookies, its processing either takes place in accordance with art. 6 b) GDPR to fulfill your contract or to carry out pre-contractual measures on the request of the person in question, or in accordance with art. 6 f) in realizing our legitimate interests in maintaining the functionality of our website as well as its user-friendly and effective organization.
Use of Google Analytics
On our behalf, Google will use this information to evaluate the use of our website by the user, compile reports on the activities within this website and provide us with other services related to the use of this website and the Internet. Pseudonymous usage profiles of users may be created from the processed data.
We exclusively use Google Analytics with the extension “_anonymizeIp()”, which ensures the anonymization of the IP address by shortening it and prevents the possibility of directly linking it to any particular individual. This means that the IP address of the user is shortened by Google within the member states of the European Union or in other nations that are party to the Agreement on the European Economic Area. Only in exceptional cases will the whole IP address first be transferred to a Google server in the USA and truncated there. In these cases, the processing takes place pursuant to art. 6 f) GDPR in realizing our legitimate interests for marketing purposes and maintaining the attractiveness of our website. The IP address sent by the user’s browser will not be connected with other data from Google.
You, as the user, can prevent the storage of cookies by selecting the corresponding settings in your browser software. In addition, you can also prevent the collection of data produced by the cookie and associated with your use of the website as well as its processing by Google by downloading and installing the browser plugin available at the following link:
If you no longer desire the anonymized analysis of your website use by Google Analytics, you can opt out at any time effective for the future here. By clicking on the link, an opt-out cookie will be saved to your device. If you visit our website again, this cookie prevents your data from being collected. In order to prevent data collection by Universal Analytics across multiple devices, you need to carry out the opt-out on all systems used.
Google LLC, based in the USA, is certified as part of the US-European data protection agreement “Privacy Shield” which guarantees compliance with the data protection level applicable in the EU.
Use of Google AdWords Conversion Tracking
We use the “Google AdWords” online advertising program and conversion tracking as part of Google AdWords on our website. Google Conversion Tracking is an analytical service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). When you click on an advert delivered by Google, a cookie for the conversion tracking is stored on your computer. These cookies become invalid after 30 days, contain no [R5] personal information and therefore do not serve for personal identification.
If you visit specific pages on our website and the cookie has not yet expired, we and Google can recognize that you have clicked on the advert and have been directed to that page. Every Google AdWords customer receives a different cookie. There is therefore a possibility that cookies can be tracked via the websites of AdWords customers.
The information gathered by this conversion cookie serves to generate conversion statistics for AdWords customers who have opted in to conversion tracking. As part of this, customers can find out the total number of users who have clicked on their advert and were directed to a page using the conversion tracking tag. However, they do not [R6] receive any information that can be used to identify users personally.
Use of Google Maps
We use Google Maps (API) on our website from Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Google Maps is a web service for displaying interactive (country) maps for presenting geographical information visually. Using this service will show you our location and facilitate finding directions to reach us. The data processing takes place pursuant to art. 6 f) GDPR in realizing our legitimate interests for marketing purposes and maintaining the attractiveness of our website.
Every time the “Google Maps” component is opened, Google sets a cookie in order to process user settings and data when displaying the page on which the “Google Maps” component is integrated. This cookie is not generally deleted on closing the browser, but instead expires after a specific period of time unless you manually delete it before such time.
as well as the additional terms and conditions for “Google Maps”
Use of Google Remarketing
Use of Instagram
Our website uses so-called social plugins (“plugins”) by Instagram, which are operated by Instagram LLC., 1601 Willow Road, Menlo Park, CA 94025, USA (“Instagram”). These plug-ins are marked with an Instagram logo, e.g. in the form of an “Instagram camera”.
When you visit a page of our website containing said plugin, your browser establishes a direct connection to Instagram’s servers. The contents of the plugin are sent from Instagram directly to your browser and integrated into the page. Through this integration, Instagram receives the information that your browser has accessed the corresponding page on our website, even if you do not [R7] have an Instagram account or are not currently logged in to Instagram. This information (including your IP address) is transmitted by your browser directly to an Instagram server in the USA and stored there.
If you are logged in to Instagram, Instagram can directly link your visit to our website to your Instagram account. If you interact with the plug-ins, e.g. by clicking the “Instagram” button, this information is also sent directly to an Instagram server and stored there. The information is also published on your Instagram account and displayed to your contacts there.
If you do not want Instagram to directly link the data gathered on our website to your Instagram account, you have to log out of Instagram before visiting our website. You can also completely prevent Instagram plugins from loading using add-ons for your browser.
Use of YouTube
On our website, we use components (videos) from the company YouTube LLC, 901 Cherry Ave, 94066 San Bruno, CA, USA (“YouTube”), a company of Google LLC (“Google”), Amphitheatre Parkway, Mountain View, CA 94043, USA.
[As part of this we use the option “privacy enhanced mode” provided by YouTube.]
When you visit an internet page that has an embedded video, a connection to the YouTube servers is established, and the content is displayed on the Internet page by notifying your browser.
[According to information provided by YouTube, in “privacy enhanced mode” data is only sent to the YouTube server when you watch the video, in particular which of our pages you have visited.]
If you are simultaneously logged in to YouTube, this information will be linked to your YouTube account. You can prevent this by signing out of your account before visiting our website.
For more on YouTube’s data protection, Google provides information at the following link:
Use of Hotjar
This website uses Hotjar, a web analysis service from Hotjar Ltd., Level 2, St Julian’s Business Centre, 3, Elia Zammit Street, St Julian’s STJ 1000, Malta, Europe (“Hotjar”).
This tool is used to track movements on websites (using so-called heat maps). For example, you can see how far users are scrolling and which buttons users click, and how often. In addition, the tool also allows feedback to be obtained directly from the users of the website. In this way, we receive valuable information to make our websites faster and more customer-friendly.
Please note that we do not record or process any personal information while using this service. All data, including your IP address, is completely anonymized.
Hotjar offers every user the option of using a “Do Not Track Header” to prevent the use of the Hotjar tool meaning that no [R8] data is recorded during a visit to the respective website. This is a setting that supports all common browsers in their current versions. To do this, your browser sends a request to Hotjar with the message to disable the tracking of the respective user. If you use sipgate websites with different browsers/computers, you have to set up the “Do Not Track Header” for each of these browsers/computers separately. You can deactivate this feature by following the instructions at https://www.hotjar.com/opt-out and changing the corresponding settings. Further information on Hotjar data protection is provided at
The updated version takes into account the provisions of the General Data Protection Regulation (GDPR) and offers transparent and simple information about our use of data. If anything is unclear, you can contact us directly at [firstname.lastname@example.org] or using the contact options listed in the legal notice.
What is the GDPR?
The GDPR is a European Union ordinance intended to simplify and improve the use of personal information within the EU.
What changes have resulted from the GDPR?
The GDPR has resulted in numerous changes to the protection offered to people in terms of how their information is handled. The most important changes are:
- Concrete legal provisions for data processing, the rights of subjects and the duties of responsible parties
- Strengthening the rights of users by increasing transparency obligations, for instance
- Financial penalty framework for infringements has been substantially increased
We are attempting to fulfill our new obligations by explaining our data usage to you in clear and transparent terms.
What data do we record?
We process and use personal information which you have provided to us voluntarily via the website or directly in various situations (e.g. when you send us an e-mail). In addition, we use data which we automatically collect on our website. Finally, it is also possible that we receive information about you from third parties.
Why do we need your information?
We primarily use your information in order to offer you our services and fulfil contracts existing with you. We also want to offer you the best possible service and therefore adapt to your interests. This encompasses the use of data for improving and personalizing the content shown to you. In addition, we also use the data to get in contact with you, e.g. to inform you via your account of new products or services, security issues and other news.
How is your information used?
We use the information collected about you for the following purposes:
- Fulfillment of our contractual obligationsI
- Improving our services and our products
- Future product development
- Customer support
- Security, dispute resolution or other legal obligations
- Analyzing our services
- Communication and marketing
How does your information help us improve our product?
We use your information to ensure that we can offer you the best possible service. Your interests are important to us.
Do we sell the information to third parties?
No. We only use your information for the purposes described and to offer you the best service. As part of this, we always pay attention to not use more information than we actually need.
Can I reject the collection of my [R9] information?
Yes, you can reject the collection of specific data by us, such as the data which we collect through cookies or for our marketing interests. However, specific other categories of data have to be used if we have or are striving for a contractual relationship with you, or we are legally obligated, or said information is required to maintain our functionality. You are not able to reject this use of your data.
How is your recorded data deleted?
How long do we store your data?
Personal information is stored for as long as required – such as for providing the services requested, supporting your products, for fulfilling one of the services requested by you or for another important reason, such as adhering to legal obligations, the settlement of disputes or enforcement of agreements. As the requirements can vary depending on the type of data, product or service, storage periods can differ considerably.
How is the information stored and protected on our servers?
Protecting your personal information is very important to us. We use various security technologies and processes in order to protect your personal data against unauthorized access, use or publication. For instance, we store the personal information provided by you on computer systems with limited access and on our own servers which exist within controlled environments. If we send information via the Internet, we protect this data using encryption technologies.
What protective measures exist for children?
Our offering is not aimed at children and is also not designed for them. We do not [R10] [RB11] [RB12] knowingly record any personal information from children or send them any request to enter such information. Even though visitors of all ages can use our website, we do not intentionally collect personal data from people under the age of 18. If a parent or legal guardian informs us or we find out in another manner that a child under the age of 18 has unlawfully registered with false information on our website, for example, we will immediately delete the corresponding account and the personal information associated with it.
Which companies affiliated with International Campus GmbH is personal information shared with?
We share your information with all companies affiliated with International Campus GmbH:
IC FIZZ Verwaltungs GmbH
IC FIZZ Verwaltungs 2 GmbH
IC General Contractor GmbH
IC FIZZ Berlin GmbH & Co. KG
IC FIZZ Berlin II GmbH & Co. KG
IC FIZZ Berlin III GmbH & Co. KG
IC FIZZ Darmstadt GmbH & Co. KG
IC FIZZ Frankfurt GmbH & Co. KG
IC FIZZ Frankfurt II GmbH & Co. KG
IC FIZZ Frankfurt III GmbH & Co. KG
IC FIZZ Freiburg II GmbH & Co. KG
IC FIZZ Generalmieter GmbH & Co. KG
IC FIZZ Generalmieter II GmbH & Co. KG
IC FIZZ Hamburg GmbH & Co. KG
IC FIZZ Hamburg II GmbH & Co. KG
IC FIZZ Hamburg IV GmbH & Co. KG
IC FIZZ Hamburg V GmbH & Co. KG
IC FIZZ Hannover GmbH & Co. KG
IC FIZZ Köln GmbH & Co. KG
IC FIZZ München GmbH & Co. KG
International Campus Austria GmbH
IC Netherlands B.V.
ICNL Netherlands B.V.
International Campus Group S.à r.l.