top of page
Data policy 

  1. General information, purpose and the responsible authority

    1. This Data Policy informs users about the nature, scope and purposes of the collection, processing and usage (hereinafter collectively referred to as ‘processing’) of their personal data within the website ‘’ and the services and functions connected herewith. The Data Policy applies irrespective of domains, systems, platforms and devices used (e.g., desktop or mobile devices) where runs.

    2. The provider of and the authority responsible in terms of data protection is EichenCredit GmbH, Am Borsigturm 44, 13507 Berlin, Germany, (under this Data Policy referred to as ‘EichenCreditGmbH’, ‘we’ or ‘us’).

    3. The term ‘user’ covers clients as well as non-clients of EichenCredit GmbH who use The notions used within the framework of this Data Policy such as ‘user’ are gender neutral.

    4. Provided the Data Policy contains permissions, they are to be highlighted.

    5. This declaration on data protection explains what information EichenCredit GmbH collects while you are visiting the website and how this information is used.

    6. If a link redirects you to another website that does not belong to and is not operated by EichenCredit GmbH, you can see the link in the changed address line in your browser. This data protection declaration does not apply to these websites.

  2. Fundamental information on data processing

    1. We process personal data of users only in compliance with relevant provisions on data protection. It means that personal data of the users are processed only if there is a legal permission or consent.

    2. We take organisational, contractual and technical security measures according to the state of the art, in order to ensure that the provisions of laws on data protection are observed and to protect the data processed by us against accidental or intentional manipulations, loss, or destruction or against access by unauthorised persons.

    3. If within the scope of this Data Policy contents, tools or other means are inserted from other providers (hereinafter collectively referred to as ‘third-party providers’), which are based abroad, it should be assumed that a data transfer occurs in the country where the third-party providers are resident. The transfer of data in third countries occurs either under a legal permission, consent of the user or special contractual clauses that guarantees the security provided by law.

  3. Collection, processing and usage of personal data

    1. The personal data of users are processed for the following purposes:

      1. Performance of our services

      2. Guarantee of an effective customer service and technical support

      3. Technical and business-related notifications concerning and EichenCredit GmbH.

    2. We transfer data to third parties based on legal consent or if it is required in order to perform our contractual obligations towards the users.

    3. When contacting or demanding a report, the details are stored for request processing as well as for the case of follow-up-question.

    4. If a user makes a comment on the blog, his or her IP address is saved. It occurs for the purpose of our security, if somebody writes unlawful content in comments (insults, forbidden political propaganda, etc.). In this case, we also can be held responsible for the comment and therefore are interested in the identity of the comment author.

    5. Personal data are deleted if they have fulfilled the use purpose and if the deletion does not oppose retention obligations.

    6. You can visit our website without having to provide any personal information.

    7. Some websites may require you to register or in the case of our websites, you will be asked to send us certain personal information if you would like us to contact you. Generally, we only collect as required fields the data that we absolutely need to perform the respective task or process the respective inquiry. Additional personal information is voluntary. You certainly have the option not to supply us with the information indicated as required. In this case, we will not be able to make available for you the desired products, services or information.

    8. If you share your personal information with us (e.g. to contact us), your data is handled with the utmost care. EichenCredit GmbH strictly maintains the confidentiality of your personal data in accordance with the provisions of the German Teleservices Act, Federal Data Protection Act and other laws on the protection of your privacy and informational self-determination.

    9. In addition, EichenCredit GmbH will not disclose your data to third parties unless it is necessary for a particular business transaction and you have given us your consent.

  4. Notifications and newsletter

    1. We send newsletters, emails and other electronic notifications with advertising information (hereinafter referred to as ‘newsletter’) only under the consent of the receiver or under a legal permission. The newsletters contain information about property-related offers and services as well as

    2. However, the notifications sent within the framework of contractual or business relations are not considered advertising. This includes, e.g., sending of service mails with technical or organisational information within the framework of our service provision, instructions concerning technical or legal changes or queries about the orders. The notifications about activities the client is subscribed to, e.g., if they should subscribe to certain search results, shall not be considered advertising as well.

    3. The newsletter is issued approx. once or twice per month. However, they also can be sent unscheduled under special circumstances, advertising campaign etc.

    4. So-called double-opt-in-emails, which are sent within the framework of the registration or sign-up for a newsletter, are not advertising messages too. These double-opt-in-emails invite the users to confirm a registration or sign-up. The double-opt-in-emails are necessary to check whether the sign-up was really made by the email owner.

    5. The information about the name and surname is for the personalisation of the newsletter.

    6. The users can withdraw their consent for saving the data, email addresses as well as their use for sending the newsletters at any time. The withdrawal can be made, e.g., through an unsubscribe link in the newsletter or with an email to with “Unsubscribe” in the subject field.

    7. The sign-ups for the newsletter are recorded, in order to be able to verify the sign-up process in compliance with legal requirements. For this purpose, in particular, the sign-up and confirmation moment is recorded.

    8. The sending of newsletters occurs through ‘MailChimp’, a newsletter sending platform of the provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA. MailChimp is reliable in terms of data protection and we have confidence in its performance and security. You can look through data protection conditions here: However we must point out that the data of newsletter recipients are transferred to the USA. The EU considers the USA unsafe third country in terms of data protection. This is bound up with the fact that there is no uniform data protection law in the USA and that there is political imbalance between the USA and the EU with regard to data protection. However, MailChimp declares in a special contract, which we have accepted, to respect the data protection regulations of the EU. For this reason, MailChimp still has our confidence in a secure data processing. While signing-up for our newsletter its recipient agree with the involvement of MailChimp.

    9. A statistical analysis of reading behaviour only takes place to the extent that we determine whether the recipients opened the newsletter and clicked the links. This is a function of MailChimp, which we only use to check how our newsletter is taken by the users and to optimise it accordingly. For this purpose, the newsletter contains so-called “web-beacon”, a pixel-sized file, which is retrieved from MailChimp’s server when the newsletter is opened.

  5. Collection of access data

    1. We collect data about each access to the server where this offer is stored (so-called ‘server log files’). The access data are the name of the website opened, file, date and time of opening, volume of data transferred, report about successful opening, browser type along with its version, user’s operating system, referrer URL (previously visited page), IP address and the requesting provider.

    2. We use log information without allocation to the person of the users or other profiling according to legal regulations only for statistical analysis for the purpose of the operation, security and optimisation of the offer. However, we reserve the right, to check the log information later if based on concrete indications there is a justified suspicion of an unlawful use.

    3. If we plan to use usage data from your visit on our website (to improve an individual product range or our services), we will seek your express consent during an Internet dialog regarding this. We will also inform you about the type and scope of the data collected. If you do not want to give your consent, you may continue any dialog without data being collected or stored or cancel or end the dialog.

  6. Cookies & scope measurement

    1. Cookies are information, which are transferred from our web server or the web servers of third parties to the web browser of the user and are stored for the subsequent openings there. The user are informed according to this Data Policy about the use of cookies within the framework of pseudonym scope measurement.

    2. The viewing of online offers is also possible under exclusion of cookies. If the users do not want the cookies to be stored on their computer, they are asked to deactivate the relevant option in the system settings of their browser. The saved cookies can be deleted in the system settings of the browser. The exclusion of cookies can lead to the functional limitations of the online offers.

    3. It is possible to administer many online offers that are stored in cookies of companies through the US based website or the EU based website

    4. In connection with providing personal services, EichenCredit GmbH uses cookies.

    5. These cookies serve the purpose of making our services more user-friendly, effective and secure. Thanks to these files, you may have information specially tailored to your interests displayed on the website. The sole purpose is to cater our services to the customer’s wishes as much as possible and to make surfing as convenient as possible for you.

    6. You can set your web browsers not to allow cookies to be stored on your PC. You can find additional information on these functions in the documentation or in the help file of your browser. Although we try to avoid this, if you do not accept cookies you may only be able to use some websites in a limited capacity or not at all.

  7. Involvement of services and contents of third parties

    1. It can happen that within our online offer contents or services of third-party providers, for example, YouTube videos, city maps or graphics from other websites are embedded. The embedding of contents of third-party providers always assumes that the third-party providers recognise the IP addresses of the users because without IP address they cannot sent contents to the browser of the users. The IP address is required therefore for the display of these contents. In addition, the providers of third-party contents can insert own cookies and process the data of the users for own purposes. Based on processed data the usage profiles of the users can be created. We will insert these contents as data-minimising and data-avoiding as possible as well as choose reliable third-party providers with regard to data security.

    2. The following presentation provides an overview of third-party providers as well as their contents, together with links to their privacy policies which contain further instructions concerning data processing and possibility to appeal (so-called opt-out) which to some extent have already been mentioned here:

    3. Videos of the platform ‘YouTube’ of the third-party provider Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy Policy:, Opt-Out:

    4. Maps of the service ‘Google Maps’ of the third-party provider Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy Policy:, Opt-Out:

    5. Videos of the platform ‘Vimeo’ of the third-party provider Vimeo Inc., Attention: Legal Department, 555 West 18th Street New York, New York 10011, USA. Privacy Policy:

  8. Scope measurement: Google Analytics

    1. We use Google Analytics, a web analysis service of Google Inc. (‘Google’). Google uses cookies. The information generated by the cookie about usage of the online offer by the users is as a rule transferred to a server of Google in the USA and is stored there.

    2. Google will use this information on our account in order to evaluate the usage of our online offers by the users to compile reports on activities within this online offer and to supply us with further services connected with the usage of this online offer and the web usage. Based on the processed data pseudonymous usage profiles of the users can be created.

    3. We use Google Analytics only if IP anonymisation is activated. This means that the IP address of the users is shortened by Google within the member state of the European Union or in other Contracting States to the Agreement on the European Economic Area. Only in exceptional cases, the whole IP address is transferred to a Google server in the USA and is shortened there.

    4. The IP address transmitted from the user browser is not brought together with other Google data. The users can prevent the storage of cookies by selecting the appropriate settings on their browser software. In addition, the users can prevent the collection of data generated by the cookies and data related to their usage of the online offer as well as processing of this data by Google by downloading the browser plugin available under the following link:

    5. Further information about the usage of data for advertising purposes by Google, configuration options and possibility to appeal You can find on the website of Google: and

  9. Google AdWords

    1. We use the online advertising program ‘Google Adwords’ and the conversion racking in its framework in order to measure the success of the Google AdWords advertising. The cookie for conversion tracking is used if a user clicks one of the advertisements placed by Google. There cookies lose their validity in 30 days and are not used personal identification. If this cookie has not yet expired when the user visits certain pages of this service, Google and the provider will be able to recognise that the user clicked the advertisement and was forwarded to this service. Each Google AdWords client receives another cookie. Therefore, it is impossible to keep track of cookies via the website of AdWords clients. The information obtained by means of the conversion cookies are intended to create conversion statistics for AdWords clients, which have opted for the conversion tracking. The clients find out the total number of users who clicked the advertisement and were forwarded to one of pages provided by a conversion tracking tag. However, they do not receive any information that can be used to identify the users. Based on the data processed pseudonymous usage profiles of the users can be created.

    2. Users who do not want to participate in the tracking can deactivate the cookie of the Google conversion tracking via their internet browser in user settings or use opt-out possibilities provided by Google:

  10. Facebook remarketing

    1. Within our online offer so-called ‘Facebook pixel’ of the social network Facebook, which is operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, and if You are a EU resident by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland (‘Facebook’). By means of the Facebook pixels, Facebook can determine whether the visitors of our online offer is the target audience for the display of advertisements, so-called ‘Facebook Ads’. We use the Facebook pixel accordingly in order to show our Facebook ads only such Facebook users who are interested in our Internet offer. That is, with the help of the Facebook pixel we want to ensure that our Facebook ads corresponds with the potential interest of the users and do not have an annoying effect. Furthermore, with the help of the Facebook pixel we can trace the effectiveness of Facebook advertisements for statistical and market research purposes by monitoring whether the user was forwarded to our website after clicking our Facebook advertisement (so-called ‘conversion’ and ‘visitor interaction’).

    2. The Facebook pixel is integrated at every call-up of our web pages directly by Facebook and can store so-called cookie, i.e., a small file, on Your device. If You subsequently log on to Facebook or visit Facebook when logged on, the visiting our offer is recorded in Your profile. The data collected about You are anonymous for us and they do not give any indication of the personal identities of the users. However, the data is stored and processed by Facebook so that a connection to a particular user profile is possible. That means, the usage profiles based on user profiles can be created. The processing of the generated data by Facebook occurs within the framework of the Data Policy of Facebook. Therefore, You can receive further information about operation of remarketing pixels and about display of Facebook ads in the Data Policy of Facebook:

    3. You can object to the collection by the Facebook pixel and use of Your data for display by Facebook-Ads. To that end, You can call-up the webpage created by Facebook and follow the information about usage based advertising settings The settings are made platform-independent, i.e., they are applied to all devices, such as desktops or mobile devices. Moreover, an objection is possible via the website of the European Interactive Digital Advertising Alliance:

  11. Use of Facebook-Plugins (Like-Button)

    1. Our Internet site uses social plugins (‘plugins’) of the social network Facebook which is operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, and if You are a EU resident by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland (‘Facebook’). The plugin can be recognised by one of Facebook logos (white “f” on a blue tile or a “thumbs up” symbol) or are indicated with the additional text “Facebook social plugin”. The list and the look of the Facebook social plugins can be viewed here:

    2. When You call up a web page on our Internet site that includes a plugin of this type, Your browser establishes a direct connection with Facebook servers. Provided that so-called ‘double-click solution’ is applied (i.e., You will be explicitly asked for consent to activating the social plugins), You have to activate the switch area first prior to its execution. Only then, Your browser establishes a direct connection to the servers of Facebook. The content of the plugin is passed by Facebook direct to Your browser and integrated it into the website. This means that we have no influence over the extent of the data which Facebook obtains with the help of this plugin and we therefore inform You according to our information status:

    3. Through integration of the plugin, Facebook obtains the information that You have called up the relevant page on our Internet site. If You are logged on to Facebook, Facebook can allocate the visit to Your Facebook account. I.e., based on the data used the usage profiles of users can be created. If You interact with the plugins by using the “Like-it-Button”, for example, or by posting a commentary, the information will be given direct to Facebook by Your browser and stored there. If You are not a Facebook member, there is still the possibility for Facebook to find out and store Your IP address.

    4. For information on the purpose and extent of data capture and the further processing and use of data by Facebook, as well as Your rights in this regard and turn-off options for the protection of Your personal privacy, please refer to the Facebook data protection information:

    5. If You are a Facebook member and do not want Facebook to collect data about You via our Internet website and to link this with Your data stored on Facebook, You need to log off from Facebook before going to our website and delete cookies. Further settings and objections against data usage for advertising purposes are possible within Facebook profile settings: The settings are made platform-independent, i.e., they are applied to all devices, such as desktops or mobile devices. Moreover, an objection is possible via the website of the European Interactive Digital Advertising Alliance:

  12. Use of Mouseflow

    1. This website uses Mouseflow: a website analytics tool that provides session replay, heatmaps, funnels, form analytics, feedback campaigns, and similar features/functionality. Mouseflow may record your clicks, mouse movements, scrolling, form fills (keystrokes) in non-excluded fields, pages visited and content, time on site, browser, operating system, device type (desktop/tablet/phone), screen resolution, visitor type (first time/returning), referrer, anonymized IP address, location (city/country), language, and similar meta data. Mouseflow does not collect any information on pages where it is not installed, nor does it track or collect information outside your web browser. If you'd like to opt-out, you can do so at If you'd like to obtain a copy of your data, make a correction, or have it erased, please contact us first or, as a secondary option, contact Mouseflow at For more information, see Mouseflow’s Privacy Policy at For more information on Mouseflow and GDPR, visit For more intormation on Mouseflow and CCPA visit

  13. Types of processed data

    1. Types of processed data

      • Types of processed data:• Personal data (e.g. name, address).

      • Contact data (e.g. e-mail, phone number).

      • Usage data (e.g. visited websites, interest in contents, access time).

      • Meta/communication data (e.g. device information, IP addresses ).

    2. Processing of special categories of data (Article 9 (1) GDPR)

      • Special categories of data are basically not processed unless they are supplied for processing by the users, e.g. entered into our online forms.

    3. Categories of data subjects:

      • Visitors and users of online offers.

    4. Purpose of the processing:

      • Provision of the online offer, its contents and functions.

      • Delivery of contractual services and customer support.

      • Response to contact requests and communication with users.

      • Marketing, advertising and market research.

      • Security measures.

  14. How do we protect personal data?
    To protect your personal data, EichenCredit GmbH has taken measures that comply with data protection law and the state of the art in the software industry. They are continuously reviewed and adjusted if necessary. The goal is to protect your data against accidental or intentional manipulation, partial or complete loss, destruction, unauthorized gaining knowledge or against unauthorized access by third parties.
    To transfer data between our websites and applications, the communication is encrypted using the Secure Socket Layer (SSL) procedure.We protect the systems and processing through a series of technical and organizational measures. These include amongst others: data encryption, pseudo and anonymization, logical and physical access restriction and control, firewalls and recovery systems, and integrity testing.
    Our employees are regularly trained in the corresponding sensitive handling of personal data and are obliged to maintain confidentiality in accordance with legal requirements.

  15. Storage duration and deletion periods
    We store the personal data to the extent necessary for fulfilment of the purposes. The storage period depends on the legal requirements and the duration of the contractual relationship.If the data are no longer used, they will be anonymized and / or deleted within the scope of the legal provisions.If you initiate the deletion of your data, please note that we may suspend your data immediately, but due to legal reasons and technical limitations, it may take up to 180 days before we have deleted the data from the productive systems.Please also note that after confirming the deletion order there is no possibility to restore your data.In addition, the users have the right to correct inaccurate data, withdraw the consents, block and delete their personal data, provided there is no legal obligation to keep records.

  16. Relevant legal grounds
    In accordance with Article 13 GDPR, we inform you about the legal grounds for our data processing. Unless the legal ground is stated in the declaration on data protection (the Privacy policy), the following shall apply: The legal ground for obtaining the consents is Article 6 (1) (a) and Article 7 GDPR, the legal ground for the processing necessary for the performance of our services and contractual measures as well as for the response to inquiries is Article 6 (1) (b) GDPR, the legal ground for processing necessary for compliance with our legal obligations is Article 6 (1) (c) GDPR, and the legal ground for processing necessary for the purposes of our legitimate interests is Article 6 (1) (f) GDPR. In the event that vital interests of the data subject or of another natural person require the processing of personal data, Article 6 (1) (d) GDPR is a legal ground.

  17. Your rights
    According to the provisions of the BDSG (the Federal Data Protection Act), you have the right to get information free of charge about the stored data related to you, their origin, their recipients and the purpose of the storage as well as the right to correct, block or delete these data. Any consent given to us may be withdrawn at any time with effect for the future. To exercise your rights, an informal message is sufficient:
    EichenCredit GmbH
    Stichwort/Keyword „Datenschutz“
    Am Borsigturm 44
    13507 Berlin

    Fax: +49 (0) 30 2434 2648

  18. Responsibilities

    1. Responsible
      Company: EichenCredit GmbH
      Address: Am Borsigturm 44
      13507 Berlin,
      CEO: Carsten Heinrich
      Telephone: +49 (0) 30 2434 2648

      Handelsregister: HRB 185722 B
      Amtsgericht Charlottenburg


      Ordnungsamt, Karl-Marx-Allee 31, 10178 Berlin
      Gewerbeerlaubnis nach §34i GewO durch die Stadt Berlin
      Vermittler-Registernummer: D-W-107-CWFM-48 IHK Berlin

    2. Data protection manager
      Firma: Eichen Holding GmbH
      Adresse: Mellenseestr. 21, 15806 Zossen, Germany

    3. Data Protection Officer: Enrico Schumacher
      Telephone: +49 (0) 30 212 223 685

  19. Amendment to the present data protection principles
    This Data Protection Directive is reviewed at irregular intervals to reflect the latest developments in the Company, our products and services, legal requirements and social developments. Users are therefore asked to keep up to date with the content of the Data Protection Directive, especially if they provide personal information again.

As of 9th January 2020

bottom of page