rent2Brent2B

Privacy Policy

As of: February 2026

1. Introduction and Overview

We have prepared this privacy policy to explain to you, in accordance with the requirements of the General Data Protection Regulation (EU) 2016/679 (hereinafter "GDPR"), the Austrian Data Protection Act (DSG), and the Austrian Telecommunications Act 2003 (TKG 2003), which personal data we process as the data controller.

2. Data Controller

Honeyfield GmbH Strubergasse 26 5020 Salzburg, Austria

Email: datenschutz@rent2b.net Phone: +43 676 4600 960

Company Register Number: FN 554194 t Company Register Court: Regional Court Salzburg (Landesgericht Salzburg) VAT Number: ATU 76962217

3. Scope

This privacy policy applies to all personal data processed by us in connection with the website rent2b.net and the SaaS platform rent2B.

4. Legal Bases for Processing

The processing of personal data is based on the following legal grounds:

  • Art. 6(1)(a) GDPR (Consent): You have given your consent to the processing for a specific purpose.
  • Art. 6(1)(b) GDPR (Performance of a Contract): Processing is necessary for the performance of a contract or for the implementation of pre-contractual measures.
  • Art. 6(1)(c) GDPR (Legal Obligation): Processing is necessary for compliance with a legal obligation (e.g. retention obligations under the Austrian Federal Fiscal Code or the Austrian Commercial Code).
  • Art. 6(1)(f) GDPR (Legitimate Interests): Processing is necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by the interests or fundamental rights of the data subject.

5. Storage Duration

We store personal data only for as long as is necessary for the fulfilment of the respective purpose. In addition, we store data where this is required by law, in particular:

  • Accounting records: 7 years (§ 132 BAO — Austrian Federal Fiscal Code)
  • Business documents and invoices: 7 years (§ 212 UGB — Austrian Commercial Code)
  • Contractual documents: Until the expiry of possible warranty and limitation periods (generally 3 years, § 1489 ABGB — Austrian General Civil Code)

6. Your Rights as a Data Subject

You have the following rights under the GDPR:

  • Right of Access (Art. 15 GDPR): You have the right to request confirmation as to whether personal data is being processed and to obtain information about such data.
  • Right to Rectification (Art. 16 GDPR): You have the right to rectification of inaccurate data.
  • Right to Erasure (Art. 17 GDPR): You have the right to request the erasure of your data, provided that no statutory retention obligations apply.
  • Right to Restriction of Processing (Art. 18 GDPR): You have the right to request the restriction of processing.
  • Right to Data Portability (Art. 20 GDPR): You have the right to receive your data in a structured, commonly used, and machine-readable format.
  • Right to Object (Art. 21 GDPR): You have the right to object to the processing of your data.
  • Right to Withdraw Consent (Art. 7(3) GDPR): You may withdraw consent at any time without affecting the lawfulness of processing carried out prior to withdrawal.

To exercise your rights, please contact: datenschutz@rent2b.net

7. Right to Lodge a Complaint with a Supervisory Authority

If you believe that the processing of your personal data violates the GDPR, you have the right to lodge a complaint with the competent supervisory authority:

Austrian Data Protection Authority (Datenschutzbehörde) Barichgasse 40-42 1030 Vienna, Austria Phone: +43 1 52 152-0 Email: dsb@dsb.gv.at Website: https://www.dsb.gv.at

8. Data Processing on Our Website

8.1 Server Log Files

Each time our website is accessed, the following data is automatically collected and stored in server log files:

  • IP address (anonymised)
  • Date and time of access
  • Page accessed / URL
  • Referrer URL (previously visited page)
  • Browser and operating system used
  • Volume of data transferred

This data is processed to ensure the technical operation of the website, to detect and prevent attacks, and for error analysis. The legal basis is Art. 6(1)(f) GDPR (legitimate interest). The data is deleted after 30 days.

8.2 Cookies

Our website uses cookies. Cookies are small text files that are stored on your device.

Technically necessary cookies are used on the basis of Art. 6(1)(f) GDPR and § 165(3) TKG 2021. They are required for the operation of the website and cannot be deactivated.

Analytics cookies are only set with your consent pursuant to Art. 6(1)(a) GDPR and § 165(1) TKG 2021. You may withdraw your consent at any time.

You can configure your browser to inform you about the setting of cookies and to allow cookies only on a case-by-case basis, to exclude the acceptance of cookies for certain cases or in general, and to activate the automatic deletion of cookies when closing the browser.

8.3 Contact Form

When you use our contact form, the following data is processed:

  • Name
  • Email address
  • Message content

The data is processed to handle your enquiry (Art. 6(1)(b) GDPR for pre-contractual enquiries, Art. 6(1)(f) GDPR for general enquiries). The data is deleted after the enquiry has been processed and any retention obligations have expired, at the latest after 6 months, unless a contractual relationship is established.

8.4 Newsletter

If you subscribe to our newsletter, we process your email address on the basis of your consent (Art. 6(1)(a) GDPR). You may unsubscribe from the newsletter at any time. Unsubscription is possible via the link in each newsletter.

9. Data Processing within the rent2B Platform

9.1 Registration and Customer Account

During registration, we process the following data:

  • Company name and legal form
  • Contact person's name
  • Email address
  • Phone number (optional)
  • Business address
  • VAT number (for B2B customers)

The legal basis is Art. 6(1)(b) GDPR (performance of a contract).

9.2 Payment Processing

For payment processing, we use the payment service provider Stripe (Stripe Technology Europe, Ltd., 1 Grand Canal Street Lower, Dublin 2, Ireland). Stripe processes your payment data as an independent data controller. Further information: https://stripe.com/privacy

The legal basis is Art. 6(1)(b) GDPR (performance of a contract).

9.3 Platform Data

In the course of platform use, we store and process the data entered by you (items, bookings, your end customers' data) on behalf of and pursuant to the instructions of the customer. In this respect, the customer is the data controller within the meaning of the GDPR. Where required, we conclude a data processing agreement pursuant to Art. 28 GDPR.

10. Use of Third-Party Services

10.1 Hosting and Infrastructure

  • Amazon Web Services (AWS): Our website is hosted on AWS Amplify in the EU region (Frankfurt, eu-central-1). AWS processes data in accordance with the AWS Privacy Policy and the EU-US Data Privacy Framework. Further information: https://aws.amazon.com/privacy
  • Microsoft Azure: Our content management system is hosted on Microsoft Azure in the EU region. Further information: https://privacy.microsoft.com
  • Supabase: The platform database is hosted on Supabase in the EU region (Stockholm, eu-north-1). Further information: https://supabase.com/privacy

10.2 Media and Images

Cloudinary (Cloudinary Ltd., 111 W Evelyn Ave Suite 206, Sunnyvale, CA 94086, USA) is used for the storage and delivery of media (images, videos). Cloudinary participates in the EU-US Data Privacy Framework. Further information: https://cloudinary.com/privacy

10.3 Web Analytics

We reserve the right to use web analytics tools. If such tools are used, this will only be done with your express consent (Art. 6(1)(a) GDPR, § 165(1) TKG 2021). Currently, no web analytics tool is in use.

11. Data Disclosure to Third Parties

Your personal data will only be disclosed to third parties:

  • if you have given your express consent (Art. 6(1)(a) GDPR)
  • if this is necessary for the performance of a contract (Art. 6(1)(b) GDPR)
  • if there is a legal obligation (Art. 6(1)(c) GDPR)
  • if this is necessary for the purposes of legitimate interests (Art. 6(1)(f) GDPR)

12. Data Transfer to Third Countries

Insofar as we transfer data to countries outside the EU/EEA (in particular to US service providers), this is only done if:

  • an adequacy decision of the European Commission exists (e.g. EU-US Data Privacy Framework, Art. 45 GDPR)
  • appropriate safeguards are in place (e.g. EU Standard Contractual Clauses pursuant to Art. 46(2)(c) GDPR)
  • express consent has been given (Art. 49(1)(a) GDPR)

13. Data Security

We employ technical and organisational measures pursuant to Art. 32 GDPR to protect your data against accidental or intentional manipulation, partial or complete loss, destruction, or unauthorised access by third parties. Our security measures are continuously improved in line with technological developments.

14. Currency and Amendment of this Privacy Policy

This privacy policy is current as of February 2026. We reserve the right to amend this privacy policy at any time to ensure it complies with current legal requirements or to implement changes to our services. The most current version can always be found on our website.