Privacy Policy – Löwe Apartments

We have written this privacy policy (version 25.09.2021-311839130) in order to explain to you, in accordance with the provisions of the General Data Protection Regulation (EU) 2016/679 and applicable national laws, which personal data (data for short) we as the controller – and the processors commissioned by us (e.g. providers) – process, will process in the future and what legal options you have. The terms used are to be considered as gender-neutral.

In short: We provide you with comprehensive information about any personal data we process about you.

Privacy policies usually sound very technical and use legal terminology. However, this privacy policy is intended to describe the most important things to you as simply and transparently as possible. So long as it aids transparency, technical terms are explained in a reader-friendly manner, links to further information are provided and graphics are used. We are thus informing in clear and simple language that we only process personal data in the context of our business activities if there is a legal basis for it. This is certainly not possible with brief, unclear and legal-technical statements, as is often standard on the Internet when it comes to data protection. I hope you find the following explanations interesting and informative. Maybe you will also find some information that you have not been familiar with.
If you still have questions, we would like to ask you to contact the responsible body named below or in the imprint, to follow the existing links and to look at further information on third-party sites. You can of course also find our contact details in the imprint.If you still have any questions, please contact the responsible body named below or in the imprint, follow the links provided and look at further information on third-party websites. You can of course also find our contact details in the imprint.

HOST
Strato
Our website is hosted by our processor Strato, Strato AG, Pascalstraße 10, 10587 Berlin, Germany.

Connection data is processed to provide and deliver the website. Data is not stored beyond access for the sole purpose of delivering and providing the website.

The legal basis for the processing is the legitimate interest (absolute technical necessity to provide and provide the “website” service, which you have expressly requested by visiting the website, in accordance with Art. 6 Para. 1 lit. f) GDPR.

Connection data and other personal data are also processed in connection with various other functions or services in order to operate the website. Detailed information can be found in this privacy policy and in the individual functions or services.

scope

This privacy policy applies to all personal data processed by us within the company and to all personal data processed by companies commissioned by us (contract processors).

By personal data we mean information within the meaning of Art. 4 No. 1 GDPR such as a person's name, email address and postal address. The processing of personal data ensures that we can offer and bill for our services and products, whether online or offline. The scope of this data protection declaration includes:

all online presences (websites, online shops) that we operate
Social media presence and email communication
mobile apps for smartphones and other devices

In short: This privacy policy applies to all areas in which personal data is processed in a structured manner within the company via the channels mentioned. If we enter into legal relationships with you outside of these channels, we will inform you separately if necessary.

Legal basis

In the following data protection declaration, we provide you with transparent information on the legal principles and regulations, i.e. the legal basis of the General Data Protection Regulation, which enables us to process personal data.
As far as EU law is concerned, we refer to REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016. You can of course read this EU General Data Protection Regulation online on EUR-Lex, the access to EU law, at https://eur-lex.europa.eu/legal-content/DE/TXT/?uri=celex%3A32016R0679.

We only process your data if at least one of the following conditions applies:

1. Consent (Article 6 paragraph 1 letter a GDPR): You have given us your consent to process data for a specific purpose. An example would be the storage of your entered data in a contact form.
2. Contract (Article 6 paragraph 1 lit. b GDPR): In order to fulfil a contract or pre-contractual obligations with you, we process your data. For example, if we conclude a purchase agreement with you, we need personal information in advance.
3. Legal obligation (Article 6 paragraph 1 lit. c GDPR): If we are subject to a legal obligation, we process your data. For example, we are legally obliged to keep invoices for accounting purposes. These usually contain personal data.
4. Legitimate interests (Article 6 paragraph 1 lit. f GDPR): In the case of legitimate interests that do not restrict your fundamental rights, we reserve the right to process personal data. For example, we have to process certain data in order to be able to operate our website safely and economically efficiently. This processing is therefore a legitimate interest.

Other conditions such as the taking of recordings in the public interest and the exercise of public authority as well as the protection of vital interests do not generally occur with us. If such a legal basis should be applicable, it will be indicated in the appropriate place.

In addition to the EU regulation, national laws also apply:

In Austria, this is the Federal Law on the Protection of Natural Persons with regard to the Processing of Personal Data (Data Protection Act), or DSG for short.

In Germany, the Federal Data Protection Act, or BDSG for short, applies.

If other regional or national laws apply, we will inform you about them in the following sections.

Contact details of the person responsible

If you have any questions about data protection, you will find the contact details of the responsible person or body below:
Martin and Franziska Löwe GbR
Oberdorf 5

79790 Küssaberg

Germany

Authorized representative:
Email: info@loeweapartments.de
Imprint: https://www.loeweapartments.de/impressum

Storage period

Our general rule is that we only store personal data for as long as it is absolutely necessary to provide our services and products. This means that we delete personal data as soon as the reason for data processing no longer exists. In some cases, we are legally obliged to store certain data even after the original purpose no longer applies, for example for accounting purposes.

If you wish to have your data deleted or withdraw your consent to data processing, the data will be deleted as quickly as possible and unless there is an obligation to store it.

We will inform you below about the specific duration of each data processing operation, provided we have further information on this.

Rights according to the General Data Protection Regulation

According to Article 13 GDPR, you have the following rights to ensure fair and transparent processing of data:

According to Article 15 GDPR, you have a right to information about whether we process data about you. If this is the case, you have the right to receive a copy of the data and to be informed of the following information:
for what purpose we carry out the processing;
the categories, i.e. the types of data that are processed;
who receives this data and if the data is transferred to third countries, how security can be guaranteed;
how long the data is stored;
the existence of the right to rectification, erasure or restriction of processing and the right to object to processing;
that you can complain to a supervisory authority (links to these authorities can be found below);
the origin of the data if we did not collect it from you;
whether profiling is carried out, i.e. whether data is automatically evaluated in order to create a personal profile of you.
According to Article 16 GDPR, you have the right to rectification of data, which means that we must correct data if we find errors.
According to Article 17 GDPR, you have the right to erasure (“right to be forgotten”), which specifically means that you can request that your data be erased.
According to Article 18 GDPR, you have the right to restriction of processing, which means that we can only store the data but not use it any further.
According to Article 19 GDPR, you have the right to data portability, which means that we will provide you with your data in a common format upon request.
According to Article 21 GDPR, you have the right to object, which, if enforced, will result in a change in the processing.
If the processing of your data is based on Article 6 (1) (e) (public interest, exercise of official authority) or Article 6 (1) (f) (legitimate interest), you can object to the processing. We will then check as quickly as possible whether we can legally comply with this objection.
If data is used to conduct direct advertising, you can object to this type of data processing at any time. We may no longer use your data for direct marketing after that.
If data is used to conduct profiling, you can object to this type of data processing at any time. We may no longer use your data for profiling after that.
According to Article 22 GDPR, you may have the right not to be subjected to a decision based solely on automated processing (for example profiling).

In short: you have rights - do not hesitate to contact the responsible body listed above!

If you believe that the processing of your data violates data protection law or that your data protection rights have been violated in any other way, you can complain to the supervisory authority. For Austria, this is the Data Protection Authority, whose website you can find at https://www.dsb.gv.at/. In Germany, there is a data protection officer for each federal state. For more information, you can contact the Federal Commissioner for Data Protection and Freedom of Information (BfDI). The following local data protection authority is responsible for our company:

Baden-Württemberg Data Protection Authority

State Commissioner for Data Protection: Dr. Stefan Brink
Address: Königstrasse 10a, 70173 Stuttgart
Telephone number: 07 11/61 55 41-0
Email address: poststelle@lfdi.bwl.de
Website: https://www.baden-wuerttemberg.datenschutz.de/

Data transfer to third countries

We only transfer or process data to countries outside the EU (third countries) if you consent to this processing, if this is required by law or contractually necessary and in any case only to the extent that this is generally permitted. Your consent is in most cases the most important reason why we have data processed in third countries. Processing personal data in third countries such as the USA, where many software manufacturers offer services and have their server locations, may mean that personal data is processed and stored in unexpected ways.

We expressly point out that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfer to the USA. Data processing by US services (such as Google Analytics) may result in data not being processed and stored anonymously. Furthermore, US government authorities may have access to individual data. In addition, it may happen that collected data is linked to data from other services of the same provider, provided you have a corresponding user account. Where possible, we try to use server locations within the EU if this is offered.

We will provide you with more detailed information about data transfer to third countries, where applicable, at the appropriate points in this privacy policy.

Security of data processing

We have implemented both technical and organizational measures to protect personal data. Where possible, we encrypt or pseudonymize personal data. In this way, we make it as difficult as possible for third parties to derive personal information from our data.

Art. 25 GDPR speaks of “data protection through technology design and through data protection-friendly default settings” and means that security is always considered and appropriate measures are taken for both software (e.g. forms) and hardware (e.g. access to the server room). In the following, we will go into more specific measures if necessary.

TLS encryption with https

TLS, encryption and https sound very technical and they are. We use HTTPS (Hypertext Transfer Protocol Secure) to transfer data securely over the Internet.
This means that the complete transmission of all data from your browser to our web server is secured – no one can “eavesdrop”.

We have thus introduced an additional security layer and comply with data protection through technology design (Article 25 paragraph 1 GDPR). By using TLS (Transport Layer Security), an encryption protocol for secure data transmission on the Internet, we can ensure the protection of confidential data.
You can recognise the use of this data transfer security by the small lock symbol in the top left of the browser, to the left of the Internet address (e.g. examplepage.de) and the use of the https scheme (instead of http) as part of our Internet address.
If you want to know more about encryption, we recommend doing a Google search for “Hypertext Transfer Protocol Secure wiki” to get good links to further information.

communication

Communication Summary
👥 Affected persons: All those who communicate with us by phone, email or online form
📓 Data processed: e.g. telephone number, name, email address, entered form data. You can find more details in the contact type used
🤝 Purpose: Handling communication with customers, business partners, etc.
📅 Storage period: Duration of the business case and the legal regulations
⚖️ Legal basis: Art. 6 Para. 1 lit. a GDPR (consent), Art. 6 Para. 1 lit. b GDPR (contract), Art. 6 Para. 1 lit. f GDPR (legitimate interests)

If you contact us and communicate by telephone, email or online form, personal data may be processed.

The data will be processed to handle and process your query and the related business transaction. The data will be stored for the same period or as long as required by law.

Affected persons

The above-mentioned processes affect everyone who contacts us via the communication channels we provide.

phone

When you call us, the call data is stored pseudonymously on the respective device and by the telecommunications provider used. In addition, data such as name and telephone number can be sent by email afterwards and stored to answer your query. The data is deleted as soon as the business transaction has been completed and legal requirements permit it.

e-mail

If you communicate with us by email, data may be saved on the respective device (computer, laptop, smartphone, etc.) and data may be saved on the email server. The data will be deleted as soon as the business transaction has been completed and legal requirements permit it.

Online forms

If you communicate with us using an online form, data will be stored on our web server and, if necessary, forwarded to an email address of ours. The data will be deleted as soon as the business transaction has been completed and legal requirements permit it.

Legal basis

The processing of the data is based on the following legal bases:

Art. 6 Para. 1 lit. a GDPR (consent): You give us your consent to store your data and to continue to use it for the purposes related to the business case;
Art. 6 (1) (b) GDPR (contract): There is a need to fulfil a contract with you or a processor such as the telephone provider or we have to process the data for pre-contractual activities, such as preparing an offer;
Art. 6 (1) (f) GDPR (legitimate interests): We want to handle customer inquiries and business communication in a professional setting. For this, certain technical facilities such as email programs, exchange servers and mobile phone operators are necessary in order to be able to conduct communication efficiently.

Cookies Summary
👥 Affected: Visitors to the website
🤝 Purpose: depends on the respective cookie. You can find more details below or from the manufacturer of the software that sets the cookie.
📓 Data processed: Depends on the cookie used. You can find more details below or from the manufacturer of the software that sets the cookie.
📅 Storage period: depends on the cookie, can vary from hours to years
⚖️ Legal basis: Art. 6 Para. 1 lit. a GDPR (consent), Art. 6 Para. 1 lit. f GDPR (legitimate interests)

What are cookies?

Our website uses HTTP cookies to store user-specific data.
In the following we explain what cookies are and why they are used so that you can better understand the following data protection declaration.

Whenever you surf the Internet, you use a browser. Well-known browsers include Chrome, Safari, Firefox, Internet Explorer and Microsoft Edge. Most websites store small text files in your browser. These files are called cookies.

One thing cannot be denied: Cookies are really useful little helpers. Almost all websites use cookies. More precisely, they are HTTP cookies, as there are other cookies for other areas of application. HTTP cookies are small files that are stored on your computer by our website. These cookie files are automatically stored in the cookie folder, which is basically the "brain" of your browser. A cookie consists of a name and a value. When defining a cookie, one or more attributes must also be specified.

Cookies store certain user data from you, such as language or personal page settings. When you visit our site again, your browser transmits the "user-related" information back to our site. Thanks to the cookies, our website knows who you are and offers you the settings you are used to. In some browsers each cookie has its own file, in others such as Firefox all cookies are stored in a single file.

The graphic below shows a possible interaction between a web browser such as B. Chrome and the web server. The web browser requests a website and receives a cookie from the server, which the browser uses again as soon as another page is requested.

There are both first-party cookies and third-party cookies. First-party cookies are created directly by our site, third-party cookies are created by partner websites (e.g. Google Analytics). Each cookie must be evaluated individually, since each cookie stores different data. The expiry time of a cookie also varies from a few minutes to a few years. Cookies are not software programs and do not contain viruses, Trojans or other "pests". Cookies also cannot access information on your PC.

For example, cookie data can look like this:

Name: _ga
Value: GA1.2.1326744211.152311839130-9
Purpose: Differentiation of website visitors
Expiry date: after 2 years

A browser should be able to support these minimum sizes:

At least 4096 bytes per cookie
At least 50 cookies per domain
At least 3000 cookies in total

What types of cookies are there?

The question of which cookies we use in particular depends on the services used and is clarified in the following sections of the privacy policy. At this point we would like to briefly explain the different types of HTTP cookies.

There are 4 types of cookies:

Essential cookies
These cookies are necessary to ensure basic functions of the website. For example, these cookies are needed when a user puts a product in the shopping cart, then continues browsing on other pages and only later proceeds to the checkout. These cookies do not delete the shopping cart, even if the user closes their browser window.

Purposeful cookies
These cookies collect information about user behavior and whether the user receives any error messages. In addition, these cookies are also used to measure the loading time and behavior of the website in different browsers.

Targeted cookies
These cookies improve user experience. For example, entered locations, font sizes or form data are stored.

Advertising cookies
These cookies are also called targeting cookies. They are used to deliver individually tailored advertising to the user. This can be very practical, but also very annoying.

Typically, when you first visit a website, you will be asked which of these types of cookies you would like to allow. And of course, this decision will also be stored in a cookie.

If you want to know more about cookies and are not afraid of technical documentation, we recommend https://tools.ietf.org/html/rfc6265, the Request for Comments of the Internet Engineering Task Force (IETF) called “HTTP State Management Mechanism”.

Purpose of processing via cookies

The purpose ultimately depends on the respective cookie. You can find more details below or from the manufacturer of the software that sets the cookie.

What data is processed?

Cookies are little helpers for many different tasks. Unfortunately, it is not possible to generalize which data is stored in cookies, but we will inform you about the data processed or stored in the following data protection declaration.

Storage period of cookies

The storage period depends on the respective cookie and is specified further below. Some cookies are deleted after less than an hour, others can remain stored on a computer for several years.

You also have influence over the storage period yourself. You can manually delete all cookies at any time via your browser (see also “Right of objection” below). Furthermore, cookies based on consent are deleted at the latest after you revoke your consent, whereby the legality of storage remains unaffected until then.

Right of objection - how can I delete cookies?

How and whether you want to use cookies is up to you. Regardless of which service or website the cookies come from, you always have the option of deleting, deactivating or only partially allowing cookies. For example, you can block third-party cookies but allow all other cookies.

If you want to find out which cookies have been stored in your browser, if you want to change or delete cookie settings, you can find this in your browser settings:

Chrome: Delete, enable and manage cookies in Chrome

Safari: Manage cookies and website data with Safari

Firefox: Delete cookies to remove data that websites have stored on your computer

Internet Explorer: Delete and manage cookies

Microsoft Edge: Delete and manage cookies

If you do not want cookies at all, you can set up your browser so that it always informs you when a cookie is about to be set. This way you can decide for each individual cookie whether to allow the cookie or not. The procedure varies depending on the browser. The best way to do this is to search for instructions in Google using the search term “delete cookies Chrome” or “deactivate cookies Chrome” in the case of a Chrome browser.

Legal basis

The so-called "cookie guidelines" have been in place since 2009. They state that the storage of cookies requires your consent (Article 6 Paragraph 1 Letter a of GDPR). However, there are still very different reactions to these guidelines within the EU countries. In Austria, however, this guideline was implemented in Section 96 Paragraph 3 of the Telecommunications Act (TKG). In Germany, the cookie guidelines were not implemented as national law. Instead, this guideline was largely implemented in Section 15 Paragraph 3 of the Telemedia Act (TMG).

For absolutely necessary cookies, even if no consent has been given, there are legitimate interests (Article 6 Paragraph 1 Letter f of GDPR), which in most cases are of an economic nature. We want to give visitors to the website a pleasant user experience and for this, certain cookies are often absolutely necessary.

If cookies that are not absolutely necessary are used, this only happens with your consent. The legal basis in this respect is Art. 6 Para. 1 lit. a GDPR.

In the following sections you will be informed in more detail about the use of cookies, provided that the software used uses cookies.

Web hosting

Webhosting Summary
👥 Affected: Visitors to the website
🤝 Purpose: professional hosting of the website and securing its operation
📓 Data processed: IP address, time of website visit, browser used and other data. You can find more details below or from the web hosting provider used.
📅 Storage period: depends on the provider, but usually 2 weeks
⚖️ Legal basis: Art. 6 para. 1 lit.f GDPR (legitimate interests)

What is web hosting?

When you visit websites these days, certain information - including personal data - is automatically created and saved, including on this website. This data should be processed as sparingly as possible and only with justification. By website we mean the entirety of all web pages on a domain, ie everything from the start page (homepage) to the very last subpage (like this one). By domain we mean example.de or musterbeispiel.com, for example.

When you want to view a website on a screen, you use a program called a web browser. You probably know a few web browsers by name: Google Chrome, Microsoft Edge, Mozilla Firefox, and Apple Safari.

This web browser must connect to another computer where the website code is stored: the web server. Operating a web server is a complicated and time-consuming task, which is why it is usually handled by professional providers. They offer web hosting and thus ensure that website data is stored reliably and error-free.

When the browser connects to your computer (desktop, laptop, smartphone) and during data transfer to and from the web server, personal data may be processed. On the one hand, your computer stores data, and on the other hand, the web server must also store data for a while to ensure proper operation.

To illustrate:

Why do we process personal data?

The purposes of data processing are:

Professional hosting of the website and securing operations

to maintain operational and IT security

Anonymous evaluation of access behavior to improve our offering and, if necessary, for criminal prosecution or the pursuit of claims

What data is processed?

Even while you are currently visiting our website, our web server, which is the computer on which this website is stored, usually automatically saves data such as

the complete Internet address (URL) of the website accessed (e.g. https://www.beispielwebsite.de/beispielunterseite.html?tid=311839130)

browser and browser version (e.g. Chrome 87)

the operating system used (e.g. Windows 10)

the address (URL) of the previously visited page (referrer URL) (e.g. https://www.beispielquellsite.de/vondabinichgekommen.html/)

the host name and IP address of the device from which access is made (e.g. COMPUTERNAME and 194.23.43.121)

date and time

in files, the so-called web server log files

How long is data stored?

As a rule, the above data is stored for two weeks and then automatically deleted. We do not pass on this data, but we cannot rule out that this data will be viewed by authorities in the event of illegal behavior.

In short: your visit is logged by our provider (the company that runs our website on special computers (servers)), but we do not pass on your data without your consent!

Legal basis

The legality of the processing of personal data in the context of web hosting arises from Art. 6 (1) (f) GDPR (protection of legitimate interests), because the use of professional hosting with a provider is necessary in order to present the company on the Internet in a secure and user-friendly manner and to be able to pursue attacks and claims arising from this if necessary.

There is usually a contract for order processing between us and the hosting provider in accordance with Art. 28 f. GDPR, which ensures compliance with data protection and guarantees data security.

DomainFactory Privacy Policy

We use DomainFactory, a web hosting provider among others, for our website. The service provider is the German company domainfactory GmbH, Oskar-Messter-Str. 33, 85737 Ismaning, Germany. You can find out more about the data processed through the use of DomainFactory in the privacy policy at https://www.df.eu/de/datenschutz/.

STRATO Privacy Policy

We use STRATO, among other things a web hosting provider, for our website. The service provider is the German company STRATO AG, Pascalstraße 10, 10587 Berlin, Germany. You can find out more about the data that is processed through the use of STRATO in the privacy policy at https://www.strato.de/datenschutz/ .

Google Analytics Privacy Policy

Google Analytics Privacy Policy Summary
👥 Affected parties: Visitors to the website
🤝 Purpose: Evaluation of visitor information to optimize the web offering.
📓 Data processed: Access statistics that contain data such as locations of access, device data, duration and time of access, navigation behavior, click behavior and IP addresses. You can find more details about this further down in this privacy policy.
📅 Storage period: depends on the properties used
⚖️ Legal basis: Art. 6 Para. 1 lit. a GDPR (consent), Art. 6 Para. 1 lit. f GDPR (legitimate interests)

What is Google Analytics?

We use the analysis tracking tool Google Analytics (GA) from the American company Google Inc. on our website. For the European region, the company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services. Google Analytics collects data about your actions on our website. For example, if you click on a link, this action is stored in a cookie and sent to Google Analytics. The reports we receive from Google Analytics help us to better tailor our website and service to your needs. Below we will go into more detail about the tracking tool and inform you about what data is stored and how you can prevent this.

Google Analytics is a tracking tool that is used to analyze our website's traffic. In order for Google Analytics to work, a tracking code is built into the code of our website. When you visit our website, this code records various actions that you perform on our website. As soon as you leave our website, this data is sent to the Google Analytics servers and stored there.

Google processes the data and we receive reports about your user behavior. These can include the following reports:

Audience reports: Audience reports help us get to know our users better and know more precisely who is interested in our service.

Ad reports: Ad reports help us analyze and improve our online advertising more easily.
Acquisition reports: Acquisition reports give us useful information about how we can get more people excited about our service.
Behavioral reports: Here we find out how you interact with our website. We can see which path you take on our site and which links you click on.
Conversion reports: Conversion is a process in which you perform a desired action based on a marketing message. For example, when you go from being a pure website visitor to a buyer or newsletter subscriber. These reports help us find out more about how our marketing measures are received by you. This is how we want to increase our conversion rate.
Real-time reports: Here we always find out immediately what is happening on our website. For example, we can see how many users are currently reading this text.

Why do we use Google Analytics on our website?

Our goal with this website is clear: we want to offer you the best possible service. The statistics and data from Google Analytics help us achieve this goal.

The statistically evaluated data shows us a clear picture of the strengths and weaknesses of our website. On the one hand, we can optimize our site so that it is easier for interested people to find it on Google. On the other hand, the data helps us to better understand you as a visitor. We therefore know exactly what we need to improve on our website in order to offer you the best possible service. The data also helps us to carry out our advertising and marketing measures in a more personalized and cost-effective way. After all, it only makes sense to show our products and services to people who are interested in them.

What data is stored by Google Analytics?

Google Analytics uses a tracking code to create a random, unique ID that is linked to your browser cookie. This is how Google Analytics recognizes you as a new user. The next time you visit our site, you will be recognized as a "returning" user. All collected data is stored together with this user ID. This is what makes it possible to evaluate pseudonymous user profiles.

In order to be able to analyze our website with Google Analytics, a property ID must be inserted into the tracking code. The data is then stored in the corresponding property. The Google Analytics 4 property is the default for each newly created property. Alternatively, you can also create the Universal Analytics property. Depending on the property used, data is stored for different lengths of time.

Using identifiers such as cookies and app instance IDs, your interactions on our website are measured. Interactions are all types of actions that you perform on our website. If you also use other Google systems (such as a Google account), data generated via Google Analytics can be linked to third-party cookies. Google does not share Google Analytics data unless we as the website operator approve this. Exceptions may apply if required by law.

The following cookies are used by Google Analytics:

Name: _ga
Value: 2.1326744211.152311839130-5
Purpose: By default, analytics.js uses the cookie _ga to store the user ID. Basically, it is used to distinguish between website visitors.
Expiry date: after 2 years

Name: _gid
Value: 2.1687193234.152311839130-1
Purpose: The cookie is also used to distinguish between website visitors
Expiry date: after 24 hours

Name: _gat_gtag_UA_<property-id>
Value: 1
Purpose: Used to reduce the request rate. If Google Analytics is provided via Google Tag Manager, this cookie is named _dc_gtm_ <property-id>.
Expiry date: after 1 minute
Name: AMP_TOKEN
Value: not specified
Purpose: The cookie has a token that can be used to retrieve a user ID from the AMP Client ID service. Other possible values indicate a logout, a request, or an error.
Expiry date: after 30 seconds to one year
Name: __utma
Value: 1564498958.1564498958.1564498958.1
Purpose: This cookie can be used to track your behavior on the website and measure performance. The cookie is updated every time information is sent to Google Analytics.
Expiry date: after 2 years

Name: __utmt
Value: 1
Purpose: The cookie is used like _gat_gtag_UA_<property-id> to throttle the request rate.
Expiry date: after 10 minutes

Name: __utmb
Value: 3.10.1564498958
Purpose: This cookie is used to determine new sessions. It is updated every time new data or information is sent to Google Analytics.
Expiry date: after 30 minutes

Name: __utmc
Value: 167421564
Purpose: This cookie is used to determine new sessions for returning visitors. This is a session cookie and is only stored until you close the browser again.
Expiry date: After closing the browser

Name: __utmz
Value: m|utmccn=(referral)|utmcmd=referral|utmcct=/
Purpose: The cookie is used to identify the source of the traffic on our website. This means that the cookie stores where you came to our website from. This could have been another page or an advertisement.
Expiry date: after 6 months

Name: __utmv
Value: not specified
Purpose: The cookie is used to store user-defined user data. It is always updated when information is sent to Google Analytics.
Expiry date: after 2 years

Note: This list cannot claim to be complete, as Google constantly changes its choice of cookies.

Here we show you an overview of the most important data collected with Google Analytics:

Heatmaps: Google creates so-called heatmaps. Heatmaps show exactly the areas that you click on. This gives us information about where you are on our site.

Session duration: Google defines the session duration as the time you spend on our site without leaving the site. If you have been inactive for 20 minutes, the session ends automatically.

Bounce rate: A bounce occurs when you only view one page on our website and then leave our website again.

Account creation: When you create an account or place an order on our website, Google Analytics collects this data.

IP address: The IP address is only displayed in abbreviated form so that no clear assignment is possible.

Location: The IP address can be used to determine the country and your approximate location. This process is also known as IP location determination.

Technical information: Technical information includes your browser type, your internet provider or your screen resolution.

Source of origin: Google Analytics and we are of course also interested in which website or advertisement you came to our site from.

Other data includes contact details, any ratings, the playback of media (e.g. when you play a video on our site), sharing content via social media or adding it to your favorites. This list is not exhaustive and only serves as a general guide to data storage by Google Analytics.

How long and where is the data stored?

Google has distributed its servers around the world. Most servers are located in America and consequently your data is mostly stored on American servers. Here you can find out exactly where the Google data centers are located: https://www.google.com/about/datacenters/inside/locations/?hl=de

Your data is distributed across various physical data carriers. This has the advantage that the data can be accessed more quickly and is better protected against manipulation. Every Google data center has appropriate emergency programs for your data. If, for example, Google's hardware fails or natural disasters paralyze servers, the risk of a service interruption at Google remains low.

The retention period of the data depends on the properties used. When using the newer Google Analytics 4 properties, the retention period of your user data is fixed at 14 months. For other so-called event data, we have the option of choosing a retention period of 2 months or 14 months.

For Universal Analytics Properties, Google Analytics has a standard retention period of 26 months for your user data. Your user data will then be deleted. However, we have the option of choosing the retention period for user data ourselves. We have five options available for this:

Deletion after 14 months

Deletion after 26 months

Deletion after 38 months

Deletion after 50 months

No automatic deletion

In addition, there is also the option that data will only be deleted if you no longer visit our website within the period we have chosen. In this case, the retention period is reset every time you visit our website again within the specified period.

When the specified period has expired, the data will be deleted once a month. This retention period applies to your data that is linked to cookies, user recognition and advertising IDs (e.g. cookies from the DoubleClick domain). Report results are based on aggregated data and are stored independently of user data. Aggregated data is a fusion of individual data into a larger unit.

How can I delete my data or prevent data storage?

Under European Union data protection law, you have the right to access, update, delete or restrict your data. You can prevent Google Analytics from using your data by using the browser add-on to disable Google Analytics JavaScript (ga.js, analytics.js, dc.js). You can download and install the browser add-on from https://tools.google.com/dlpage/gaoptout?hl=de. Please note that this add-on only disables data collection by Google Analytics.

If you generally want to deactivate, delete or manage cookies (regardless of Google Analytics), there are separate instructions for each browser:

Chrome: Delete, enable and manage cookies in Chrome

Safari: Managing Cookies and Website Data with Safari

Firefox: Clear cookies to remove data websites have placed on your computer

Internet Explorer: Delete and manage cookies

Microsoft Edge: Deleting and managing cookies

Legal basis

The use of Google Analytics requires your consent, which we have obtained with our cookie popup. According to Art. 6 Paragraph 1 Letter a of GDPR (consent), this consent represents the legal basis for the processing of personal data, as may occur when collected by web analytics tools.

In addition to consent, we have a legitimate interest in analyzing the behavior of website visitors and thus improving our offering technically and economically. With the help of Google Analytics, we can detect errors on the website, identify attacks and improve profitability. The legal basis for this is Art. 6 Para. 1 lit. f GDPR (legitimate interests). However, we only use Google Analytics if you have given your consent.

Google also processes data in the USA, among other places. We would like to point out that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfer to the USA. This can involve various risks for the legality and security of data processing.

Google uses standard contractual clauses approved by the EU Commission (= Art. 46. Para. 2 and 3 GDPR) as the basis for data processing for recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular in the USA) or for data transfer there. These clauses oblige Google to comply with the EU data protection level when processing relevant data outside the EU. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the clauses here, among other places: https://ec.europa.eu/germany/news/20210604-datentransfers-eu_de.

We hope we have been able to provide you with the most important information about data processing by Google Analytics. If you would like to find out more about the tracking service, we recommend these two links: http://www.google.com/analytics/terms/de.html and https://support.google.com/analytics/answer/6004245?hl=de.

Google Analytics IP anonymization

We have implemented Google Analytics IP address anonymization on this website. This function was developed by Google so that this website can comply with the applicable data protection regulations and recommendations of the local data protection authorities if they prohibit the storage of the full IP address. The anonymization or masking of the IP takes place as soon as the IP addresses arrive in the Google Analytics data collection network and before the data is stored or processed.

More information about IP anonymization can be found at https://support.google.com/analytics/answer/2763052?hl=de.

Google Analytics reports on demographics and interests

We have activated the advertising reporting functions in Google Analytics. The reports on demographic characteristics and interests contain information on age, gender and interests. This enables us to get a better picture of our users - without being able to assign this data to individual people. You can find out more about the advertising functions at https://support.google.com/analytics/answer/3450482?hl=de_AT&utm_id=ad.

You can stop the use of your Google Account activities and information by checking the box under “Advertising Settings” at https://adssettings.google.com/authenticated.

Google Analytics Data Processing Addendum

We have entered into a direct customer agreement with Google to use Google Analytics by accepting the “Data Processing Addendum” in Google Analytics.

You can find out more about the data processing supplement for Google Analytics here: https://support.google.com/analytics/answer/3379636?hl=de&utm_id=ad

PayPal Privacy Policy

We use the online payment service PayPal on our website. The service provider is the American company PayPal Inc. The company PayPal Europe (S.à rl et Cie, SCA, 22-24 Boulevard Royal, L-2449 Luxembourg) is responsible for the European region.

PayPal also processes data in the USA, among other places. We would like to point out that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfer to the USA. This can involve various risks for the legality and security of data processing.

PayPal uses standard contractual clauses approved by the EU Commission (= Art. 46. Para. 2 and 3 GDPR) as the basis for data processing for recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular in the USA) or for data transfer there. These clauses oblige PayPal to comply with the EU data protection level when processing relevant data outside the EU. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the clauses here, among other places: https://ec.europa.eu/germany/news/20210604-datentransfers-eu_de.

You can find out more about the data processed through the use of PayPal in the Privacy Policy at https://www.paypal.com/de/webapps/mpp/ua/privacy-full.

Stripe Privacy Policy

Stripe Privacy Policy Summary
👥 Affected: Visitors to the website
🤝 Purpose: Optimizing the payment process on our website
📓 Data processed: Data such as name, address, bank details (account number, credit card number, passwords, TANs, etc.), IP address and contract data
You can find more details in this privacy policy
📅 Storage period: Data is stored until the cooperation with Stripe is terminated
⚖️ Legal basis: Art. 6 Para. 1 lit. b GDPR (contract execution), Art. 6 Para. 1 lit. a GDPR (consent)

What is Stripe?

We use a payment tool from the American technology company and online payment service Stripe on our website. Stripe Payments Europe (Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland) is responsible for customers within the EU. This means that if you choose Stripe as your payment method, your payment will be processed via Stripe Payments. Data required for the payment process is forwarded to Stripe and stored. In this privacy policy, we give you an overview of this data processing and storage by Stripe and explain why we use Stripe on our website.

The technology company Stripe offers payment solutions for online payments. With Stripe, it is possible to accept credit and debit card payments in our web shop. Stripe handles the entire payment process. A big advantage of Stripe is that you never have to leave our website or shop during the payment process and the payment is processed very quickly.

Why do we use Stripe for our website?

We naturally want to offer the best possible service with our website and our integrated online shop so that you feel comfortable on our site and use our offers. We know that your time is valuable and that payment processing in particular must work quickly and smoothly. In addition to our other payment providers, we have found a partner in Stripe who guarantees secure and fast payment processing.

What data is stored by Stripe?

If you choose Stripe as your payment method, your personal data will also be transmitted to Stripe and stored there. This is transaction data. This data includes the payment method (i.e. credit card, debit card or account number), bank code, currency, amount and date of payment. During a transaction, your name, email address, billing or shipping address and sometimes your transaction history may also be transmitted. This data is necessary for authentication. In addition, Stripe can collect technical data about your device (such as IP address), name, address, telephone number and country for fraud prevention, financial reporting and to be able to fully offer its own services.

Stripe does not sell your data to independent third parties, such as marketing agencies or other companies that have nothing to do with the Stripe company. However, the data may be passed on to internal departments, a limited number of external Stripe partners or for legal compliance purposes. Stripe also uses cookies to collect data. Here is a selection of cookies that Stripe can set during the payment process:

Name: m
Value: edd716e9-d28b-46f7-8a55-e05f1779e84e040456311839130-5
Purpose: This cookie appears when you select the payment method. It stores and recognizes whether you access our website via a PC, tablet or smartphone.
Expiry date: after 2 years

Name: __stripe_mid
Value: fc30f52c-b006-4722-af61-a7419a5b8819875de9311839130-1
Purpose: This cookie is required to carry out a credit card transaction. The cookie stores your session ID for this purpose.
Expiry date: after one year

Name: __stripe_sid
Value: 6fee719a-c67c-4ed2-b583-6a9a50895b122753fe
Purpose: This cookie also stores your ID and is used for the payment process on our website by Stripe.
Expiry date: after the session has expired

How long and where is the data stored?

Personal data is generally stored for the duration of the service provision. This means that the data is stored until we terminate our cooperation with Stripe. However, in order to fulfill legal and regulatory obligations, Stripe may also store personal data for the duration of the service provision. Since Stripe is a global company, the data can also be stored in any country where Stripe offers services. This means that data can also be stored outside your country, for example in the USA.

How can I delete my data or prevent data storage?

Please note that when using this tool, your data may also be stored and processed outside the EU. Most third countries (including the USA) are not considered safe under current European data protection law. Data may therefore not simply be transferred to, stored in and processed in unsafe third countries unless there are suitable guarantees (such as EU standard contractual clauses) between us and the non-European service provider.

You always have the right to information, correction and deletion of your personal data. If you have any questions, you can also contact the Stripe team at any time via https://support.stripe.com/contact/email.

You can delete, deactivate or manage cookies that Stripe uses for its functions in your browser. This works in different ways depending on which browser you use. Please note, however, that the payment process may then no longer work. The following instructions show how to manage cookies in your browser:

Chrome: Delete, enable and manage cookies in Chrome

Safari: Managing cookies and website data with Safari

Firefox: Clear cookies to remove data that websites have stored on your computer

Internet Explorer: Deleting and managing cookies

Microsoft Edge: Delete and manage cookies

Legal basis

In addition to the traditional bank/credit institutions, we also offer the payment service provider Sofortüberweisung for the processing of contractual or legal relationships (Art. 6 Para. 1 lit. b GDPR). The successful use of the service also requires your consent (Art. 6 Para. 1 lit. a GDPR) if the approval of cookies is necessary for its use.

Stripe also processes data in the USA, among other places. We would like to point out that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfer to the USA. This can involve various risks for the legality and security of data processing.

Stripe uses standard contractual clauses approved by the EU Commission (= Art. 46. Para. 2 and 3 GDPR) as the basis for data processing with recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular in the USA) or for data transfer there. These clauses oblige Stripe to comply with the EU data protection level when processing relevant data outside the EU. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the clauses here, among other places: https://ec.europa.eu/germany/news/20210604-datentransfers-eu_de.

We have now given you a general overview of how Stripe processes and stores data. If you would like to obtain even more detailed information, the detailed Stripe privacy policy at https://stripe.com/at/privacy is a good source.

Google Maps Privacy Policy

Google Maps Privacy Policy Summary
👥 Affected: Visitors to the website
🤝 Purpose: Optimizing our service
📓 Data processed: Data such as search terms entered, your IP address and also the latitude and longitude coordinates.
You can find more details about this further down in this privacy policy.
📅 Storage period: depends on the data stored
⚖️ Legal basis: Art. 6 Para. 1 lit. a GDPR (consent), Art. 6 Para. 1 lit. f GDPR (legitimate interests)

What is Google Maps?

We use Google Maps from Google Inc. on our website. In Europe, the company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services. With Google Maps, we can show you locations better and thus adapt our service to your needs. By using Google Maps, data is transferred to Google and stored on Google servers. Here we want to go into more detail about what Google Maps is, why we use this Google service, what data is stored and how you can prevent this.

Google Maps is an Internet map service from Google. With Google Maps, you can search online for the exact locations of cities, attractions, accommodations or companies using a PC, tablet or app. If companies are represented on Google My Business, additional information about the company is displayed in addition to the location. To show how to get there, map sections of a location can be integrated into a website using HTML code. Google Maps shows the earth's surface as a street map or as an aerial or satellite image. Thanks to the Street View images and the high-quality satellite images, very precise representations are possible.

Why do we use Google Maps on our website?

All our efforts on this site are aimed at providing you with a useful and meaningful time on our website. By integrating Google Maps, we can provide you with the most important information about various locations. You can see at a glance where our company is based. The directions always show you the best or fastest way to get to us. You can access the route for routes by car, public transport, on foot or by bike. For us, providing Google Maps is part of our customer service.

What data is stored by Google Maps?

In order for Google Maps to be able to fully offer its service, the company must record and store data from you. This includes the search terms you enter, your IP address and the latitude and longitude coordinates. If you use the route planner function, the starting address you enter is also stored. However, this data storage takes place on the Google Maps websites. We can only inform you about this, but have no influence. Since we have integrated Google Maps into our website, Google places at least one cookie (name: NID) in your browser. This cookie stores data about your user behavior. Google uses this data primarily to optimize its own services and to provide you with individual, personalized advertising.

The following cookie is set in your browser due to the integration of Google Maps:

Name: NID
Value: 188=h26c1Ktha7fCQTx8rXgLyATyITJ311839130-5
Purpose: NID is used by Google to adapt advertisements to your Google search. With the help of the cookie, Google "remembers" your most frequently entered search queries or your previous interaction with ads. This means that you always receive customized advertisements. The cookie contains a unique ID that Google uses to collect your personal settings for advertising purposes.
Expiry date: after 6 months

Note: We cannot guarantee the completeness of the information stored. Changes can never be ruled out, especially when using cookies. In order to identify the cookie NID, a separate test page was created where only Google Maps was integrated.

How long and where is the data stored?

The Google servers are located in data centers all over the world. However, most servers are located in America. For this reason, your data is increasingly being stored in the USA. Here you can find out exactly where the Google data centers are located: https://www.google.com/about/datacenters/inside/locations/?hl=de

Google distributes the data across different storage devices. This means that the data can be accessed more quickly and is better protected against any attempts at manipulation. Each data center also has special emergency programs. If, for example, there are problems with Google hardware or a natural disaster paralyzes the servers, the data will almost certainly still remain protected.

Google stores some data for a set period of time. For other data, Google only offers the option of deleting it manually. The company also anonymizes information (such as advertising data) in server logs by deleting part of the IP address and cookie information after 9 or 18 months.

How can I delete my data or prevent data storage?

With the automatic deletion function for location and activity data introduced in 2019, information on location determination and web/app activity is stored for either 3 or 18 months - depending on your decision - and then deleted. You can also manually delete this data from your history at any time via your Google account. If you want to completely prevent your location tracking, you must pause the "Web and app activity" section in your Google account. Click "Data and personalization" and then on the "Activity settings" option. Here you can switch activities on or off.

You can also deactivate, delete or manage individual cookies in your browser. Depending on which browser you use, this always works a little differently. The following instructions show how to manage cookies in your browser:

Chrome: Delete, enable and manage cookies in Chrome

Safari: Managing cookies and website data with Safari

Firefox: Clear cookies to remove data that websites have stored on your computer

Internet Explorer: Deleting and managing cookies

Microsoft Edge: Delete and manage cookies

If you do not want cookies at all, you can set your browser to always inform you when a cookie is about to be placed. This way you can decide for each individual cookie whether you want to allow it or not.

Legal basis

If you have consented to the use of Google Maps, the legal basis for the corresponding data processing is this consent. According to Art. 6 Para. 1 lit. a GDPR (consent), this consent represents the legal basis for the processing of personal data, as may occur when data is collected by Google Maps.

We also have a legitimate interest in using Google Maps to optimize our online service. The corresponding legal basis for this is Art. 6 Para. 1 lit. f GDPR (legitimate interests). However, we only use Google Maps if you have given your consent.

If you would like to find out more about Google's data processing, we recommend that you read the company's own privacy policy at https://policies.google.com/privacy?hl=de.

All texts are protected by copyright.

Source: Created with the data protection generator from AdSimple

Smoobu

In order to make a booking, you must provide your contact details. You only need to fill in the fields marked with an asterisk, as well as the data relating to the booking (e.g. period of stay). We also save your booking date and time.

Any further information is not mandatory. The data you provide on our website, including any notes, is personal data and is processed and used by us to ensure that the booking is processed and the requested service is provided. We also use your data to provide you with information relevant to the booking or your stay.

The personal data collected during the booking is forwarded to the following third parties:

Smoobu GmbH

- Smoobu.com is a software for holiday apartment landlords

Falckensteinstr. 48

10997 Berlin

Germany

Link to Smoobu's privacy policy: https://www.smoobu.com/de/datenschutz/