Privacy Policy

1. Controller

The controller within the meaning of the General Data Protection Regulation (GDPR) is:

2. Collection and Storage of Personal Data

a) When visiting the website

When you access our website, information is automatically sent to our website server by the browser used on your device. This information is temporarily stored in a so-called log file. The following information is recorded without your intervention and stored until automatic deletion: IP address of the requesting computer, date and time of access, name and URL of the retrieved file, website from which access is made (referrer URL), browser used and, if applicable, the operating system of your computer and the name of your access provider.

The aforementioned data is processed by us for the following purposes: ensuring a smooth connection to the website, ensuring comfortable use of our website, and evaluating system security and stability. The legal basis for data processing is Art. 6 (1) sentence 1 lit. f GDPR.

b) When making a booking

For booking an apartment, we collect the following data: first and last name, email address, phone number (optional), travel period and number of guests. This data is required for the fulfillment of the accommodation contract. The legal basis is Art. 6 (1) sentence 1 lit. b GDPR (contract fulfillment).

c) When contacting us

When you contact us by email or via a contact form, the data you provide (e.g. name, email address, message content) is stored by us to answer your inquiry. The legal basis is Art. 6 (1) sentence 1 lit. b GDPR or Art. 6 (1) sentence 1 lit. f GDPR.

3. Payment Processing via Stripe

We use the Stripe service (Stripe, Inc., 510 Townsend Street, San Francisco, CA 94103, USA) for payment processing. Stripe processes your payment data (e.g. credit card number, expiry date, CVC) on their own servers and is subject to PCI DSS Level 1 standards. We do not receive or store complete credit card data. The legal basis is Art. 6 (1) sentence 1 lit. b GDPR (contract fulfillment). For more information, see Stripe's privacy policy at:

3a. Digital Check-in and Registration Form

As part of our digital check-in process, we collect the following data: first and last name, nationality, email address, phone number and estimated arrival time. This data is required for the fulfillment of the accommodation contract (Art. 6 (1) sentence 1 lit. b GDPR).

For foreign guests, we additionally collect the following in accordance with § 29/30 of the German Federal Registration Act (BMG): home address (street, house number, postal code, city, country), date of birth and names of accompanying persons. This data is recorded on the electronic registration form. The legal basis is Art. 6 (1) sentence 1 lit. c GDPR (legal obligation).

Security Deposit via Stripe

To protect against possible damage, your credit card is stored for a security deposit at the time of booking. 48 hours before check-in, the deposit is held (authorized) on your credit card, or charged for longer stays. Processing is handled via Stripe. The amount is released or refunded after the stay, provided there is no damage. The legal basis is Art. 6 (1) sentence 1 lit. b GDPR (contract fulfillment).

ID Verification via Stripe Identity

For direct bookings via our website, we conduct digital ID verification through the Stripe Identity service (Stripe, Inc., 510 Townsend Street, San Francisco, CA 94103, USA). The following data is processed: photo of the ID document, data extracted from it (name, date of birth, document number, nationality) and a selfie photo for comparison. This data is processed and stored directly by Stripe. We only receive the verification result (verified/not verified) and the extracted basic data.

The legal basis for ID verification is Art. 6 (1) sentence 1 lit. b GDPR (contract fulfillment) in conjunction with Art. 6 (1) sentence 1 lit. f GDPR (legitimate interest in fraud prevention and identity verification for direct bookings without platform verification). The processing of biometric data (facial photo) is based on your explicit consent pursuant to Art. 9 (2) lit. a GDPR, which you give in the Stripe Identity dialog. For more information about data processing by Stripe Identity, see:

4. Booking Management via Smoobu

We use the Smoobu service (Smoobu GmbH, Berlin) for managing our bookings and checking availability. As part of a booking, your contact data (name, email, phone number) and booking data (period, apartment, number of guests) are transmitted to Smoobu. The legal basis is Art. 6 (1) sentence 1 lit. b GDPR (contract fulfillment). Smoobu processes your data according to their own privacy policy.

5. Hosting

This website is hosted by an external hosting provider. Personal data collected on this website is stored on the host's servers. This may include IP addresses, contact requests, meta and communication data, contract data, contact data, names, website accesses and other data generated via a website. The legal basis is Art. 6 (1) sentence 1 lit. f GDPR.

6. Cookies and Web Analytics

a) Technically necessary cookies

Our website uses technically necessary cookies that are required for the operation of the website (e.g. language settings, cookie consent status). Consent is not required for technically necessary cookies (Art. 6 (1) sentence 1 lit. f GDPR).

b) Google Analytics 4

We use Google Analytics 4 (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland) to analyze website usage. Google Analytics uses cookies that enable an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transferred to a Google server and stored there.

Google Analytics is only activated when you expressly consent via our cookie banner. The legal basis is Art. 6 (1) sentence 1 lit. a GDPR (consent). You can revoke your consent at any time by deleting your cookie settings in your browser. For more information, see Google's privacy policy at:

c) Vercel Analytics and Speed Insights

We use Vercel Analytics and Vercel Speed Insights (Vercel Inc., 340 S Lemon Ave #4133, Walnut, CA 91789, USA) to analyze website usage and measure website performance (Web Vitals such as loading time, interactivity and visual stability). Vercel Analytics collects anonymized page view data without the use of cookies and without collecting personal data. No individual visitors are tracked. The legal basis is Art. 6 (1) sentence 1 lit. f GDPR (legitimate interest in optimizing our website). For more information, see Vercel's privacy policy at:

7. Your Rights

You have the following rights with respect to the personal data concerning you:

• •Right of access (Art. 15 GDPR)
• •Right to rectification (Art. 16 GDPR)
• •Right to erasure (Art. 17 GDPR)
• •Right to restriction of processing (Art. 18 GDPR)
• •Right to data portability (Art. 20 GDPR)
• •Right to object to processing (Art. 21 GDPR)

To exercise your rights, please contact us using the contact details provided above.

8. Right to Lodge a Complaint with a Supervisory Authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data violates the GDPR. The supervisory authority responsible for us is:

9. Storage Period

Personal data is deleted as soon as the purpose of storage no longer applies. For booking data, there is a retention obligation of 10 years in accordance with commercial and tax law requirements (§ 257 HGB, § 147 AO). Contact inquiries are deleted after final processing and at the latest after 6 months, provided there are no legal retention obligations.

10. Changes to this Privacy Policy

We reserve the right to adapt this privacy policy so that it always complies with current legal requirements or to implement changes to our services in the privacy policy. The new privacy policy will then apply to your next visit.