Privacy Policy
Last updated: November 2025
1. Overview
The following notes provide a quick overview of what happens to your personal data when you visit this website. Personal data is any data that can be used to identify you. Detailed information can be found in the subsequent sections of this privacy policy.
2. Hosting
This website is hosted by Vercel Inc., 440 N Barranca Avenue #4133, Covina, CA 91723, United States. Vercel processes requests in data centres located within the European Union and, where necessary, in the United States. We have concluded a data processing agreement and Standard Contractual Clauses with Vercel to ensure an adequate level of protection. Log data (e.g. IP address, user agent, request ID) is used solely to ensure reliable operation and is typically retained for up to 30 days.
3. General information and mandatory details
Controller: Yvonne Maaß – Gastklar, Dingerdisser Heide 147, 33699 Bielefeld, Germany, Phone: +49 151 20564375, Email: kontakt@gastklar.de. We treat your personal data confidentially and in line with statutory data-protection requirements. International data transfers occur only on the basis of appropriate safeguards (in particular Standard Contractual Clauses) and are limited to the minimum required. Legal bases: Art. 6 (1) a GDPR (consent), Art. 6 (1) b GDPR (contractual or pre-contractual measures), Art. 6 (1) c GDPR (legal obligations) and Art. 6 (1) f GDPR (legitimate interest in providing a secure and efficient service). You are entitled to the rights of access, rectification, erasure, restriction of processing, data portability, withdrawal of consent, objection to processing, and to lodge a complaint with a supervisory authority.
4. Data collection on this website
Server log files
Automatically collected: browser type and version, operating system, referrer URL, hostname of the accessing device, time of the server request, and IP address. These data are not combined with other sources. Legal basis: Art. 6 (1) f GDPR (legitimate interest in stability and security). Retention: up to 30 days.
Contact form
When you use the form we process your name, email address, message and optional fields (phone, hotel). We employ honeypots, signed tokens and rate limits to protect against abuse. The purpose is to process your enquiry and communicate with you. Legal bases: Art. 6 (1) b GDPR (pre-contractual communication) and Art. 6 (1) f GDPR (security of our service). Data is stored until the enquiry has been resolved and deleted after no more than 12 months.
Contact via email or phone
If you contact us directly by email or phone, we store your enquiry including all personal data (e.g. name, contact details) in order to process it. We do not share this data with third parties. Legal bases: Art. 6 (1) b and f GDPR. Retention is up to 12 months unless longer statutory obligations apply.
5. Email delivery (Netcup)
Emails are routed via netcup GmbH, Daimlerstr. 25, 76185 Karlsruhe, Germany, using TLS-encrypted SMTP. A data processing agreement is in place. Legal bases: Art. 6 (1) b and f GDPR.
6. Cookies, analytics & social plugins
This website does not use cookies for analytics or marketing purposes, does not run analytics tools, and integrates no social plugins.
7. Technical and organisational measures
We apply TLS encryption, a strict Content Security Policy, rate limiting, spam protection mechanisms, regular security updates, and role-based access controls to protect your data.
8. Automated decision-making / profiling
No automated decision-making or profiling takes place.
9. Objection to marketing emails
We object to the use of contact data published in the legal notice for sending unsolicited advertising or information material.