Skip to main content

Privacy Policy

We take the protection of your personal data very seriously. This privacy policy informs you about how we handle your personal data when you visit our website or book our vacation apartments.

1. responsible body

Vacation at the Lindnerhof
Nils Großheim
Hüttenbrink 1
37520 Osterode am Harz
Germany

Phone: +49 (5522) 76362
E-Mail: Datenschutz@Lindnerhof.info
Website: https://www.lindnerhof.info

2. collection and storage of personal data

When you visit our website

Each time you visit our website, we automatically collect the following information that your browser transmits to our server

  • IP address

  • Date and time of access

  • Browser type and version used

  • Operating system

  • Previously visited page (referrer URL)

  • Pages accessed on our website

This data is stored in the log files of our server and is used exclusively to ensure a smooth connection setup, system security and technical administration. This data is not merged with other data sources. The data is automatically deleted after 7 days at the latest.

Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest in the provision of a functional website)

When making contact and bookings

If you contact us by email, telephone or contact form or make a booking, we collect and process the following data

  • Salutation

  • Surname and first name

  • Your address

  • e-mail address

  • telephone number

  • For companies: Company name

  • Travel period and number of persons, for minors the age.

  • Any special wishes or requirements

  • How you became aware of us (voluntary information)

This data is used exclusively to process your inquiry, to execute the booking contract and to communicate with you. It will only be passed on to third parties if this is necessary for the execution of the contract (e.g. to payment service providers) or is required by law.

Legal basis: Art. 6 para. 1 lit. b GDPR (fulfillment of contract) and Art. 6 para. 1 lit. f GDPR (legitimate interest in communication)

3. cookies

Our website uses technically necessary cookies to ensure its functionality. These cookies are automatically deleted at the end of your browser session. We do not use marketing or tracking cookies.

Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest in the technical operation of the website)

4. external services

4.1 Map display (OpenStreetMap)

We integrate map material from OpenStreetMap on our website to show you the location of our accommodation. OpenStreetMap is a project of the OpenStreetMap Foundation, 132 Maney Hill Road, Sutton Coldfield, West Midlands, B72 1JU, United Kingdom.

When you use OpenStreetMap, no cookies are set on your device. However, technically necessary connection data (such as your IP address) is transmitted to the servers of the OpenStreetMap Foundation when the map tiles are loaded.

Further information can be found in OpenStreetMap's privacy policy: https://wiki.osmfoundation.org/wiki/Privacy_Policy

Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest in the user-friendly presentation of our locations)

4.2 Hosting

This website is hosted externally. The hoster is:

Scaleway S.A.S.
8 rue de la Ville l'Évêque
75008 Paris
France

The personal data collected on this website (in particular the server log files mentioned in section 2) are stored on the hoster's servers in the Amsterdam data center (Netherlands).

Scaleway is the recipient of your personal data and acts as a processor for us. The processing takes place on the basis of an order processing contract in accordance with Art. 28 GDPR.

Further information can be found in Scaleway's privacy policy: https://www.scaleway.com/en/privacy-policy/

Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest in the reliable and secure provision of our website)

4.3 E-mail communication

To send emails (e.g. booking confirmations, responses to inquiries), we use our own mail server, which is operated on the infrastructure of Amazon Web Services (AWS):

Amazon Web Services, Inc.
410 Terry Avenue North
Seattle, WA 98109
USA

The e-mail data is stored and processed exclusively in the AWS data center Frankfurt (eu-central-1) within the European Union. AWS acts as a processor for us. There is an order processing contract in accordance with Art. 28 GDPR and the GDPR data processing addendum (AWS GDPR DPA) including standard contractual clauses.

Further information can be found in the privacy policy of AWS: https://aws.amazon.com/de/privacy/

Legal basis: Art. 6 para. 1 lit. b GDPR (fulfillment of contract) and Art. 6 para. 1 lit. f GDPR (legitimate interest in reliable communication)

4.4 Payment processing

For the processing of payments (online payments and card payments on site) we use the payment service provider

SumUp Limited
Block 8, Harcourt Center
Charlotte Way, Dublin 2
D02 K580, Ireland

When a payment is made, the data required for payment processing is transmitted to SumUp. This includes in particular Payment amount, time of the transaction, payment method and, if applicable, card data (for card payments). The processing of this data by SumUp takes place on the basis of SumUp's data protection provisions.

SumUp is an e-money institution licensed by the Central Bank of Ireland and certified in accordance with the Payment Card Industry Data Security Standard (PCI-DSS). All data is stored within the EU.

Further information can be found in SumUp's privacy policy: https://www.sumup.com/de-de/allgemeine-datenschutzbestimmungen/

Legal basis: Art. 6 para. 1 lit. b GDPR (fulfillment of contract)

5. duration of storage

We only store your personal data for as long as is necessary to fulfill the respective purpose:

  • Inquiry data: Until the final processing of your request, for a maximum of 6 months

  • Booking data: For the duration of the contractual relationship and beyond in accordance with statutory retention obligations (10 years after the end of the calendar year in which the last document was created, in accordance with Section 147 AO)

  • Server log files: Maximum 7 days

6. your rights

You have the following rights regarding your personal data at any time:

  • Right to information: You can request information about the data we have stored about you

  • Right to rectification: You can request the rectification of incorrect data

  • Right to erasure: You can request the erasure of your data, provided there are no statutory retention obligations to the contrary

  • Right to restriction: You can request the restriction of processing

  • Right to object: You can object to the processing of your data on grounds relating to your particular situation

  • Data portability: You can request the surrender of your data in a structured, commonly used format

  • Right to lodge a complaint: You have the right to lodge a complaint with a data protection supervisory authority

To exercise your rights, please use the contact details above.

7 Data security

We use technical and organizational security measures to protect your data against accidental or intentional manipulation, loss, destruction or access by unauthorized persons. Our security measures are continuously improved in line with technological developments.

8 Disclosure of data

Your data will only be passed on to third parties in the following cases:

  • You have expressly consented (Art. 6 para. 1 lit. a GDPR)

  • The disclosure is necessary for the fulfillment of our contract with you (Art. 6 para. 1 lit. b GDPR)

  • There is a legal obligation to disclose (Art. 6 para. 1 lit. c GDPR)

9. no automated decision-making

We do not use automated decision-making or profiling.

10. topicality of the data protection declaration

This privacy policy is currently valid and is dated December 2025. Due to the further development of our website or due to changes in legal requirements, it may become necessary to amend this privacy policy. The current privacy policy can be accessed on our website at any time.

Version 1.2