Privacy Policy
We take the protection of your personal data very seriously. This Privacy Policy explains how we handle your personal data when you visit our website or book our vacation rentals.
1. Data Controller
Vacation at the Lindnerhof
Nils Großheim
Hüttenbrink 1
37520 Osterode am Harz
Germany
Phone: +49 (5522) 76362
Email: Datenschutz@Lindnerhof.info
Website: https://www.lindnerhof.info
2. Collection and Storage of Personal Data
When visiting our website
Every time you visit our website, we automatically collect the following information that your browser transmits to our server:
IP address
Date and time of access
Browser type and version used
Operating system
Previously visited page (referrer URL)
Pages accessed on our website
This data is stored in our server’s log files and is used exclusively to ensure a smooth connection, system security, and technical administration. This data is not combined with other data sources. The data is automatically deleted after no more than 7 days.
Legal basis: Art. 6(1)(f) GDPR (legitimate interest in providing a functional website)
When contacting us and making bookings
When you contact us via email, phone, or the contact form, or make a booking, we collect and process the following data:
Title
Last name and first name
Address
Email address
Phone number
For companies: Company name, department, reference, names of travelers
Travel dates and number of people; for minor travelers, their age.
Any special requests or requirements
How you found out about us (optional)
This data is used exclusively to process your inquiry, to fulfill the booking contract, and to communicate with you. It will only be disclosed to third parties to the extent necessary for contract fulfillment (e.g., to payment service providers) or as required by law.
Legal basis: Art. 6(1)(b) GDPR (performance of a contract) and Art. 6(1)(f) GDPR (legitimate interest in communication)
3. Cookies
Our website uses technically necessary cookies to ensure functionality. These cookies are automatically deleted at the end of your browser session. We do not use marketing or tracking cookies.
Legal basis: Art. 6(1)(f) GDPR (legitimate interest in the technical operation of the website)
4. External Services
4.1 Map display (OpenStreetMap)
We integrate map data from OpenStreetMap into our website to show you the location of our accommodations. OpenStreetMap is a project of the OpenStreetMap Foundation, 132 Maney Hill Road, Sutton Coldfield, West Midlands, B72 1JU, United Kingdom.
No cookies are set on your device when using OpenStreetMap. However, when loading the map tiles, technically necessary connection data (such as your IP address) is transmitted to the OpenStreetMap Foundation’s servers.
For more information, please see OpenStreetMap’s privacy policy: https://wiki.osmfoundation.org/wiki/Privacy_Policy
Legal basis: Art. 6(1)(f) GDPR (legitimate interest in the user-friendly display of our locations)
4.2 Hosting
This website is hosted externally. The host is:
Scaleway S.A.S.
8 rue de la Ville l'Évêque
75008 Paris
France
The personal data collected on this website (in particular the server log files mentioned in Section 2) is stored on the host’s servers at the data center in Amsterdam (Netherlands).
Scaleway is the recipient of your personal data and acts as a data processor on our behalf. Processing is carried out on the basis of a data processing agreement in accordance with Article 28 of the GDPR.
For further information, please refer to Scaleway’s privacy policy: https://www.scaleway.com/en/privacy-policy/
Legal basis: Art. 6(1)(f) GDPR (legitimate interest in the reliable and secure provision of our website)
4.3 Email Communication
To send emails (e.g., booking confirmations, responses to inquiries), we use our own mail server, which is operated on the infrastructure of Amazon Web Services (AWS):
Amazon Web Services, Inc.
410 Terry Avenue North
Seattle, WA 98109
USA
Email data is stored and processed exclusively in the AWS data center in Frankfurt (eu-central-1) within the European Union. AWS acts as a data processor on our behalf. A data processing agreement in accordance with Art. 28 GDPR and the AWS GDPR Data Processing Addendum (DPA), including standard contractual clauses, is in place.
For more information, please refer to the AWS Privacy Policy: https://aws.amazon.com/de/privacy/
Legal basis: Art. 6(1)(b) GDPR (performance of a contract) and Art. 6(1)(f) GDPR (legitimate interest in reliable communication)
4.4 Payment Processing
We use the following payment service provider to process payments (online payments as well as in-person card payments):
SumUp Limited
Block 8, Harcourt Centre
Charlotte Way, Dublin 2
D02 K580, Ireland
When a payment is made, the data required for payment processing is transmitted to SumUp. This includes, in particular: payment amount, time of transaction, payment method, and, if applicable, card details (for card payments). SumUp processes this data in accordance with SumUp’s privacy policy.
SumUp is an e-money institution licensed by the Central Bank of Ireland and certified under the Payment Card Industry Data Security Standard (PCI-DSS). All data is stored within the EU.
For more information, please see SumUp’s Privacy Policy: https://www.sumup.com/de-de/allgemeine-datenschutzbestimmungen/
Legal basis: Art. 6(1)(b) GDPR (performance of a contract)
5. Retention Period
We store your personal data only for as long as necessary to fulfill the respective purpose:
Inquiry data: Until your inquiry has been fully processed, for a maximum of 6 months
Transaction data: For the duration of the contractual relationship and beyond, in accordance with statutory retention requirements (10 years after the end of the calendar year in which the last receipt was issued, pursuant to Section 147 of the German Fiscal Code (AO))
Server log files: Maximum 7 days
6. Your Rights
You have the following rights regarding your personal data at any time:
Right of access: You may request information about the data we have stored
Right to rectification: You may request the correction of inaccurate data
Right to erasure: You may request the erasure of your data, provided that no legal retention obligations prevent this
Right to restriction of processing: You may request the restriction of processing
Right to object: You may object to the processing of your data on grounds relating to your particular situation
Right to data portability: You may request that your data be provided to you in a structured, commonly used format
Right to lodgea complaint: You have the right to lodge a complaint with a data protection supervisory authority
To exercise your rights, please contact us using the contact information provided above.
7. Data Security
We employ technical and organizational security measures to protect your data against accidental or intentional manipulation, loss, destruction, or access by unauthorized persons. Our security measures are continuously improved in line with technological developments.
8. Disclosure of Data
Your data will only be disclosed to third parties in the following cases:
You have given your explicit consent (Art. 6(1)(a) GDPR)
The disclosure is necessary for the performance of our contract with you (Art. 6(1)(b) GDPR)
There is a legal obligation to disclose the data (Art. 6(1)(c) GDPR)
9. No automated decision-making
We do not use automated decision-making or profiling.
10. Validity of the Privacy Policy
This Privacy Policy is currently valid and is effective as of December 2025. Due to the further development of our website or changes in legal requirements, it may become necessary to amend this Privacy Policy. The most current version of the Privacy Policy can be accessed on our website at any time.
Version 1.3