Skip to main content

Privacy Policy

We take the protection of your personal data very seriously. This Privacy Policy explains how we handle your personal data when you visit our website or book our vacation rentals.

1. Data Controller

Vacation at the Lindnerhof
Nils Großheim
Hüttenbrink 1
37520 Osterode am Harz
Germany

Phone: +49 (5522) 76362
Email: Datenschutz@Lindnerhof.info
Website: https://www.lindnerhof.info

2. Collection and Storage of Personal Data

When visiting our website

Every time you visit our website, we automatically collect the following information that your browser transmits to our server:

  • IP address

  • Date and time of access

  • Browser type and version used

  • Operating system

  • Previously visited page (referrer URL)

  • Pages accessed on our website

This data is stored in our server’s log files and is used exclusively to ensure a smooth connection, system security, and technical administration. This data is not combined with other data sources. The data is automatically deleted after no more than 7 days.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in providing a functional website)

When contacting us and making bookings

When you contact us via email, phone, or the contact form, or make a booking, we collect and process the following data:

  • Title

  • Last name and first name

  • Address

  • Email address

  • Phone number

  • For companies: Company name, department, reference, names of travelers

  • Travel dates and number of people; for minor travelers, their age.

  • Any special requests or requirements

  • How you found out about us (optional)

This data is used exclusively to process your inquiry, to fulfill the booking contract, and to communicate with you. It will only be disclosed to third parties to the extent necessary for contract fulfillment (e.g., to payment service providers) or as required by law.

Legal basis: Art. 6(1)(b) GDPR (performance of a contract) and Art. 6(1)(f) GDPR (legitimate interest in communication)

3. Cookies

Our website uses technically necessary cookies to ensure functionality. These cookies are automatically deleted at the end of your browser session. We do not use marketing or tracking cookies.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in the technical operation of the website)

4. External Services

4.1 Map display (OpenStreetMap)

We integrate map data from OpenStreetMap into our website to show you the location of our accommodations. OpenStreetMap is a project of the OpenStreetMap Foundation, 132 Maney Hill Road, Sutton Coldfield, West Midlands, B72 1JU, United Kingdom.

No cookies are set on your device when using OpenStreetMap. However, when loading the map tiles, technically necessary connection data (such as your IP address) is transmitted to the OpenStreetMap Foundation’s servers.

For more information, please see OpenStreetMap’s privacy policy: https://wiki.osmfoundation.org/wiki/Privacy_Policy

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in the user-friendly display of our locations)

4.2 Hosting

This website is hosted externally. The host is:

Scaleway S.A.S.
8 rue de la Ville l'Évêque
75008 Paris
France

The personal data collected on this website (in particular the server log files mentioned in Section 2) is stored on the host’s servers at the data center in Amsterdam (Netherlands).

Scaleway is the recipient of your personal data and acts as a data processor on our behalf. Processing is carried out on the basis of a data processing agreement in accordance with Article 28 of the GDPR.

For further information, please refer to Scaleway’s privacy policy: https://www.scaleway.com/en/privacy-policy/

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in the reliable and secure provision of our website)

4.3 Email Communication

To send emails (e.g., booking confirmations, responses to inquiries), we use our own mail server, which is operated on the infrastructure of Amazon Web Services (AWS):

Amazon Web Services, Inc.
410 Terry Avenue North
Seattle, WA 98109
USA

Email data is stored and processed exclusively in the AWS data center in Frankfurt (eu-central-1) within the European Union. AWS acts as a data processor on our behalf. A data processing agreement in accordance with Art. 28 GDPR and the AWS GDPR Data Processing Addendum (DPA), including standard contractual clauses, is in place.

For more information, please refer to the AWS Privacy Policy: https://aws.amazon.com/de/privacy/

Legal basis: Art. 6(1)(b) GDPR (performance of a contract) and Art. 6(1)(f) GDPR (legitimate interest in reliable communication)

4.4 Payment Processing

We use the following payment service provider to process payments (online payments as well as in-person card payments):

SumUp Limited
Block 8, Harcourt Centre
Charlotte Way, Dublin 2
D02 K580, Ireland

When a payment is made, the data required for payment processing is transmitted to SumUp. This includes, in particular: payment amount, time of transaction, payment method, and, if applicable, card details (for card payments). SumUp processes this data in accordance with SumUp’s privacy policy.

SumUp is an e-money institution licensed by the Central Bank of Ireland and certified under the Payment Card Industry Data Security Standard (PCI-DSS). All data is stored within the EU.

For more information, please see SumUp’s Privacy Policy: https://www.sumup.com/de-de/allgemeine-datenschutzbestimmungen/

Legal basis: Art. 6(1)(b) GDPR (performance of a contract)

5. Retention Period

We store your personal data only for as long as necessary to fulfill the respective purpose:

  • Inquiry data: Until your inquiry has been fully processed, for a maximum of 6 months

  • Transaction data: For the duration of the contractual relationship and beyond, in accordance with statutory retention requirements (10 years after the end of the calendar year in which the last receipt was issued, pursuant to Section 147 of the German Fiscal Code (AO))

  • Server log files: Maximum 7 days

6. Your Rights

You have the following rights regarding your personal data at any time:

  • Right of access: You may request information about the data we have stored

  • Right to rectification: You may request the correction of inaccurate data

  • Right to erasure: You may request the erasure of your data, provided that no legal retention obligations prevent this

  • Right to restriction of processing: You may request the restriction of processing

  • Right to object: You may object to the processing of your data on grounds relating to your particular situation

  • Right to data portability: You may request that your data be provided to you in a structured, commonly used format

  • Right to lodgea complaint: You have the right to lodge a complaint with a data protection supervisory authority

To exercise your rights, please contact us using the contact information provided above.

7. Data Security

We employ technical and organizational security measures to protect your data against accidental or intentional manipulation, loss, destruction, or access by unauthorized persons. Our security measures are continuously improved in line with technological developments.

8. Disclosure of Data

Your data will only be disclosed to third parties in the following cases:

  • You have given your explicit consent (Art. 6(1)(a) GDPR)

  • The disclosure is necessary for the performance of our contract with you (Art. 6(1)(b) GDPR)

  • There is a legal obligation to disclose the data (Art. 6(1)(c) GDPR)

9. No automated decision-making

We do not use automated decision-making or profiling.

10. Validity of the Privacy Policy

This Privacy Policy is currently valid and is effective as of December 2025. Due to the further development of our website or changes in legal requirements, it may become necessary to amend this Privacy Policy. The most current version of the Privacy Policy can be accessed on our website at any time.

Version 1.3