Privacy Policy

This English version is a translation for your convenience. The legally binding version is the German original.

1. Controller

The parties responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) are:

Janna Weiß (née Sebode) and Moritz Sebode Enseburgweg 41, 30826 Garbsen, Germany Phone: +49 176 62011508 E-mail: info@casa-di-lumi.de

2. Data protection officer

We are not legally obliged to appoint a data protection officer and have therefore not designated one. If you have any questions about data protection, please contact the controllers named above directly.

3. Hosting

This website is hosted by Cloudflare (Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, USA; represented in the EU by Cloudflare Germany GmbH). Cloudflare processes data generated when you visit the website on our behalf (see server log files). The legal basis is our legitimate interest in providing the website securely and efficiently (Art. 6 (1) (f) GDPR).

A data processing agreement (Art. 28 GDPR) is in place with Cloudflare. Insofar as data is transferred to the USA, the transfer is based on the EU-US Data Privacy Framework and/or the European Commission’s standard contractual clauses.

4. Server log files

When you access the website, the hosting provider automatically collects information in so-called server log files that your browser transmits. These are in particular:

• IP address of the requesting device
• date and time of access
• page / file accessed
• volume of data transferred
• browser used and its version
• operating system
• referrer URL

This data is used for the technical delivery, security and stability of the website and is not merged with other data sources. The legal basis is Art. 6 (1) (f) GDPR.

5. Contact by e-mail

If you contact us by e-mail, we process the data you provide (your e-mail address, your name and the content of your message) in order to handle your request. The legal basis is Art. 6 (1) (b) GDPR (initiation or performance of a contract) or Art. 6 (1) (f) GDPR (handling of general enquiries). The data is deleted as soon as it is no longer required to achieve the purpose and no statutory retention obligations prevent deletion.

Note: This website currently does not use an electronic contact form; contact is made exclusively by e-mail. As soon as an enquiry form is integrated, this section will be updated accordingly.

6. Booking widget (Beds24)

On the Booking page we offer a booking widget from the provider Beds24 (iframe). This widget is not loaded automatically: as long as you do not actively consent, no connection to Beds24 is established and no data is transmitted. Only when you click “Load booking widget” is the iframe loaded; this establishes a connection to Beds24’s servers, transmits your IP address and may result in cookies being set by Beds24. If you then use the widget (availability check, booking), Beds24 processes the booking and contact data you enter in order to carry out the booking.

We store your consent locally in your browser (localStorage) so that you do not have to consent again on every visit. You can withdraw it at any time by deleting the website data in your browser.

The legal basis for loading the widget and the associated setting of cookies or access to your device is your consent (Art. 6 (1) (a) GDPR in conjunction with § 25 (1) TDDDG). The subsequent processing of your booking data is carried out to initiate or perform the rental contract (Art. 6 (1) (b) GDPR).

The provider of the widget is Beds24 GmbH, c/o EDGE Workspaces Grand Central Berlin, Invalidenstraße 65, 10557 Berlin, Germany. Details of data processing by Beds24 can be found in their privacy policy at beds24.com/privacypolicy.html.

7. Cookies

The website itself does not set any tracking or analytics cookies of its own. Cookies set by the Beds24 widget can only occur after your express consent and the loading of the widget (see section 6). Your consent is stored in a technically necessary entry in your browser’s local storage (localStorage).

8. SSL/TLS encryption

For security reasons, this site uses SSL/TLS encryption. You can recognise an encrypted connection by the “https://” in your browser’s address bar.

9. Your rights

Within the framework of the statutory provisions, you have the right at any time to:

• access the data stored about you (Art. 15 GDPR)
• rectification of inaccurate data (Art. 16 GDPR)
• erasure of your data (Art. 17 GDPR)
• restriction of processing (Art. 18 GDPR)
• data portability (Art. 20 GDPR)
• object to processing (Art. 21 GDPR)

An informal message to the contact details given in section 1 is sufficient to exercise these rights.

10. Right to lodge a complaint with a supervisory authority

You have the right to lodge a complaint with a data protection supervisory authority. The authority responsible is in particular the one at the controller’s registered office:

Die Landesbeauftragte für den Datenschutz Niedersachsen (LfD Niedersachsen), Prinzenstraße 5, 30159 Hannover.