Privacy Policy

Last updated: 2026-02-20

1. Introduction and overview

With this privacy policy, we inform you, in accordance with the requirements of the General Data Protection Regulation (EU) 2016/679 (GDPR) and applicable national laws, about which personal data (“data” for short) we, as the controller—and the processors we engage (e.g., hosting providers, booking system, payment services)—process.

2. Controller

Stellplatz Kaisergarten Owner: Thomas Loth Simrockstraße 58, 46149 Oberhausen, Germany Email: info@stellplatz-kaisergarten.de Phone: +49 208 305943-36

3. Scope

This privacy policy applies to all personal data that we process as part of the following activities:

  • Operating our information website stellplatz-kaisergarten.de
  • Integration and use of the external booking page at buchen.stellplatz-kaisergarten.de
  • Communication by email and phone
  • Processing bookings, accommodation contracts, and payments

4. Legal bases for data processing

Under Art. 6(1) GDPR, we process data only if at least one of the following conditions is met:

  • Consent (Art. 6(1)(a) GDPR): If you have consented, via the cookie banner on our booking page, to the storage of certain cookies.
  • Contract (Art. 6(1)(b) GDPR): To perform a contract or to take steps prior to entering into a contract (e.g., processing bookings, stays, payments, answering booking inquiries).
  • Legal obligation (Art. 6(1)(c) GDPR): If we are subject to legal obligations (e.g., retention obligations under tax and commercial law, registration laws).
  • Legitimate interest (Art. 6(1)(f) GDPR): If processing is necessary to safeguard legitimate interests and your rights do not override them (e.g., secure operation of the website).

5. Hosting & server log files

Our website is hosted on servers of a professional hosting provider within the EU/EEA. When you simply visit our pages, the provider automatically collects and stores information in so-called log files, which your browser automatically transmits to us. The data collected includes:

  • Accessed URL
  • Date and time of access
  • IP address
  • Referrer URL (the previously visited page)
  • Browser type, version, operating system

The data is stored for up to 14 days to defend against attacks, detect misuse, and ensure technical stability. This data is not merged with other data sources. The legal basis is Art. 6(1)(f) GDPR.

6. Cookies & tracking

We make a technical and content-related distinction between our information-only site and the external booking page:

Main website (stellplatz-kaisergarten.de):
We respect your privacy. No tracking tools, analytics software (such as Google Analytics), or advertising trackers are used on our information-only site. No user profiles are created and no cookies are stored on your device.

Booking page (buchen.stellplatz-kaisergarten.de):
For the booking process, we forward you via a link to an external booking system. This system uses cookies. These include technically essential session cookies to temporarily store your entries during the ongoing booking session and to enable the conclusion of the contract (Art. 6(1)(b) GDPR).
In addition, further cookies may be used on the booking page for optional functions or statistics. When you first access the booking page, you will therefore see a cookie banner from the system provider. There you can view in detail which cookies are used and give or refuse your individual consent (Art. 6(1)(a) GDPR). You can adjust your settings at any time via the banner on the booking page.

7. Contacting us

If you contact us by email or phone, we store the information you provide (e.g., name, contact details, content of your inquiry) solely to handle your request. Legal basis: Art. 6(1)(b) GDPR (contractual or pre-contractual communication) or Art. 6(1)(f) GDPR. The data will be deleted as soon as storage is no longer necessary for processing and no statutory retention obligations prevent deletion.

8. Application process

If you apply to us (e.g., by email or via a contact form), we collect and process your personal data for the purpose of handling the application process. The data you provide (e.g., contact details, cover letter, CV, references) will be treated in strict confidence.

Legal basis: Processing is based on Art. 6(1)(b) GDPR in conjunction with Section 26(1) BDSG (initiation of an employment relationship).

Deletion: If we conclude an employment contract with you, the data will be stored for the employment relationship. If the process ends without employment, your data will generally be stored for six months after you are informed of the rejection decision and then deleted. This retention period is necessary to defend ourselves against possible claims (e.g., under the General Equal Treatment Act—AGG). Longer storage (e.g., inclusion in an applicant pool) will only take place with your explicit consent (Art. 6(1)(a) GDPR).

Security notice regarding emails: We expressly point out that sending application documents via unencrypted standard email naturally involves security risks and may be viewed by third parties. We recommend sending by post or using an offered TLS-encrypted form.

9. Bookings & payment processing

To process bookings, we collect and process the necessary master and contract data (name, contact details, travel period, license plate number, payment information). Without this information, a booking and contract performance are not possible.

External booking system:
To provide the online booking function, we use the services of the provider Booking Experts. The data you enter on buchen.stellplatz-kaisergarten.de is processed on this provider’s servers on our behalf.

For payment processing, we use external payment service providers. Your data (such as name, amount, bank details) is transmitted to these providers in encrypted form and solely for the performance of the contract (Art. 6(1)(b) GDPR). Each payment service provider is independently responsible under data protection law for processing its own databases:

iDEAL: Provider: Currence iDEAL B.V., Netherlands.

Bank transfer: For regular bank transfers, we process the data you provide solely to allocate the payment.

Apple Pay: Provider: Apple Distribution International Ltd., Ireland. Payment data is processed by Apple. Apple may transfer data to the USA (safeguard: EU Standard Contractual Clauses).

Credit card: Necessary information is transmitted to our payment service providers and the involved credit institutions.

PayPal: Provider: PayPal (Europe) S.à r.l. et Cie, S.C.A., Luxembourg. PayPal processes transaction data on its own responsibility. Data transfer to the USA is possible (safeguard: EU Standard Contractual Clauses).

10. Processing on behalf

We have concluded the required data processing agreements (DPA) pursuant to Art. 28 GDPR with all external service providers (in particular the web host and the provider of the external booking software) who process personal data on our behalf and under our instructions, to ensure the protection of your data.

11. Data transfer to third countries

As a rule, data is not transferred to third countries outside the EU/EEA. Such transfers only take place if they are strictly necessary for contract performance (e.g., by choosing a specific payment provider such as PayPal or Apple) or if appropriate safeguards pursuant to Art. 46 GDPR (e.g., Standard Contractual Clauses) are in place.

12. Storage period

We store personal data only for as long as necessary to fulfill the purposes stated or as long as statutory retention obligations exist. Under commercial and tax law, we generally must retain invoice and booking data for 10 years (under Section 147 AO) or 6 years (under Section 257 HGB). After that, the data is deleted in accordance with data protection requirements.

13. Your rights

Under the GDPR, you have the following rights regarding your processed data:

  • Right of access (Art. 15 GDPR)
  • Right to rectification (Art. 16 GDPR)
  • Right to erasure (Art. 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to object to processing (Art. 21 GDPR)

Where processing is based on your consent (e.g., via the cookie banner on the booking page), you can withdraw it at any time with effect for the future.

14. Competent supervisory authority

If you believe that the processing of your data violates data protection law, you have the right to lodge a complaint with a supervisory authority (Art. 77 GDPR). The authority responsible for us is:
State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia (LDI NRW)
Kavalleriestraße 2–4, 40213 Düsseldorf, Germany
Phone: 0211 38424-0
Email: poststelle@ldi.nrw.de
Website: www.ldi.nrw.de

15. Data security (TLS encryption)

To protect the security of your data during transmission, we use encryption methods (TLS/HTTPS) that reflect the current state of the art. You can recognize this by the padlock symbol in your browser’s address bar.

16. Changes to this privacy policy

We reserve the right to amend this privacy policy so that it always complies with current legal requirements or to implement changes to our services. The current version published here shall apply in each case.