Privacy Policy
The protection of your personal data is of particular importance to us. The use of our websites and services is generally possible without providing any personal data, unless there is a legal obligation or contractual requirement to do so.
However, if a data subject wishes to use special services of our company via our website or as part of a booking, the processing of personal data may become necessary.
The processing of personal data is always carried out in accordance with the General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG) and all other applicable data protection regulations.
1. Name and address of the data controller
The controller within the meaning of the General Data Protection Regulation, other data protection laws applicable in the Member States of the European Union and other provisions with a data protection character is:
Bolstein GmbH Managing Director: Alexei Keil Geschwister-Burch-Straße 28 53881 Euskirchen-Kirchheim Telephone: 02255 3172994 E-Mail: info@bolstein.de
2. Definitions
This privacy policy uses the terms used by the European legislator for the adoption of the General Data Protection Regulation.
The terms used, such as "personal data", "processing", "restriction of processing" or "consent", correspond to the definitions in Article 4 GDPR.
3. Collection of general data and information
The Bolstein GmbH website collects a range of general data and information each time the website is accessed by a data subject or an automated system.
This general data and information is stored in the server's log files. The following can be recorded:
- IP Address
- Date and time of access
- Pages and subpages visited
- amount of data transferred
- Browser type and browser version
- Operating system used
- Referrer URL
This data is needed to:
- to deliver the content of our website correctly
- to ensure the functionality of our IT systems
- to ensure system security and stability
- to provide law enforcement agencies with the information necessary for prosecution in the event of a cyberattack
The data will not be used to draw conclusions about the person concerned.
4. Website hosting
The Bolstein GmbH website is hosted by STRATO AG, Otto-Ostrowski-Straße 7, 10249 Berlin.
The servers are located within the European Union. STRATO automatically collects and stores information in so-called server log files.
The legal basis for the processing is Art. 6 para. 1 lit. f GDPR (legitimate interest in a secure and stable operation of the website).
5. Legal basis for processing
If consent is obtained from the data subject for processing operations involving personal data, Article 6(1)(a) GDPR serves as the legal basis.
If the processing of personal data is necessary for the performance of a contract to which the data subject is a party, the processing is based on Article 6(1)(b) GDPR.
If Bolstein GmbH is subject to a legal obligation that necessitates the processing of personal data, the processing is based on Art. 6 para. 1 lit. c GDPR.
In cases where the vital interests of the data subject or another natural person need to be protected, the processing is based on Article 6(1)(d) GDPR.
Processing operations that cannot be assigned to any of the aforementioned legal bases are based on Art. 6 para. 1 lit. f GDPR (legitimate interest).
6. Smoobu booking system
Bolstein GmbH uses the property management system Smoobu GmbH, Falckensteinstraße 48, 10997 Berlin, for the administration, organization and processing of bookings.
When using Smoobu, personal data such as name, contact details, booking details and length of stay are processed.
The processing is carried out for the performance of the contract in accordance with Art. 6 para. 1 lit. b GDPR.
7. Booking platform Airbnb
Bolstein GmbH uses the booking platform Airbnb.
When booking through Airbnb, personal data is transferred to Airbnb Ireland UC.
This may involve the transfer of personal data to third countries, in particular the USA.
Airbnb bases this transfer on appropriate safeguards pursuant to Art. 46 GDPR, in particular standard contractual clauses.
8. Booking platform Booking.com
Bolstein GmbH uses the booking platform Booking.com.
As part of a booking, personal data is transmitted to Booking.com BV and processed for contract fulfillment.
9. Payment service provider Stripe
For direct bookings, payment processing can be handled via Stripe.
Stripe processes personal payment data independently.
10. Payment service provider PayPal
If PayPal is selected, payment processing is handled by PayPal (Europe) S.à rl.
The processing is based on Article 6 paragraph 1 letter b GDPR.
11. Payment service provider Apple Pay
When using Apple Pay, payment processing is handled by Apple Inc.
Personal data may be transferred to third countries.
12. Communication via email and WhatsApp
Communication with guests takes place via email and – if expressly requested – via the WhatsApp messaging service.
When using WhatsApp, personal data may be transmitted to WhatsApp Ireland Limited and Meta Platforms Inc. (USA).
13. Cookies
The Bolstein GmbH website uses cookies.
Cookies are text files that are placed and stored on a computer system via an internet browser.
We only use technically necessary cookies.
14. Newsletter
If a data subject subscribes to the newsletter, their email address will be used exclusively for sending information.
Registration takes place via the double opt-in procedure.
15. Duration of storage of personal data
The duration of the storage of personal data depends on the respective statutory retention periods.
16. Rights of the data subject
Every affected person has the following rights:
- Right to confirmation (Art. 15 GDPR)
- Right of access (Art. 15 GDPR)
- Right to rectification (Art. 16 GDPR)
- Right to erasure (Art. 17 GDPR)
- Right to restriction of processing (Art. 18 GDPR)
- Right to data portability (Art. 20 GDPR)
- Right to object (Art. 21 GDPR)
- Right to withdraw consent (Art. 7 para. 3 GDPR)
17. Automated decision-making
As a responsible company, we refrain from automated decision-making or profiling.
18. Competent supervisory authority
State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia (LDI NRW) Cavalleriestraße 2–440213 Düsseldorf https://www.ldi.nrw.de