Privacy Policy

Privacy Policy

The protection of your personal data is important to us. We process your data exclusively on the basis of statutory provisions (the EU General Data Protection Regulation – GDPR – and the German Federal Data Protection Act – BDSG). In this privacy policy we inform you about the most important aspects of data processing in connection with our website.

1. Controller

The controller responsible for data processing on this website within the meaning of Art. 4 No. 7 GDPR is:

Peter J. Faust
Holiday Apartments Anno Dazumal & Carpe Diem
Bergstraße 10
D-87642 Halblech-Buching, Germany
Phone: +49 171 8384127
E-mail: info@ferienwohnungallgaeu.com

2. Your rights as a data subject

Under the GDPR, you have the following rights with regard to your personal data:

• Right of access (Art. 15 GDPR) – you may request information about whether and which of your data we process.
• Right to rectification (Art. 16 GDPR) – you may request correction of inaccurate data or completion of incomplete data.
• Right to erasure (Art. 17 GDPR) – you may request deletion of your data under certain conditions.
• Right to restriction of processing (Art. 18 GDPR) – you may request that processing of your data be restricted.
• Right to data portability (Art. 20 GDPR) – you may request the data you have provided to us in a structured, commonly used and machine-readable format.
• Right to object (Art. 21 GDPR) – you may object, on grounds relating to your particular situation, to processing based on Art. 6 (1) (f) GDPR.

An informal message to the contact details listed above is sufficient to exercise your rights.

3. Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a data-protection supervisory authority pursuant to Art. 77 GDPR if you consider that the processing of personal data relating to you infringes the GDPR. The competent supervisory authority for us is:

Bavarian State Office for Data Protection Supervision (BayLDA)
Promenade 18
91522 Ansbach, Germany
Phone: +49 (0) 981 180093-0
E-mail: poststelle@lda.bayern.de
Website: www.lda.bayern.de

4. Data collected when visiting the website (server log files)

Each time our website is accessed, our web server automatically records information that your browser transmits. These so-called server log files include:

• the anonymised IP address of the requesting device
• date and time of the request
• file requested and HTTP status code
• amount of data transferred
• referrer URL (the previously visited page)
• browser type, browser version and operating system used

This data cannot be assigned to specific individuals by us. The data is not combined with other data sources. Processing is carried out on the basis of Art. 6 (1) (f) GDPR; our legitimate interest lies in ensuring the smooth operation of the website and in detecting and defending against attacks.

Server log files are stored for a maximum period of 7 days and are then automatically deleted. They are stored for longer only if this is necessary to investigate a specific security incident; in that case the data concerned is retained until the incident has been finally clarified.

5. Cookies and local storage

Our website uses only strictly necessary cookies and a local storage entry (localStorage) for your cookie preference. We do not use any tracking, advertising or analytics cookies.

• Session cookie (PHPSESSID): A strictly necessary session cookie is set when the page is loaded; it ensures that the contact form works and that the session is secure. It contains a random session ID, but no personal data. The cookie is automatically deleted when you close your browser.
• Cookie preference in localStorage: Your decision in the cookie notice (acceptance or rejection) is stored exclusively in your browser's localStorage so that the notice is not displayed again on every visit. This information never leaves your computer and is not transmitted to our server.

The legal basis for the use of strictly necessary cookies and local storage is § 25 (2) No. 2 TDDDG (German Telecommunications Digital Services Data Protection Act) and Art. 6 (1) (f) GDPR. You can delete cookies at any time in your browser settings or prevent them from being stored at all.

6. ALTCHA – spam protection for the contact form

To protect our contact form against automated abuse (spam, bots) we use the open-source component ALTCHA. ALTCHA is a proof-of-work mechanism: your browser silently solves a small cryptographic computation, and the result is sent together with your request to our server, where it is verified.

ALTCHA runs entirely on our own server (self-hosted). It does not set cookies, does not perform browser fingerprinting, and does not transmit any personal data to third parties. No data is shared with external providers. The legal basis is Art. 6 (1) (f) GDPR; our legitimate interest lies in protecting our contact form from abuse.

For more information about how ALTCHA works and its privacy properties, see altcha.org.

7. Contact form

If you send us a booking enquiry or any other enquiry via the contact form on our website, the data you enter will be stored in order to process your request and to allow for follow-up questions. Specifically, we process the following information:

• name
• e-mail address
• phone number (if provided)
• desired apartment (Anno Dazumal or Carpe Diem)
• arrival and departure date
• number of guests
• your message / additional notes

Enquiries are stored in a database table (form_submissions) on our server hosted in Germany and are additionally forwarded by e-mail to the recipient address shown above, info@ferienwohnungallgaeu.com.

The legal basis for processing is Art. 6 (1) (b) GDPR (initiation or performance of a contractual relationship) and, where no contract follows from the request, Art. 6 (1) (f) GDPR (legitimate interest in answering enquiries).

Your data will not be passed on to any third parties.

8. Retention period for enquiry and booking data

We store your personal data only for as long as is necessary for the processing purpose stated:

• Pure enquiries that do not lead to a booking are deleted after the correspondence has ended, at the latest after 6 months, unless statutory retention obligations require otherwise.
• Data relating to bookings that have been concluded is subject to statutory retention periods under tax and commercial law (generally 8 or 10 years pursuant to § 147 AO and § 257 HGB) and is deleted thereafter.

9. Hosting

Our website is hosted on a server located in the Federal Republic of Germany. As part of providing the server, the hosting provider processes technically necessary data (in particular the server log files described in section 4) on the basis of a data-processing agreement under Art. 28 GDPR. We will gladly disclose the specific provider on request.

10. Web fonts

This website uses only locally embedded fonts that are provided through the open-source package @fontsource and delivered from the same server as the website itself. There is no connection to Google Fonts or any other external font provider. No personal data is transmitted to third parties when the font files are loaded.

11. Encryption (TLS/SSL)

For security reasons and to protect the transmission of confidential content, this website uses SSL/TLS encryption. You can recognise an encrypted connection by the fact that the address bar of your browser changes from "http://" to "https://" and by the lock symbol in your browser. Data transmitted to us cannot then be read by third parties.

12. No automated decision-making

No automated decision-making, including profiling, within the meaning of Art. 22 GDPR takes place.

13. Changes to this privacy policy

We reserve the right to amend this privacy policy from time to time so that it always complies with current legal requirements or in order to reflect changes to our services, for example when introducing new features. The new version of the privacy policy will then apply to your next visit.

14. Status

Status of this privacy policy: 04 May 2026