Privacy policy

Privacy Policy

1. General Information

The protection of your personal data is important to us. Below, we inform you about which personal data we process when you use our website, submit booking inquiries, make reservations or communicate with us, and which rights you have under the General Data Protection Regulation (GDPR).

Personal data means any information relating to an identified or identifiable natural person, such as name, address, email address, phone number, IP address or booking data.

2. Controller

The controller responsible for data processing on this website is:

Dill Apartments – Owner: Daniel Dill
Bahnweg 3
91785 Pleinfeld
Germany

Phone: +49 9144 3239831
Email: info@dill-apartments.de

3. Collection and Storage of Personal Data When Visiting the Website

When you access our website, the browser used on your device automatically sends information to the server of our website. This information is temporarily stored in so-called server log files.

The following data may be processed:

  • IP address of the requesting device,
  • date and time of access,
  • name and URL of the requested file,
  • website from which access is made,
  • browser used,
  • operating system of your device,
  • name of your access provider.

This data is processed to ensure a smooth connection to the website, to evaluate system security and stability and to enable the technical administration of the website.

The legal basis is Art. 6(1)(f) GDPR. Our legitimate interest lies in the secure, stable and user-friendly provision of our website.

4. Contact by Email, Phone or Contact Form

If you contact us by email, phone or via a contact form, we process the data you provide in order to handle your inquiry.

This may include in particular:

  • name,
  • email address,
  • phone number,
  • content of your message,
  • booking or travel details,
  • desired period of stay,
  • number of guests,
  • any other information voluntarily provided by you.

The processing is carried out to handle your inquiry and to communicate with you.

The legal basis is Art. 6(1)(b) GDPR if your inquiry is related to a booking, reservation or pre-contractual measure. In all other cases, the processing is based on Art. 6(1)(f) GDPR. Our legitimate interest lies in the efficient handling of incoming inquiries.

5. Bookings and Reservations

If you book accommodation with Dill Apartments or submit a booking inquiry, we process the personal data required to carry out the booking.

This may include in particular:

  • first and last name,
  • address,
  • email address,
  • phone number,
  • period of stay,
  • number of guests,
  • payment information,
  • invoice data,
  • communication content,
  • where applicable, information about special requirements or requests.

The processing is carried out to take pre-contractual measures, to conclude and perform the accommodation contract, to process payments, to issue invoices and to communicate with you in connection with your stay.

The legal basis is Art. 6(1)(b) GDPR. Where statutory retention or documentation obligations apply, processing is additionally based on Art. 6(1)(c) GDPR.

6. Payment Processing

For payment processing, personal data may be transmitted to banks, payment service providers or other entities involved in payment processing.

The data processed depends on the selected payment method. This may include, in particular, name, invoice amount, booking number, bank details, credit card details or transaction-related information.

Processing is carried out for the performance of the accommodation contract and for payment processing.

The legal basis is Art. 6(1)(b) GDPR. Where tax or commercial law obligations apply, Art. 6(1)(c) GDPR is the legal basis.

7. Booking Portals and Intermediary Platforms

If you book through external booking portals or intermediary platforms, we receive from these platforms the personal data required to carry out the booking.

This may include in particular name, contact details, booking period, number of guests, payment status and other booking-related information.

The respective platform operator is generally responsible for data processing carried out by the booking portal. Please also refer to the privacy information of the respective booking portal.

The data transmitted to us is processed for the performance of the accommodation contract pursuant to Art. 6(1)(b) GDPR and to comply with legal obligations pursuant to Art. 6(1)(c) GDPR.

8. Invoicing and Statutory Retention Obligations

We process personal data insofar as this is necessary for invoicing, accounting and compliance with tax or commercial law obligations.

This may include in particular name, address, service period, invoice amount, payment data and booking-related information.

The legal basis is Art. 6(1)(c) GDPR. The data is stored in accordance with statutory retention periods.

9. Cookies and Similar Technologies

Our website may use cookies and similar technologies. Cookies are small text files stored on your device.

We distinguish between technically necessary cookies and optional cookies.

Technically necessary cookies are required to provide basic website functions. Processing is based on Art. 6(1)(f) GDPR. Our legitimate interest lies in the functional and secure provision of our website.

Optional cookies, in particular for statistics, marketing or external media functions, are only used if you have given your prior consent. The legal basis is Art. 6(1)(a) GDPR. You may withdraw your consent at any time with effect for the future.

Please also note that the legal requirements of the German Telecommunications Digital Services Data Protection Act (TDDDG) may apply to the storage of information on your device or access to information on your device.

10. Cookie Consent Tool

If a cookie consent tool is used on our website, we use it to obtain, document and manage your consent to the use of certain cookies or services.

The following data may be processed in particular:

  • consent status,
  • date and time of consent,
  • browser information,
  • shortened or pseudonymized IP address,
  • selected services or categories.

Processing is carried out to comply with legal obligations pursuant to Art. 6(1)(c) GDPR and to document consent.

11. Web Analytics, Statistics and Marketing

If we use services for web analytics, statistics or marketing, we use them only where valid consent has been obtained.

In this context, usage data, device information, browser information, IP addresses, page views, time spent on the website and interactions with the website may be processed.

The legal basis is Art. 6(1)(a) GDPR. Consent may be withdrawn at any time with effect for the future.

12. Google Analytics

If Google Analytics is used on this website, we use the web analytics service Google Analytics provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics enables analysis of the use of our website. In particular, information about page views, time spent on the website, devices used, browsers, approximate locations and interactions with the website may be processed.

Use is based only on your consent pursuant to Art. 6(1)(a) GDPR. You may withdraw your consent at any time with effect for the future.

This section should only be used if Google Analytics is actually used.

13. Google Maps

If Google Maps is embedded on our website, we use the map service Google Maps provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Through the integration of Google Maps, personal data, in particular IP address, location data, device information and usage data, may be transmitted to Google.

Use is based on your consent pursuant to Art. 6(1)(a) GDPR, insofar as consent is required. You may withdraw your consent at any time with effect for the future.

This section should only be used if Google Maps is actually embedded.

14. External Content and Embedded Services

Our website may embed content from external providers, such as maps, videos, booking widgets, review widgets or fonts.

When this content is loaded, personal data, in particular IP address, browser information and usage data, may be transmitted to the respective providers.

Where consent is required for the integration, processing is based on Art. 6(1)(a) GDPR. Otherwise, processing is based on our legitimate interest pursuant to Art. 6(1)(f) GDPR in an attractive and functional presentation of our website.

15. Newsletter

If we offer a newsletter, we process your email address and, where applicable, further voluntarily provided data exclusively for sending the newsletter.

The newsletter is sent only on the basis of your consent pursuant to Art. 6(1)(a) GDPR. You may withdraw your consent at any time with effect for the future, for example via an unsubscribe link in the newsletter or by sending us a message.

This section should only be used if a newsletter is actually offered.

16. Recipients of Personal Data

Personal data is only disclosed where this is necessary for contract performance, payment processing, compliance with legal obligations, protection of legitimate interests or on the basis of your consent.

Recipients may include in particular:

  • IT and hosting service providers,
  • payment service providers,
  • tax advisors and accounting providers,
  • booking portals and intermediary platforms,
  • cleaning and service providers, insofar as necessary for the performance of the stay,
  • authorities, where legally required,
  • other service providers who support us in providing our services.

Where service providers process personal data on our behalf, we conclude data processing agreements pursuant to Art. 28 GDPR where required.

17. Transfer to Third Countries

Personal data is transferred to countries outside the European Union or the European Economic Area only where this is necessary for the use of certain services and where the legal requirements are met.

This may be the case in particular when external service providers, analytics, marketing, map or booking services are used.

Where no adequacy decision by the European Commission exists, a transfer will only take place on the basis of appropriate safeguards, such as EU Standard Contractual Clauses, or on the basis of your explicit consent.

18. Storage Period

We store personal data only for as long as necessary for the respective purposes or as long as statutory retention obligations apply.

Data from inquiries is deleted once the inquiry has been finally processed and no statutory retention obligations prevent deletion.

Booking, invoice and payment data is stored in accordance with statutory commercial and tax retention periods.

Data processed on the basis of consent is generally stored until the consent is withdrawn or until the processing purpose no longer applies.

19. Your Rights

Subject to the statutory requirements, you have the following rights:

  • right of access pursuant to Art. 15 GDPR,
  • right to rectification pursuant to Art. 16 GDPR,
  • right to erasure pursuant to Art. 17 GDPR,
  • right to restriction of processing pursuant to Art. 18 GDPR,
  • right to data portability pursuant to Art. 20 GDPR,
  • right to object pursuant to Art. 21 GDPR,
  • right to withdraw consent pursuant to Art. 7(3) GDPR.

If you believe that the processing of your personal data violates data protection law, you also have the right to lodge a complaint with a data protection supervisory authority.

20. Right to Object

Where we process personal data on the basis of Art. 6(1)(f) GDPR, you have the right to object to such processing at any time on grounds relating to your particular situation.

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defense of legal claims.

21. Withdrawal of Consent

If you have given us consent to process personal data, you may withdraw this consent at any time with effect for the future.

The lawfulness of processing carried out on the basis of consent before its withdrawal remains unaffected.

22. Data Security

We take appropriate technical and organizational measures to protect your personal data against loss, misuse, unauthorized access, disclosure, alteration or destruction.

Our website uses SSL or TLS encryption where technically implemented. You can recognize an encrypted connection by the fact that the browser address line begins with “https://”.

23. Validity and Changes to this Privacy Policy

This privacy policy is currently valid and was last updated in June 2026.

We reserve the right to amend this privacy policy if our website, our services or legal requirements change.