Data protection and privacy

Principle

We take the protection of personal data very seriously and treat your personal data confidentially and in accordance with the statutory data protection regulations as well as this Privacy Policy. On this page, we inform you about which personal data are processed when using this website and its services, and for what purposes these data are used. This Privacy Policy already implements the requirements of the EU General Data Protection Regulation (“GDPR”), which has been applicable since 25 May 2018.

Use of Forms

We allow visitors to the website to use the booking request and contact form to submit personal information. Depending on the type of form, personal data of the participant may be processed. Only the data entered by the visitor are processed. Data required for submitting the form are marked with an asterisk (*). Providing additional data is voluntary.

The legal basis for data processing is Art. 6 (1) (a) and (b) GDPR (until and including 24 May 2018: Section 28 (1) No. 1 BDSG). The legal basis for the transfer of data to the respective third country is Art. 49 (1) (b) GDPR (until and including 24 May 2018: Section 4c (1) No. 2 BDSG).

Web Server Log Data

Our web server processes a range of data with each request that your browser automatically transmits to our web server. This includes the IP address currently assigned to your device, the date and time of the request, the time zone, the specific page or file accessed, the HTTP status code, and the amount of data transferred. In addition, the website from which your request originated, the browser used, the operating system of your device, and the selected language are recorded.

The web server uses these data to display the contents of this website optimally on your device. Your IP address is deleted immediately after the connection ends; the remaining data are stored for statistical purposes without any reference to your person. The IP address is required during the connection in order to transmit the content of our website to your browser. The legal basis for processing the IP address is Art. 6 (1) (b) GDPR (until and including 24 May 2018: Section 28 (1) No. 1 BDSG). Transmission of the IP address is necessary to display the website; without transmission of the IP address, the website cannot be displayed.

Cookies

So-called “cookies” are used on this website. Cookies are small text files that are stored locally in the memory of your internet browser, provided your browser allows the storage of cookies. “Session cookies” are used. These are automatically deleted at the end of your visit. Cookies do not cause any damage to your computer and do not contain viruses.

Most browsers are set to automatically accept cookies. However, you can disable the storage of cookies or set your browser to notify you whenever cookies are sent. Our services can also be used without cookies.

Google Maps

We use the “Google Maps” component provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter “Google”), on our website.

Each time the “Google Maps” component is accessed, Google sets a cookie to process user settings and data when displaying the page on which the “Google Maps” component is integrated. This cookie is generally not deleted when the browser is closed, but expires after a certain period unless it is manually deleted by you beforehand.

If you do not agree with this processing of your data, you have the option to deactivate the “Google Maps” service and thereby prevent the transfer of data to Google. To do so, you must deactivate the JavaScript function in your browser. However, please note that in this case you will not be able to use “Google Maps” or only to a limited extent.

The use of “Google Maps” and the information obtained via “Google Maps” is subject to Google’s Terms of Use
(http://www.google.de/intl/de/policies/terms/regional.html)
and the additional Terms and Conditions for “Google Maps”
(https://www.google.com/intl/de_de/help/terms_maps.html).

Data Security

We take all reasonable technical and organizational measures to ensure the secure collection, processing, and use of your data. To prevent unauthorized access or disclosure, as well as to ensure the accuracy and authorized use of the data, we have implemented appropriate technical and organizational procedures to secure and protect the data we collect online.

Nevertheless, we would like to point out that data transmission over the internet (e.g. communication by email) may have security vulnerabilities. Complete protection of data against access by third parties is not possible.

For security reasons and to protect the transmission of confidential content, such as inquiries sent to us as the website operator, this website uses SSL encryption. You can recognize an encrypted connection by the browser’s address bar changing from “http://” to “https://” and by the lock symbol in your browser bar.

When SSL encryption is activated, the data you transmit to us cannot be read by third parties.

Retention Periods

We store your personal data, with the exception of financial data, for the duration of your relationship with us.

Financial data (payments, refunds, etc.) are stored for as long as required under applicable tax and accounting regulations.

No Transfer of Data to Third Parties

Your data will not be transferred to third parties unless we are legally obliged to do so. Where external service providers come into contact with your personal data, we ensure through legal, technical, and organizational measures, as well as regular checks, that they comply with data protection laws.

Your Rights

If we process your data on the basis of your consent, you have the right to withdraw this consent at any time with effect for the future.

You also have the right to request information at any time about all personal data that we process about you.

If your personal data are incorrect or incomplete, you have the right to rectification and completion.

You may also request the deletion of your personal data at any time, provided that we are not legally obliged or entitled to continue processing your data.

If the statutory requirements are met, you may also request a restriction of the processing of your personal data pursuant to Art. 18 GDPR (until and including 24 May 2018: blocking pursuant to Section 35 BDSG).

If data processing is carried out on the basis of your consent or within the framework of a contract, you have the right to data portability.

If our processing is based on a balancing of interests, you have the right to object to the processing.

You also have the right to lodge a complaint with a data protection supervisory authority at any time if you believe that data processing violates applicable law.

Before responding to your request, we may ask you for additional details to verify your identity. We will endeavor to respond within a reasonable period of time and, in any case, within the legally prescribed time limit. If you wish to exercise these rights, please contact us using the contact details provided below.

Controller, Data Protection Officer

The controller responsible for data processing is:

Monika Pönitz
Kohlgartenstraße 63 A
38855 Wernigerode
Germany

You can contact us by post or by email at info [at] ferienhaus-wernigerode.biz.

Our Data Protection Officer is:

Monika Pönitz
Kohlgartenstraße 63 A
38855 Wernigerode
Germany

You can contact the Data Protection Officer by post or by email at info [at] ferienhaus-wernigerode.biz.

Changes to This Privacy Policy

We reserve the right to amend this Privacy Policy at any time in compliance with applicable data protection regulations.

If you have any questions that are not answered by this Privacy Policy, you may contact us at any time at the following email address or via the contact details provided in the imprint:
info [at] ferienhaus-wernigerode.biz.

Last updated: 16 February 2026