Privacy Policy
Stand: 13.04.2026
1. Privacy at a Glance
General Information
The following information provides a simple overview of what happens to your personal data when you visit our website. Personal data is any data that can be used to personally identify you. Detailed information on the subject of data protection can be found in our privacy policy below.
Data Collection on This Website
Who is responsible for data collection on this website?
Data processing on this website is carried out by the website operator. You can find their contact details in the “Controller” section of this privacy policy.
How do we collect your data?
Your data is collected when you provide it to us, e.g. via our contact form. Other data is automatically collected or collected with your consent when you visit the website by our IT systems. This is primarily technical data (e.g. internet browser, operating system, time of page access).
What do we use your data for?
Some of the data is collected to ensure error-free provision of the website. Other data may be used to analyse your user behaviour, provided you have given your consent.
What rights do you have regarding your data?
You have the right to receive information about the origin, recipient and purpose of your stored personal data free of charge at any time. You also have the right to request the correction or deletion of this data. If you have given consent to data processing, you can revoke this consent at any time for the future. You also have the right to request the restriction of the processing of your personal data under certain circumstances. Furthermore, you have the right to lodge a complaint with the competent supervisory authority.
You can contact us at any time regarding this and other questions on the subject of data protection.
2. Controller
Controller within the meaning of the General Data Protection Regulation (GDPR):
Fam. Walter Schäfergasse 9 88459 Tannheim Germany
Phone: 08395/2143 Email: andrea.walter@gmx.net
3. General Information and Mandatory Disclosures
Data Protection
We take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy.
About the Controller
The controller for data processing on this website is identified in the “Controller” section above. The controller is the natural or legal person who alone or jointly with others determines the purposes and means of processing personal data.
Storage Duration
Unless a more specific storage period has been stated within this privacy policy, your personal data will remain with us until the purpose for data processing no longer applies. If you assert a legitimate request for deletion or revoke consent for data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data.
Revocation of Your Consent to Data Processing
Many data processing operations are only possible with your express consent. You can revoke consent that has already been given at any time. The legality of the data processing carried out until the revocation remains unaffected by the revocation.
You can change your cookie settings at any time via the link in the footer of this website.
Right to Object to Data Collection in Special Cases (Art. 21 GDPR)
If data processing is based on Art. 6(1)(f) GDPR, you have the right to object to the processing of your personal data at any time for reasons arising from your particular situation. We will then no longer process the personal data concerned unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defence of legal claims.
Right to Lodge a Complaint with the Supervisory Authority
In the event of violations of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority. The supervisory authority responsible for us is:
Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg (LfDI BW) Lautenschlagerstraße 20 70173 Stuttgart
Phone: 0711/615541-0 Email: poststelle@lfdi.bwl.de Website: https://www.baden-wuerttemberg.datenschutz.de
Right to Data Portability
You have the right to have data that we process automatically on the basis of your consent or in fulfilment of a contract handed over to you or to a third party in a common, machine-readable format (Art. 20 GDPR).
Information, Correction and Deletion
Within the framework of the applicable legal provisions, you have the right to free information about your stored personal data, its origin and recipients and the purpose of data processing and, if applicable, a right to correction or deletion of this data (Art. 15–17 GDPR). You can contact us at any time regarding this and other questions on the subject of personal data.
Right to Restriction of Processing
You have the right to request the restriction of the processing of your personal data (Art. 18 GDPR). You can contact us at any time regarding this matter.
Automated Decision-Making
Automated decision-making including profiling pursuant to Art. 22 GDPR does not take place on this website.
4. Hosting
Hetzner
We host our website with Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany.
When you visit our website, your personal data is processed on Hetzner’s servers. This may include your IP address, browser type, operating system, the page accessed, date and time of access and, if applicable, the referring website (referrer URL).
Legal basis: Processing is based on our legitimate interest in the secure and efficient provision of our website (Art. 6(1)(f) GDPR).
Data processing: The servers are located in Germany. Your data is not transferred to third countries. We have concluded a data processing agreement (DPA) with Hetzner in accordance with Art. 28 GDPR.
Storage duration: Server log files are automatically deleted after a maximum of 14 days.
Further information can be found in Hetzner’s privacy policy: https://www.hetzner.com/legal/privacy-policy
5. Cookies and Consent Management
What Are Cookies?
Our website uses so-called cookies and similar technologies (e.g. localStorage). Cookies are small text files that your browser stores on your device. They do not cause any damage.
Which Cookies Do We Use?
We distinguish the following categories:
Necessary Cookies / Storage
These are required for the basic functions of the website and cannot be disabled.
| Name | Purpose | Storage duration | Type |
|---|---|---|---|
| cookie-consent-v2 | Stores your cookie settings | Permanent | localStorage |
External Content (only with your consent)
Allows loading of external content such as interactive maps.
| Service | Purpose | Provider | Data transfer |
|---|---|---|---|
| OpenStreetMap | Interactive map view of our location (directions page) | OpenStreetMap Foundation (OSMF), UK | When loading the map, your IP address is transmitted to the OSMF tile servers |
| Google Maps | Embedded map on the contact page | Google Ireland Limited, Ireland | When loading the map, your IP address is transmitted to Google; Google may set cookies |
| CalendarApp | Availability calendar on the contact page | Tool Loft UG, Berlin, Germany | When loading the calendar, your IP address is transmitted to the CalendarApp server |
Statistics (only with your consent)
Helps us understand how visitors use our website.
| Cookie | Purpose | Storage duration |
|---|---|---|
| _ga | Distinguishing visitors (Google Analytics 4) | 2 years |
| _ga_* | Session status (Google Analytics 4) | 2 years |
Google Analytics is only loaded if you have consented to the “Statistics” category in the . Further information about Google Analytics can be found in Section 6.
Marketing
No marketing cookies or advertising trackers are currently used.
Consent Management
When you first visit our website, a banner is displayed allowing you to set your cookie preferences. You can change your settings at any time via the link in the footer.
Legal basis: The processing of technically necessary cookies is based on our legitimate interest in a functional website and in storing your cookie preferences (Art. 6(1)(f) GDPR). For all other cookies and external services, your consent is the legal basis (Art. 6(1)(a) GDPR in conjunction with § 25 TTDSG).
6. Analytics Tools
Google Analytics 4
If you have given your consent, we use Google Analytics 4, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Use only with consent: Google Analytics is only loaded if you have consented to the “Statistics” category in our cookie settings. Without your express consent, no tracking takes place — no scripts are loaded, no cookies are set and no data is transmitted to Google.
IP anonymisation: Google Analytics 4 anonymises your IP address by default, so no complete IP address is stored.
Data transfer to the USA: Google may also process your data in the USA. The transfer is based on the EU Standard Contractual Clauses (SCCs) and the EU-U.S. Data Privacy Framework, which Google has joined.
Opt-out: You can revoke your consent at any time via the . From that point on, no further tracking will take place.
Legal basis: Art. 6(1)(a) GDPR (consent).
Further information on how Google Analytics handles user data can be found in Google’s privacy policy: https://policies.google.com/privacy
7. Contact Form
When you send us enquiries via the contact form, your details from the enquiry form, including the contact data you provide (name, email address, telephone number, desired travel period, message) are stored by us for the purpose of processing the enquiry and in case of follow-up questions.
Form processing: The technical processing of the contact form is carried out on our own server in Germany (Hetzner Online GmbH, Gunzenhausen). Your entered data is transmitted in encrypted form and forwarded directly to us. No third-party services are used for form processing; no data is transferred outside the EU.
Spam protection: To protect against automated submissions, we use our own technical anti-spam procedure — without any external CAPTCHA service. In addition to the data you enter, we process:
- a server-signed challenge token (HMAC-SHA-256) to verify the origin and validity period of the request,
- a proof-of-work computation performed in your browser (SHA-256),
- a hidden “honeypot” field that is invisible to regular visitors,
- timestamps from when the form was loaded and submitted, together with an aggregate summary of interaction data (e.g. number of keystroke and focus events) for plausibility checking,
- your IP address for short-term rate limiting.
These signals are used exclusively to validate the individual submission and are not stored persistently. Rate-limiting records retain sender IPs only briefly in memory.
Legal basis for spam protection: Art. 6(1)(f) GDPR; our legitimate interest in preventing automated spam and abuse directed at our contact form.
Note on data minimisation: Please only include information in the message field that is necessary for your enquiry. Please refrain from including special categories of personal data (e.g. health data, religious beliefs), ID numbers or account numbers.
Storage duration: Enquiries that do not lead to a booking are deleted at the latest six months after the last contact. Enquiries relating to an actual booking are retained as business correspondence in accordance with the statutory retention periods (§ 257 HGB, § 147 AO — up to ten years). You may request deletion at any time, provided no statutory retention obligation applies.
Legal basis for the contact form: Art. 6(1)(b) GDPR (pre-contractual measures).
We will not pass on this data without your consent.
8. External Services
Map Display (OpenStreetMap)
We use the mapping service OpenStreetMap (OSM) from the OpenStreetMap Foundation (OSMF), 132 Maney Hill Road, Sutton Coldfield, West Midlands, B72 1JU, United Kingdom.
Use only with consent: The map is only loaded once you have consented to the “External Content” category in our cookie settings. Until then, you will see a placeholder with our address.
When loading the map, your IP address is transmitted to the OSMF tile servers. We have no influence on data processing by the OSMF.
Legal basis: Art. 6(1)(a) GDPR (consent).
Further information: https://wiki.osmfoundation.org/wiki/Privacy_Policy
Map Display (Google Maps)
On the contact page, we use an embedded map from Google Maps, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Use only with consent: The Google Maps map is only loaded once you have consented to the “External Content” category in our cookie settings. Until then, you will see a placeholder with our address.
When loading the map, a connection is established to Google’s servers. Your IP address is transmitted to Google in the process. Google may also set cookies and collect further usage data.
Data transfer to the USA: Google may also process your data in the USA. The transfer is based on the EU Standard Contractual Clauses (SCCs) and the EU-U.S. Data Privacy Framework.
Legal basis: Art. 6(1)(a) GDPR (consent).
Further information: https://policies.google.com/privacy
Availability Calendar (CalendarApp)
An availability calendar from the service “CalendarApp” is integrated on the contact page, operated by Tool Loft UG, Oranienstr. 185, 10999 Berlin, Germany.
Use only with consent: The calendar is only loaded once you have consented to the “External Content” category in our cookie settings. Until then, you will see a placeholder.
When loading the calendar, an external script (app.calendarapp.de) establishes a direct connection between your browser and the CalendarApp server. Tool Loft UG receives your IP address and other technical data (browser type, operating system).
The calendar is used solely to display availability. Personal data is only transmitted if you voluntarily enter it. Data is stored on servers in Germany and is not passed on to third parties.
Legal basis: Art. 6(1)(a) GDPR (consent).
Further information: https://app.calendarapp.de/de/
Fonts
All fonts used on this website (Playfair Display, Outfit, Caveat) are hosted locally on our server. No connection is made to Google Fonts or other external font services. When you visit our website, no data is transmitted to third parties for the display of fonts.
9. Currency and Changes to This Privacy Policy
This privacy policy is currently valid (as of April 2026).
Due to the further development of our website or changes in legal requirements, it may be necessary to amend this privacy policy. The current privacy policy can be accessed at any time on this page.
