Privacy Policy

1. Data Controller (Art. 13 Para. 1a GDPR)

Ehegatten GbR Roller
Streitbergstr. 5
81249 Munich
Germany

Telephone: +49 172 62 02 931
Email: info@aviva-bodman.de

Data Protection Officer: Damian Roller
Note: As a small vacation rental operator with few staff members, no external data protection officer is required.

2. Your Rights under GDPR (Art. 15-21 GDPR)

You have the following rights regarding your personal data:

1. Right of Access (Art. 15 GDPR): You have the right to know whether we are processing personal data about you, which data that is, and for what purposes it is being used.
2. Right to Rectification (Art. 16 GDPR): You can request correction of inaccurate or incomplete data.
3. Right to Erasure (Art. 17 GDPR): You can request deletion of your data under certain conditions (right to be forgotten).
4. Right to Restrict Processing (Art. 18 GDPR): You can restrict processing of your data in certain cases.
5. Right to Data Portability (Art. 20 GDPR): You have the right to receive your data in a structured, common, and machine-readable format and to transmit it to another controller.
6. Right to Object (Art. 21 GDPR): You can object to processing of your data based on legitimate interests.

Right to Lodge a Complaint: You have the right to lodge a complaint with the data protection authority (Landesbeauftragte für Datenschutz Baden-Württemberg) if you believe that processing of your data violates the GDPR.

3. Hosting & Server

This website is hosted on servers of a hosting provider. When you access this website, data is transmitted to the server, including:

• Your IP address
• Browser type and version
• Operating system
• Timestamp of access
• Referrer URL
• Requested resource (file, image, etc.)

These server logs are stored for security reasons (detection of attacks, error analysis) for a maximum of 7 days, after which they are automatically deleted.

Legal Basis: Art. 6 Para. 1 lit. f GDPR (legitimate interests in security and operation of the website).

4. SSL/TLS Encryption

This website uses SSL/TLS encryption (HTTPS) to protect your data during transmission. This is indicated by the lock icon in your browser's address bar. The encryption keys are 256-bit or higher.

5. Contact Form

When you send us a request via the contact form on this website, the following data is processed:

• Name
• Email address
• Telephone number (optional)
• Message/Inquiry

Purpose: Processing and answering your inquiry.
Legal Basis: Art. 6 Para. 1 lit. b GDPR (initiation of contract).
Storage Duration: The data will be deleted after your inquiry has been answered, unless a contract relationship is established.

6. Booking System (Smoobu)

To manage and process bookings, we use the booking system Smoobu by Smoobu GmbH.

Processed Data:

• First and last name
• Address and postal code
• Email address
• Telephone number
• Payment information (for direct bookings)
• Check-in and check-out dates
• Number of guests
• Special requirements and notes

Purpose: Fulfillment of the booking contract, booking management, invoice creation, guest communication.
Legal Basis: Art. 6 Para. 1 lit. b GDPR (contract fulfillment).
Data Processing Agreement: Smoobu acts as a data processor (data processing agreement exists). Smoobu stores data on servers within the EU.
Storage Duration: Data is stored for at least 10 years for tax purposes according to § 147 AO.

Further information about Smoobu's privacy policy can be found at: https://smoobu.de/datenschutz/

7. Digital Check-in (Stellar)

For digital check-in and processing of mandatory registration requirements, we use the platform Stellar by Stellar (stellar-trust.com).

Processed Data:

• First and last name
• Address and postal code
• ID document data (copy of passport or national ID card for identity verification)
• Date of birth
• Nationality
• Kurtaxe (resort tax) payment information

Purpose: Fulfillment of mandatory registration requirements (Bundesmeldegesetz / Federal Registration Law), digital check-in, resort tax processing.
Legal Basis: Art. 6 Para. 1 lit. c GDPR (fulfillment of legal obligation).
Data Processing Agreement: Stellar acts as a data processor. Data is stored on servers in the EU.
Storage Duration: According to Federal Registration Law. Stellar automatically deletes data after the required retention period.

Further information about Stellar can be found at: https://stellar-trust.com/datenschutz/

8. Cookies

This website uses cookies to improve your user experience.

Technically Necessary Cookies:

• Session cookies (to save your login session)
• Cookie consent cookies (to save your privacy policy consent)

These cookies are technically necessary for the operation of the website and are stored without explicit consent.

Legal Basis: Art. 6 Para. 1 lit. f GDPR (legitimate interests).

Tracking and Marketing Cookies: We currently do not use tracking or marketing cookies (such as Google Analytics or Facebook Pixel). If we wish to introduce these in the future, we will request your explicit consent.

You can disable cookies in your browser. However, this may impair the functionality of this website.

9. Google Fonts

This website uses the "Inter" typeface from Google Fonts (fonts.googleapis.com) to ensure a modern and consistent appearance.

Processed Data: When the typeface is loaded, your IP address is transmitted to Google.

Legal Basis: Art. 6 Para. 1 lit. f GDPR (legitimate interests in technical optimization and attractive design).
Data Transfer: Data is transferred to the United States. Google has committed to the EU-U.S. Data Privacy Framework.

Recommendation: To better protect your privacy, typefaces could be self-hosted. This will be considered in future updates.

Further information: Google Privacy Policy

10. Booking Portals (Booking.com, Airbnb, etc.)

Our apartments are also listed on booking platforms such as Booking.com and Airbnb. If you make a booking through these platforms, your data is also processed by the respective platforms.

Data Sharing: These platforms share your contact data with us to fulfill your booking so that we can contact you before and after your stay.
Privacy Policies of Platforms: For processing of your data by Booking.com and Airbnb, their own privacy policies apply:

• Booking.com Privacy: https://www.booking.com/content/privacy.en.html
• Airbnb Privacy: https://www.airbnb.com/terms/privacy_policy

11. Storage Duration of Personal Data

We store personal data only as long as necessary to carry out the processing:

• Booking Data: Minimum 10 years (tax retention requirement according to § 147 AO)
• Contact Form Data: After handling the request, maximum 1 year
• Server Logs: Maximum 7 days
• Emails: As long as necessary for response, then deleted
• Registration Data (Stellar): According to Federal Registration Law requirements

12. Data Transfers to Third Countries

General Rule: We do not transfer personal data to third countries outside the EU/EEA.

Exceptions:

• Google Fonts: When loading typefaces, your IP is transmitted to Google (USA). Google has committed to the EU-U.S. Data Privacy Framework.

13. Security of Your Data

We implement appropriate technical and organizational measures to protect your data:

• SSL/TLS encryption (HTTPS) for all data transmissions
• Password protection for access to booking system and admin area
• Regular security updates and patches
• Access restrictions for employees and service providers
• Confidentiality agreements with data processors

14. Changes to This Privacy Policy

We reserve the right to update this privacy policy at any time if our practices or applicable laws change. The current version of this privacy policy is always available on our website. Updates are made to protect your data.

15. Contact Regarding Data Protection

If you have questions about the processing of your data, please feel free to contact us at any time:

Ehegatten GbR Roller
Streitbergstr. 5
81249 Munich
Email: info@aviva-bodman.de
Telephone: +49 172 62 02 931

Last updated: April 2026