Last updated: March 2025
The data controller for this platform is responsible for the processing of your personal data in accordance with the GDPR. Contact details can be found in the Legal Notice (Imprint).
We collect and process: account data (email, name, password hash), booking and payment data, communication preferences (e.g. newsletter consent), and technical data (e.g. IP, logs) where necessary for operation and security.
We process your data on the basis of contract performance (bookings, account), consent (e.g. marketing), and legitimate interests (security, improvement of services). We do not sell your data.
You have the right to access, rectify, erase, restrict processing, data portability, and to object. You can withdraw consent at any time. To exercise your rights or request a data export, use the Settings → Data & privacy section or contact us. You also have the right to lodge a complaint with a supervisory authority.
Reimbursement records (Buchungsbelege) — including receipts, the generated summary/archive PDFs and the audit trail — are retained for 8 years in line with §147 AO and the GoBD. For this data, requests for erasure under Art. 17 GDPR are deferred until the statutory retention period expires, as permitted by Art. 17(3)(b) GDPR (compliance with a legal obligation).