Privacy policy

Privacy Policy

As of: June 2026

1. Controller

The controller responsible for data processing on this website is:

Florian Appel
Beigelswinden 2a
85283 Wolnzach
Bavaria, Germany

Telephone: +49 175 6897348
Email: florian@apartment-bavaria.de

2. General information on data processing

We take the protection of your personal data seriously and treat it confidentially and in accordance with the applicable data protection regulations (GDPR, BDSG) and this privacy policy.

As a rule, this website can be used without providing personal data. Insofar as personal data (e.g. name, email address or telephone number) is collected on our pages, this is always done on a voluntary basis. This data will not be passed on to third parties without your express consent unless otherwise described in this policy.

Legal bases: We process personal data on the basis of Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. b GDPR (initiation/performance of a contract, e.g. booking inquiries), and Art. 6 para. 1 lit. f GDPR (legitimate interest in a secure and functional website).

3. Hosting

This website is created and hosted using the website builder of Smoobu GmbH, Wattstraße 11, 13355 Berlin, Germany. When visiting the website, technically necessary data is processed, in particular the server log data listed under section 4.

Smoobu uses infrastructure service providers to provide the website, including Hetzner Online GmbH (web server, location Germany) and Cloudflare as a content delivery network. Processing is carried out on the basis of our legitimate interest in a secure and reliable provision of the website (Art. 6 para. 1 lit. f GDPR). A data processing agreement pursuant to Art. 28 GDPR has been concluded with Smoobu.

4. Server log files

When this website is accessed, information is automatically stored in so-called server log files, which your browser automatically transmits. This includes:

  • browser type and browser version
  • operating system used
  • referrer URL (previously visited page)
  • date and time of the server request
  • IP address (shortened or anonymized where technically possible)

This data is not merged with other data sources and does not allow any direct conclusions to be drawn about your identity. Processing is carried out on the basis of Art. 6 para. 1 lit. f GDPR to ensure technical security and functionality. The data is deleted as soon as it is no longer required for the purpose of collection.

5. Cookies and consent management (consent banner)

Our website uses cookies and comparable storage technologies.

Technically necessary cookies (e.g. session cookies) are required for the operation of the website and are set on the basis of Art. 6 para. 1 lit. f GDPR and/or Section 25 para. 2 TDDDG. They are generally deleted automatically at the end of your visit.

Non-essential cookies and tracking services (in particular Google Analytics and the Meta Pixel, see sections 7 and 8) are only set after you have actively consented via our cookie banner (Art. 6 para. 1 lit. a GDPR, Section 25 para. 1 TDDDG).

On your first visit, a consent banner appears with equivalent buttons to accept or reject. Analysis and marketing services are only loaded after clicking “Accept”. Your choice is stored locally in your browser (localStorage). You can revoke or change your consent at any time with effect for the future by clicking the “Cookie settings” link (bottom left on the website) or by deleting the cookies in your browser.

6. Contacting us (contact form, email, telephone)

If you contact us via the contact form, by email or by telephone, the information you provide (e.g. name, email address, telephone number and your message) will be stored for the purpose of processing your inquiry and in case of follow-up questions.

Processing is carried out on the basis of Art. 6 para. 1 lit. b GDPR if your inquiry is related to a booking or contract initiation; otherwise on the basis of our legitimate interest in processing inquiries (Art. 6 para. 1 lit. f GDPR) or your consent (Art. 6 para. 1 lit. a GDPR). The data is deleted as soon as it is no longer required and no statutory retention obligations prevent deletion.

7. Google Analytics 4

This website uses — only with your consent — Google Analytics 4, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).

Google Analytics uses cookies and similar technologies that enable an analysis of your use of the website (e.g. pages visited, time spent, approximate location, device used). The information generated is generally transferred to a Google server and stored there. The IP address is shortened or anonymized by Google Analytics 4 by default.

  • Measurement ID: G-M428TKMVC9
  • Legal basis: Art. 6 para. 1 lit. a GDPR (consent via the cookie banner)
  • Third-country transfer: A transfer to the USA cannot be ruled out. Google is certified under the EU-U.S. Data Privacy Framework; in addition, standard contractual clauses of the EU Commission are in place as safeguards pursuant to Art. 46 GDPR.

You can revoke your consent at any time via the cookie banner (“Cookie settings”). Further information can be found in Google’s privacy policy: https://policies.google.com/privacy

8. Meta Pixel (Facebook Pixel)

This website as well as our booking system use — only with your consent (however, see the note at the end of this section regarding the booking system) — the “Meta Pixel” of Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Meta”).

With the help of the Meta Pixel, we can track the behavior of visitors after they have been redirected to our website by clicking on a Meta advertisement (Facebook/Instagram). This allows us to evaluate the effectiveness of our advertisements (e.g. page views and completed bookings) and optimize our advertising measures.

  • Pixel ID: 1880468883340148
  • Captured events: Page view (PageView) on the website; completed booking (Purchase) in the booking system
  • Legal basis: Art. 6 para. 1 lit. a GDPR (consent)
  • Third-country transfer: A transfer to Meta in the USA cannot be ruled out. Meta is certified under the EU-U.S. Data Privacy Framework; in addition, standard contractual clauses are in place. According to Meta, there is joint controllership (Art. 26 GDPR) for the collection of the data.

You can revoke your consent on the website at any time via the cookie banner. Information on data processing by Meta: https://www.facebook.com/privacy/policy

Note regarding the booking system: Our online booking system provided via Smoobu (see section 9) technically runs on its own subdomain. There, the Meta Pixel is also triggered when a booking is successfully completed. You can prevent processing by Meta by blocking cookies in your browser, using a corresponding browser extension, or disabling personalized advertising in your Meta account settings.

9. Online booking system (Smoobu)

We use the software “Smoobu” from Smoobu GmbH, Wattstraße 11, 13355 Berlin, Germany, to manage availability, booking inquiries and bookings.

If you make a booking or booking inquiry via the booking system, the data you enter (e.g. name, address, email address, telephone number, arrival and departure dates, number of guests, payment information) will be processed for the purpose of carrying out the accommodation contract.

  • Legal basis: Art. 6 para. 1 lit. b GDPR (performance of a contract) as well as Art. 6 para. 1 lit. c GDPR (compliance with legal obligations, e.g. registration and tax obligations)
  • Data processing agreement: A data processing agreement pursuant to Art. 28 GDPR has been concluded with Smoobu.

Smoobu privacy information: https://www.smoobu.com/de/datenschutzerklaerung/

10. SSL/TLS encryption

For security reasons and to protect the transmission of confidential content, this website uses SSL/TLS encryption. You can recognize an encrypted connection by the “https://” in your browser’s address bar and the lock symbol. When encryption is active, the data you transmit to us cannot be read by third parties.

11. Your rights as a data subject

Under the GDPR, you have the following rights in particular:

  • Access to the data stored about you (Art. 15 GDPR)
  • Rectification of inaccurate data (Art. 16 GDPR)
  • Erasure of your data (Art. 17 GDPR)
  • Restriction of processing (Art. 18 GDPR)
  • Data portability (Art. 20 GDPR)
  • Objection to processing (Art. 21 GDPR)
  • Withdrawal of consent previously given with effect for the future (Art. 7 para. 3 GDPR)

To exercise your rights, an informal notification to the contact details listed in section 1 is sufficient.

12. Right to lodge a complaint with the supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a data protection supervisory authority. In particular, the competent authority is the Bavarian State Office for Data Protection Supervision (BayLDA), Promenade 18, 91522 Ansbach.

13. Currency and changes to this privacy policy

This privacy policy is current as of June 2026. Due to the further development of our website or changes in legal or official requirements, it may become necessary to amend this privacy policy.