This privacy policy applies to the online service available at: www.stayperlissima.com
Status: April 10, 2025
Michael Schmitz
Perronstraße 6a
83684 Tegernsee, Germany
Email: perlissima.apartment@gmail.com
The following overview summarizes the types of data processed, the purposes of their processing, and refers to the affected individuals.
Applicable legal bases under the GDPR: Below is an overview of the legal bases of the GDPR on which we process personal data. Please note that in addition to the provisions of the GDPR, national data protection regulations may apply in your or our country of residence. If more specific legal bases are relevant in individual cases, we will inform you of them in the privacy policy.
National data protection laws in Germany: In addition to the GDPR, national data protection laws apply in Germany, including the Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG). The BDSG contains specific provisions on access rights, deletion rights, the right to object, the processing of special categories of personal data, and the transfer of data, including profiling and automated decision-making.
Note on applicability of GDPR and Swiss DPA: This privacy policy is intended to comply with both the Swiss Data Protection Act (DPA) and the EU GDPR. For clarity and broader applicability, we use GDPR terminology, such as "processing" of "personal data", even though different terms may be used under the Swiss DPA. The legal interpretation under the Swiss DPA remains valid where applicable.
We take appropriate technical and organizational measures in accordance with the legal requirements, taking into account the state of the art, the implementation costs, and the nature, scope, circumstances, and purposes of the processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons, to ensure a level of protection appropriate to the risk.
These measures include safeguarding the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data, access to input, transfer, ensuring availability, and separation. We have procedures in place to ensure the exercise of data subject rights, deletion of data, and response to data threats. Additionally, we take the protection of personal data into account already during the development or selection of hardware, software, and procedures, according to the principle of data protection by design and by default.
In the course of processing personal data, it may happen that this data is transferred to other entities, companies, legally independent organizational units, or individuals, or disclosed to them. Recipients of this data may include IT service providers or providers of services and content that are integrated into a website. In such cases, we comply with the legal requirements and enter into appropriate contracts or agreements to protect your data with the recipients of the data.
Data processing in third countries: If we process data in a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)) or the processing takes place in the context of the use of third-party services or disclosure or transfer of data to other individuals, entities, or companies (as indicated, for example, by the provider’s postal address or an explicit note in this privacy policy), such processing is only carried out in accordance with the legal requirements.
For data transfers to the USA, we primarily rely on the Data Privacy Framework (DPF), which was recognized by the European Commission on July 10, 2023, as a secure legal framework. Additionally, we have signed Standard Contractual Clauses (SCCs) with the relevant providers, which are approved by the EU Commission and set contractual obligations for protecting your data.
This dual-layer approach ensures comprehensive protection of your data: The DPF serves as the primary safeguard, while the SCCs act as a fallback mechanism in case of any changes to the DPF. This way, we ensure your data remains properly protected even in the event of political or legal shifts.
For each service provider mentioned in this privacy policy, we indicate whether they are certified under the DPF and whether SCCs are in place. You can find more information about the DPF and a list of certified companies on the U.S. Department of Commerce’s website: https://www.dataprivacyframework.gov/.
For data transfers to other third countries, similar safeguards apply, including SCCs, explicit consents, or legal obligations. Information on transfers and applicable adequacy decisions can be found on the European Commission’s website: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection_en.
We delete personal data we process in accordance with legal requirements as soon as the underlying consents are revoked or there are no further legal grounds for processing. This applies when the original purpose of processing no longer applies or the data is no longer needed. Exceptions include legal obligations or special interests that require longer retention or archiving of the data.
For example, data that must be retained for commercial or tax reasons, or that must be preserved for legal prosecution or protection of the rights of others, will be archived accordingly.
Our privacy notices contain additional information on data retention and deletion that applies to specific processing operations.
Where multiple retention periods are given for specific data, the longest period applies.
If no specific start date is defined and the retention period is at least one year, it begins at the end of the calendar year in which the event triggering the period occurred. For ongoing contractual relationships, the trigger is the termination or other end of the relationship.
Data retained not for the original purpose but due to legal obligations is processed solely for the reasons justifying retention.
Under the GDPR, data subjects have the following rights:
We process data of our contractual and business partners (e.g., customers and interested parties—collectively “contracting parties”) in the context of contractual or similar legal relationships, including related communication (or pre-contractual communication).
We use this data to fulfill our contractual obligations. This includes providing agreed services, updating data, resolving issues, and performing administrative tasks related to those services. We also rely on our legitimate interests, such as secure and efficient business operations, fraud prevention, and maintaining our rights.
Data is shared with third parties only when necessary to fulfill our obligations or legal requirements (e.g., banks, IT service providers, tax authorities).
We inform partners of which data is necessary—typically in forms, labels (e.g., asterisks), or direct communication.
Data is deleted after statutory warranty or retention periods, typically four years, unless legally required to be stored longer (e.g., 10 years for tax purposes).
We process users’ data to provide them with our online services. This includes processing users’ IP addresses, which is necessary to deliver content and features to their browser or device.
Additional Information:
We use cookies and similar technologies to store and read information on users’ devices. These are used for functional, security, and analysis purposes. Where required by law, we obtain consent before placing cookies. If not required, we rely on legitimate interests, such as ensuring functionality and security.
Legal basis: Consent (Art. 6(1)(a) GDPR) or Legitimate Interests (Art. 6(1)(f) GDPR).
Cookie Duration:
Users can manage their cookie preferences via browser settings or opt-out links.
We use blogs or similar platforms for online communication and publication. Data is only processed to the extent necessary for displaying content, enabling communication, or ensuring security.
Additional Information:
When users contact us (e.g., via post, contact form, email, phone, or social media), we process their data to respond to inquiries and requested actions. This also applies to ongoing business relationships.
Additional Information:
We send newsletters and similar notifications only with the recipients’ consent or legal permission. These emails may contain updates about us, our services, promotions, or offers.
Unsubscribe: Users can unsubscribe at any time via a link in the newsletter or by contacting us directly.
Additional Information:
We process personal data for advertising communication across various channels in compliance with legal regulations. Users can withdraw their consent or object at any time.
Retention: Contact data may be stored for up to 3 years after a withdrawal or objection for legal proof. A separate blocklist may also be used to prevent further contact.
We process participants' personal data only as far as necessary for the provision, implementation, and handling of contests or competitions, or if participants have given consent, or the processing is in our legitimate interest (e.g., to prevent abuse).
If contest entries are published (e.g., as part of a vote or winner presentation), participant names may be made public. Participants can object at any time.
If the contest takes place on a platform (e.g., Instagram), their terms and privacy policies apply in addition to ours.
Retention: Data will be deleted within 6 months after the contest ends, unless legally required or needed for follow-ups (e.g., warranties).
We use web analytics to understand visitor flows, interests, and user behavior. This may include demographic data (age, gender) and geographic location (if permitted). We may also use testing methods to improve our services.
We employ pseudonymous profiles that don’t include names or identifiable details. IP addresses are anonymized using IP masking techniques.
Tool Example: Google Analytics — anonymized IPs, pseudonymous profiles, cookies up to 2 years.
Opt-out: Users can disable analytics tracking via browser settings or opt-out plugins.
We process personal data for online marketing purposes, such as displaying personalized ads or tracking the success of marketing campaigns (conversion tracking).
This may involve creating pseudonymous user profiles based on visited pages, actions, used devices, or general interests. Cookies and similar technologies are used to store and evaluate this data.
Retention: Cookies may be stored for up to 2 years.
Opt-out options: Browser settings or services like:
We integrate affiliate links and other references (e.g., search masks, widgets, discount codes) to third-party offers. If users follow these links and take up the offer, we may receive a commission ("affiliate commission").
To track whether users have followed an affiliate link and made a purchase or similar action, third-party providers need to know that the user clicked the affiliate link. This assignment is solely for billing and is removed once no longer necessary.
We participate in customer review and rating platforms to evaluate, improve, and promote our services. Reviews usually require registration with the platform provider. If needed, we transmit data (e.g., name, email, order number) to verify authenticity.
We maintain online presences within social networks to communicate with users and provide information. User data may be processed outside the EU, which may limit enforcement of user rights.
Social networks may use user data for market research and advertising, including profiling and cross-device tracking using cookies. We recommend reviewing the privacy policies of the respective platforms.
Example: Instagram, operated by Meta Platforms Ireland Ltd. – Privacy Policy
We integrate functional and content elements into our website that are obtained from third-party servers (e.g., graphics, videos, maps). For this to work, third parties must process user IP addresses. We aim to use only those providers who process IP addresses solely to deliver the content.
These third parties may also use "pixel tags" (invisible graphics or "web beacons") for statistical or marketing purposes. Information such as visitor traffic can be analyzed. This information may be stored in cookies on user devices and combined with other data.
We use Google Fonts for efficient and up-to-date font integration. When accessing our website, the user's browser sends HTTP requests to the Google Fonts Web API to load fonts and style sheets. No personal IPs are stored according to Google. Only technical data such as language settings and browser information are logged.
Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Privacy Policy: https://policies.google.com/privacy
Legal basis: Legitimate interests (Art. 6(1)(f) GDPR)
More info: Google Fonts FAQ
We integrate maps using the Google Maps service to help users locate us easily. This includes IP address processing and may include location data if permitted by the user. Data may be transferred to the USA.
Provider: Google Cloud EMEA Limited, 70 Sir John Rogerson’s Quay, Dublin 2, Ireland
Privacy Policy: https://policies.google.com/privacy
Legal basis: Consent (Art. 6(1)(a) GDPR)
We embed videos via the YouTube platform. When visiting pages that contain a YouTube video, data such as the IP address, device details, and usage behavior are transmitted to Google. Google may use this information for profiling and personalized advertising.
Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Privacy Policy: https://policies.google.com/privacy
Legal basis: Consent (Art. 6(1)(a) GDPR)
We use web analytics to analyze visitor behavior, interests, and demographics. This allows us to understand which content is most popular, optimize our website, and tailor content to users' needs.
User profiles may be created, stored in cookies, and processed pseudonymously. IP addresses are shortened (IP masking) to protect user identity.
We use Google Analytics to analyze website usage based on pseudonymous user IDs. Google anonymizes IPs of EU users and stores aggregated geographic data. Data may be stored in cookies and processed across sessions and devices.
Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Privacy Policy: https://policies.google.com/privacy
Opt-Out: Google Opt-Out Add-on
Legal basis: Consent (Art. 6(1)(a) GDPR)
Data Transfer: Based on EU-US Data Privacy Framework (DPF) and Standard Contractual Clauses.
We use online marketing tools to show interest-based advertising and measure the success of campaigns. For this purpose, pseudonymous user profiles are created using cookies or similar tracking technologies.
Information may include visited pages, interactions, device and browser data, and usage times. IP addresses are masked. Data is often processed across multiple platforms and websites.
Opt-Out Resources:
• Europe: youronlinechoices.eu
• Canada: youradchoices.ca
• USA: aboutads.info
• Global: optout.aboutads.info
We participate in affiliate programs and include affiliate links to partner websites. When you click on these links and perform an action (e.g., purchase), we may receive a commission.
Tracking is done through cookies or URL parameters. Only pseudonymous data is processed for commission tracking. No personal data is shared with affiliate partners unless explicitly stated.
We participate in review and evaluation procedures to assess, optimize, and promote our services. When users rate us via participating review platforms or procedures or otherwise provide feedback, the general terms and conditions and data protection information of the respective providers apply. As a rule, a rating also requires registration with the respective providers.
To ensure that the reviewing individuals have actually used our services, we transmit, with the customers’ consent, the necessary information regarding the customer and the service used to the respective review platform (including name, email address, and order or item number). These details are used solely for verification purposes.
We maintain online presences on social networks and process user data within these platforms to communicate with active users or provide information about us.
Please note that user data may be processed outside the European Union, which may pose risks (e.g., difficulties in enforcing user rights).
Generally, social networks process user data for market research and advertising. Usage profiles can be created from usage behavior and related interests. These profiles can be used to place advertisements both within and outside the platforms. Cookies are generally stored on users’ devices for this purpose. Additionally, data may also be stored in the profiles, regardless of the device used (especially if users are members and logged into the respective platforms).
For more details, refer to the privacy policies of the respective platforms.
Further Information:
We incorporate function and content elements into our online offering that are obtained from the servers of their respective providers (referred to as "third-party providers"). These may include graphics, videos, or maps (collectively "content").
For such integration, it is necessary that the third-party providers process users' IP addresses, as they cannot display the content in users' browsers without this. The IP address is thus required for displaying such content. We strive to use only content whose providers use the IP address solely for content delivery.
Third-party providers may also use pixel tags ("web beacons") for statistical or marketing purposes. These can be used to analyze visitor traffic on the pages of this website. The pseudonymous information can be stored in cookies on users' devices and include, among other things, technical information about the browser and operating system, referring websites, time of visit, and other information about the use of our online offering. This information may also be linked with data from other sources.
Examples:
Created with the free Datenschutz-Generator.de by Dr. Thomas Schwenke