Protection of Your Data – Transparency and Security

We appreciate your interest in our company and our website. The responsible handling of personal data of our guests, customers and interested parties is of great importance to us.

We process personal data exclusively in accordance with the applicable data protection regulations, in particular the General Data Protection Regulation (GDPR) and the German Telecommunications and Telemedia Data Protection Act (TTDSG).

With this privacy policy, we inform you about which personal data we collect when you visit our website and use our reservation systems, for what purposes this data is processed, and what rights you are entitled to.

---

1. Controller Responsible for Data Processing

Hotel Alt Lohbrügger Hof e.K.
Owner: Jan-Hendrik Ohl
Leuschnerstraße 76
21031 Hamburg
Germany

Phone: +49 40 739 600-0
Email: datenschutz@altlohbrueggerhof.de
Website: www.altlohbrueggerhof.de

---

2. Disclosure of Data

Personal data will only be disclosed if:

• this is required by law
• this is necessary for the performance of a contract
• you have expressly given your consent

---

3. Data Processing on Behalf

We work with various service providers who process personal data on our behalf. Data processing agreements in accordance with Art. 28 GDPR have been concluded with these providers to ensure the protection of your personal data.

---

4. Data Transfers to Third Countries

When using certain services, personal data may be transferred to countries outside the European Union, particularly the United States.

Such transfers are carried out on the basis of appropriate safeguards in accordance with Art. 44 et seq. GDPR, in particular on the basis of the EU-US Data Privacy Framework or the European Commission’s Standard Contractual Clauses.

---

5. Website Hosting and Server Log Files

Our technical service provider for website development:

Opensmjle
Daniel Zelling
Lindenstraße 82
50674 Cologne
Germany

Our website is hosted by:

ALL-INKL.COM – Neue Medien Münnich
Owner: René Münnich
Hauptstraße 68
02742 Friedersdorf
Germany

The use is based on Art. 6 (1) lit. f GDPR. We have a legitimate interest in the most reliable presentation of our website possible. If corresponding consent has been requested, processing is carried out exclusively on the basis of Art. 6 (1) lit. a GDPR and § 25 (1) TTDSG, insofar as consent includes the storage of cookies or access to information on the user’s device (e.g. device fingerprinting). Consent may be revoked at any time.

Further details can be found in the privacy policies:

https://opensmjle.com/datenschutz/
https://all-inkl.com/datenschutzinformationen/

The hosting provider provides the technical infrastructure required for the operation of our website. When visiting our website, information is automatically stored in so-called server log files.

This may include in particular:

• IP address
• date and time of the request
• browser type and browser version
• operating system used
• referrer URL
• hostname of the accessing computer

The processing is carried out to ensure the proper operation of the website and to improve our services.

Legal basis: Art. 6 (1) lit. f GDPR (legitimate interest).

---

6. Cookies

Our website uses so-called cookies. Cookies are small text files stored on your device.

A distinction is made between:

• technically necessary cookies
• statistics cookies
• marketing cookies

Technically necessary cookies are stored on the basis of § 25 (2) TTDSG.

All other cookies are only stored with your consent in accordance with Art. 6 (1) lit. a GDPR.

You can revoke or adjust your consent at any time via the cookie banner.

---

7. Cookie Consent with Cookiebot

Our website uses the consent management tool Cookiebot.

Provider:

Usercentrics A/S
Havnegade 39
1058 Copenhagen
Denmark

Cookiebot allows us to obtain and document consent for the storage of certain cookies in a data protection compliant manner.

The following data may be processed:

• IP address
• consent status
• time of consent
• browser information
• website URL

The legal basis is Art. 6 (1) lit. c GDPR (legal obligation) and Art. 6 (1) lit. f GDPR (legitimate interest in legally compliant documentation of consent).

Further information:

https://www.cookiebot.com/de/privacy-policy/

---

8. Technical Website Tools

8.1 Use of Google Tag Manager

Our website uses Google Tag Manager.

Provider:

Google Ireland Limited
Gordon House
Barrow Street
Dublin 4
Ireland

Google Tag Manager is a tool for managing website tags. Other services and tracking technologies can be integrated and managed through this tool.

Google Tag Manager itself does not store personal data and does not set cookies. It only triggers other tags that may collect data.

Further information on data protection at Google:

https://policies.google.com/privacy

---

8.2 Google Consent Mode v2

Our website uses Google Consent Mode v2.

Provider:

Google Ireland Limited
Gordon House
Barrow Street
Dublin 4
Ireland

Google Consent Mode allows us to control Google services such as Google Analytics or Google Ads depending on your consent to the use of cookies and similar technologies.

Your consent status is transmitted to Google via our cookie consent tool. Based on this information, Google determines which technologies may be used.

If you consent to statistics or marketing cookies, corresponding cookies may be set and data processed for analysis or marketing purposes.

If you do not provide consent, no corresponding cookies will be set. In this case, only anonymized or aggregated information may be transmitted.

Further information:

https://policies.google.com/privacy

---

9. Analytics and Marketing Tools

You can revoke or adjust your consent for these services at any time via the cookie settings on our website.

---

9.1 Google Analytics

Our website uses Google Analytics.

Provider:

Google Ireland Limited
Gordon House
Barrow Street
Dublin 4
Ireland

Google Analytics allows us to analyze the use of our website. This may include:

• pages visited
• duration of visit
• origin of visitors
• device and browser information

We use Google Analytics with IP anonymization enabled.

Use is based exclusively on your consent in accordance with Art. 6 (1) lit. a GDPR.

Data retention is generally 14 months.

---

9.2 Google Ads

Our website uses the online advertising program Google Ads.

Provider:

Google Ireland Limited
Dublin, Ireland

Within Google Ads we use conversion tracking.

If you reach our website via a Google advertisement, a cookie may be stored on your device. This allows us to recognize whether users have reached our website via an ad and whether certain actions were performed, such as a booking or inquiry.

Processed data may include:

• IP address
• device and browser information
• visited pages and interactions
• information about website use after clicking an advertisement

Use is based solely on your consent pursuant to Art. 6 (1) lit. a GDPR.

Data may be transferred to Google servers in the USA.

Further information:

https://policies.google.com/privacy

---

9.3 Meta Pixel (Facebook / Instagram)

Our website uses the Meta Pixel.

Provider:

Meta Platforms Ireland Limited
Dublin
Ireland

The Meta Pixel allows us to track the behavior of visitors after they are redirected to our website from Facebook or Instagram advertisements.

It also enables remarketing on Facebook or Instagram.

Processed data may include:

• IP address
• device and browser information
• pages visited
• interactions
• behavior after clicking an advertisement

Legal basis: Art. 6 (1) lit. a GDPR.

Further information:

https://www.facebook.com/privacy/policy/

---

9.4 The Hotels Network

Provider:

The Hotels Network S.L.
Barcelona
Spain

This service helps analyze visitor behavior and optimize our website and booking offers.

Processed data may include:

• IP address
• device and browser information
• visited pages
• time spent on pages
• source of visitors

Use is based on your consent in accordance with Art. 6 (1) lit. a GDPR.

Further information:

https://www.thehotelsnetwork.com/privacy-policy

---

9.5 Hotelchamp

Provider:

Hotelchamp B.V.
Amsterdam
Netherlands

Hotelchamp helps us display personalized content or offers on our website.

Data processed may include:

• IP address
• device and browser information
• visited pages
• time spent on pages
• visitor source

Use is based on your consent in accordance with Art. 6 (1) lit. a GDPR.

Further information:

https://www.hotelchamp.com/privacy-policy

---

9.6 Cendyn

Provider:

Cendyn Group LLC
Boca Raton, Florida
USA

Cendyn helps analyze website traffic, particularly in relation to online advertising campaigns and hotel metasearch platforms.

Processed data may include:

• IP address
• device and browser information
• visited pages
• source of visitors
• booking interactions

Legal basis: Art. 6 (1) lit. a GDPR.

Further information:

https://www.cendyn.com/privacy-policy/

---

10. Map Services and Fonts

10.1 OpenStreetMap

Provider:

OpenStreetMap Foundation
Cambridge
United Kingdom

OpenStreetMap is used to provide an interactive map showing our location and directions.

Your IP address must be transmitted to OpenStreetMap servers to use the map.

Legal basis: Art. 6 (1) lit. f GDPR (legitimate interest).

Further information:

https://osmfoundation.org/wiki/Privacy_Policy

---

10.2 Google Fonts

Google Fonts are used on this website but are stored locally on our server. No connection to Google servers is established when loading the website.

---

11. Hotel Systems, Booking and Guest Management

11.1 Online Bookings via HotelNetSolutions (CBooking / OnePageBooking)

Provider:

HotelNetSolutions GmbH
Berlin
Germany

If you make a booking via our website, the data you enter will be transmitted to the booking system.

This may include:

• name
• address
• email address
• phone number
• stay details
• payment and invoice data
• special requests

Legal basis: Art. 6 (1) lit. b GDPR (performance of a contract).

Further information:

https://www.hotelnetsolutions.de/datenschutz/

---

11.2 Property Management System Apaleo

Provider:

Apaleo GmbH
Munich
Germany

Apaleo is a cloud-based hotel software used to manage bookings, guest data and billing.

Processed data may include:

• name
• contact details
• address
• booking information
• payment data
• invoice information
• special requests

Legal basis: Art. 6 (1) lit. b GDPR and Art. 6 (1) lit. c GDPR.

Further information:

https://apaleo.com/privacy

---

11.3 Guest Marketing and CRM System Smart Host

Provider:

Smart Host GmbH
Berlin
Germany

Smart Host is used for guest communication and marketing.

Data processed may include:

• name
• contact details
• booking information
• communication data
• guest preferences
• email marketing interaction data

Marketing emails are sent only:

• with your consent according to Art. 6 (1) lit. a GDPR
• or in accordance with § 7 (3) UWG for existing customers.

Newsletter registration uses the double opt-in procedure.

Further information:

https://www.smarthost.ai/de/datenschutz

---

12. Payment Providers

12.1 Adyen

Provider:

Adyen N.V.
Amsterdam
Netherlands

When making a payment, your payment data will be transmitted to Adyen.

Processed data may include:

• cardholder name
• payment details
• billing address
• transaction data
• IP address

Legal basis: Art. 6 (1) lit. b GDPR.

Further information:

https://www.adyen.com/de_DE/privacy-policy

---

12.2 PayPal

Provider:

PayPal (Europe) S.à r.l. et Cie, S.C.A.
Luxembourg

If you select PayPal as payment method, payment data will be transmitted to PayPal.

Processed data may include:

• name
• email address
• payment amount
• transaction data
• IP address

Legal basis: Art. 6 (1) lit. b GDPR.

Further information:

https://www.paypal.com/de/webapps/mpp/ua/privacy-full

---

13. Applications

You may apply via email or via our website.

The following data may be processed:

• name
• contact details
• application documents
• CV
• certificates

Legal basis: § 26 BDSG and Art. 6 (1) lit. b GDPR.

Application documents will be deleted no later than six months after completion of the application process unless legal retention obligations apply.

---

14. Contact Form

If you send us inquiries via the contact form, your details from the form including your contact data will be stored to process the request and in case of follow-up questions.

Legal basis: Art. 6 (1) lit. b GDPR or Art. 6 (1) lit. f GDPR.

---

15. Data Retention

Personal data is stored only as long as necessary for the respective purposes or as required by statutory retention obligations.

Commercial and tax law retention periods are generally up to ten years.

---

16. Your Rights

You have the right to:

• access your stored data
• correction of incorrect data
• deletion of your data
• restriction of processing
• objection to processing
• data portability

You may revoke any consent at any time with effect for the future.

---

17. Right to Lodge a Complaint

You also have the right to lodge a complaint with a data protection supervisory authority.

Responsible authority in Hamburg:

Hamburg Commissioner for Data Protection and Freedom of Information
Ludwig-Erhard-Straße 22
20459 Hamburg

---

18. Changes to This Privacy Policy

We reserve the right to amend this privacy policy occasionally so that it always complies with current legal requirements.

Status: March 2026

---