Privacy Policy

Last updated: 02 February 2026

1. Data Controller

The data controller within the meaning of the General Data Protection Regulation (GDPR) is:

Alexander Rinne
An der Turnhalle 4
31855 Aerzen (Groß Berkel)
Germany

Email: info@cosy-comfort.de
Phone / WhatsApp: +49 173 4538743

2. General Information on Data Processing

The protection of your personal data is important to us. We process personal data exclusively in accordance with the applicable provisions of the GDPR.

Personal data refers to any information that can be used to personally identify you.

3. Hosting

This website is operated on our own server located in Germany.

When you access this website, the server automatically collects and stores the following data in log files:

  • IP address
  • date and time of the request
  • accessed page
  • browser type and operating system

This processing is carried out to ensure the secure and stable operation of the website
(legal basis: Art. 6 para. 1 lit. f GDPR – legitimate interest).

Retention period: Server log files are automatically deleted after 14 days at the latest.

4. Contact Form

If you send us inquiries via the contact form, your details (name, email address, message) will be processed for the purpose of handling your request.

Legal basis for processing:

  • Art. 6 para. 1 lit. b GDPR (pre-contractual measures)
  • Art. 6 para. 1 lit. f GDPR (legitimate interest in communication)

Your data will not be passed on without your consent.

Retention period: Contact inquiries are deleted after completion of processing and expiry of statutory retention periods.

5. Cookies

This website uses only technically necessary cookies that are required for the operation of the website.

No tracking, analytics or marketing cookies are used.

Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest).

6. Booking System and Guest Portal

6.1 Booking via Smoobu

Our website integrates the booking system of Smoobu GmbH, Wönnichstraße 68/70, 10317 Berlin, Germany.

When making a booking, the following data is processed:

  • Name, email address, phone number
  • Booking period, number of guests
  • Payment information
  • Your messages to us

The data is transmitted directly to Smoobu. Processing is carried out under the responsibility of Smoobu.

Further information: https://www.smoobu.com/en/privacy-policy/

6.2 Guest Portal

After a booking, you will receive a personalised access link via email, which allows you to:

  • View your booking details
  • Communicate with us (chat function)
  • Cancel your booking

Data processed:

  • Email address (for verification)
  • Booking number
  • Access token

Retention period: The access link is valid until 7 days after your departure date.

Legal basis: Art. 6 para. 1 lit. b GDPR (contract fulfilment)

6.3 Chat Function

Communication between guests and us takes place via the Smoobu system. Messages are stored and processed by Smoobu.

Legal basis: Art. 6 para. 1 lit. b GDPR (contract fulfilment)

7. Email Communication

We send the following emails in connection with bookings:

  • Booking confirmations
  • Cancellation confirmations
  • Booking modifications

These emails contain:

  • Your name and email address
  • Booking details (period, accommodation, price)
  • Link to your guest portal

Emails are sent via our own mail server or via Smoobu.

Legal basis: Art. 6 para. 1 lit. b GDPR (contract fulfilment)

8. Location Detection (GeoIP)

To optimise our services, we determine the country from which you access our website.

Processing:

  • Your IP address is transmitted once to the service ip-api.com
  • We only receive the country code in return (e.g. "DE")
  • The IP address is not stored permanently

Purpose: Adjustment of language settings and statistical analysis of visitor origin (anonymised).

Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest)

9. SSL / TLS Encryption

For security reasons, this website uses SSL or TLS encryption to protect the transmission of confidential content.

10. Retention Periods

Data type Retention period
Server log files 14 days
Contact inquiries Until completion + statutory periods
Booking data According to statutory retention requirements (up to 10 years)
Guest portal access tokens 7 days after departure

11. Rights of Data Subjects

You have the right at any time to:

  • Access your data (Art. 15 GDPR)
  • Rectification of inaccurate data (Art. 16 GDPR)
  • Erasure of your data (Art. 17 GDPR)
  • Restriction of processing (Art. 18 GDPR)
  • Data portability (Art. 20 GDPR)
  • Object to the processing (Art. 21 GDPR)

To exercise these rights, a simple message to the contact address listed above is sufficient.

You also have the right to lodge a complaint with a data protection supervisory authority.

12. Updates to This Privacy Policy

We reserve the right to update this privacy policy to reflect legal or technical changes.