Privacy policy

The controller is the accommodation provider / operator handling bookings and enquiries (contact details as published on the website).

We follow data minimisation: only what is necessary for the stated purposes.

Bookings: name, email, phone (if provided), number of guests, check-in/out dates, billing details, ID data where required by law or house rules, notes.

Contact form: name, email, subject, message.

Reviews: name, email, apartment, stay period, rating and text.

Technical data: logs, browser identifiers if used, IP address in short-lived logs for security.

Performance of a contract and managing reservations (GDPR Art. 6(1)(b)).

Legal obligations (e.g. invoicing, mandatory records) (Art. 6(1)(c)).

Marketing only with clear, separate consent (Art. 6(1)(a)).

Legitimate interests: communication, fraud prevention (Art. 6(1)(f)), balanced with your rights.

Booking and accounting data are kept for the period required by law (often at least 8 years for accounting documents, as applicable).

Contact messages are usually kept for up to 3 years after the last reply, unless a dispute or law requires longer retention.

We share data with third parties only when needed to provide the service (e.g. hosting, email) or when the law requires it. Contracts require appropriate safeguards.

Transfers outside the EEA only with an adequacy decision or appropriate safeguards.

Access, rectification, erasure, restriction, portability, objection, and withdrawal of consent where processing is consent-based.

You may lodge a complaint with your local supervisory authority and seek a judicial remedy.

For privacy requests, use the email address published on the website.