Privacy Policy
1. Controller
The controller responsible for the processing of personal data on luxrem.de and in connection with bookings via Luxrem Apartments is:
Luxrem Apartments
ADS.NRW SWISS
Sole proprietorship (Einzelfirma) under Swiss law
Inhaber: Siran Klaus Paramajeyakumar
Brüggstrasse 119, 2503 Biel/Bienne, Switzerland
Email: Booking@luxrem.de
Phone Germany: +49 2118 1995950
Phone Switzerland: +41 79 933 38 40
2. Data Protection Officer / Data Protection Contact
No data protection officer has been appointed (not legally required). Data protection contact: ADS.NRW SWISS, owner Siran Klaus Paramajeyakumar, Brüggstrasse 119, 2503 Biel/Bienne, Switzerland, Booking@luxrem.de.
3. Applicable Data Protection Regulations
For guests, interested parties and website visitors from Germany, the EU and the EEA, the applicable regulations include in particular the General Data Protection Regulation (DSGVO), the Federal Data Protection Act (BDSG) and the Telecommunications-Digital Services-Data Protection Act (TDDDG). For processing relating to Switzerland, the Swiss Federal Act on Data Protection (DSG/revDSG) and the Data Protection Ordinance (DSV) also apply.
Where bookings concern a German location (Luxrem 1–3, Remscheid) and a Swiss location (Luxrem 4–6, Biel/Bienne), both legal systems may be relevant. In cases of doubt, the specific attribution must be reviewed by legal counsel.
4. Categories of Data
We process in particular the following categories of data:
- Contact data: name, address, email address, phone number.
- Booking data: accommodation booked, stay period, number of guests, price, currency, booking status, special requests, messages.
- Guest data: names of accompanying persons, registration form / identity data where legally required or necessary for contract performance.
- Payment data: payment status, payment references, invoice/receipt data, deposit and refund information. Full card or account data is processed by Stripe.
- Website usage data: IP address, date/time, pages visited, referrer, user agent, technical log data.
- Cookie and consent data: consent status, cookie categories, timestamps, technical identifiers.
- Calendar and availability data: iCal synchronisation with booking platforms such as Booking.com and Airbnb, in particular occupancy, booking references and availability.
- Communication data: emails, telephone notes, service and support communications.
- Archive data: cash receipts and associated booking/payment records archived in Paperless (self-hosted).
5. Purposes and Legal Bases
Booking, Contract Performance and Guest Services
We process booking, contact, guest and communication data to respond to enquiries, accept bookings, organise stays, facilitate check-in/check-out, invoice services and fulfil contractual obligations.
Legal bases under DSGVO: Art. 6(1)(b) DSGVO (contract and pre-contractual measures), Art. 6(1)(c) DSGVO (legal obligations), Art. 6(1)(f) DSGVO (legitimate interests in efficient administration, customer communication and record-keeping).
Switzerland: Processing for contract performance, fulfilment of legal obligations and in the context of legitimate operational interests under DSG/revDSG.
Payment Processing via Stripe
For online payments, payment data is processed via Stripe. We use Stripe Hosted Checkout. The entry and processing of full payment data takes place at Stripe. We receive in particular payment status, transaction references and billing information.
Legal bases under DSGVO: Art. 6(1)(b) DSGVO, Art. 6(1)(c) DSGVO, Art. 6(1)(f) DSGVO.
Website Operation, Hosting and Server Logs
The website runs as a Next.js application on an Infomaniak VPS in Geneva, Switzerland and is delivered via bunny.net as an EU CDN. When the website is accessed, technically necessary data is processed, in particular IP address, timestamp, URL accessed, referrer, user agent and technical error/security logs.
Legal bases under DSGVO: Art. 6(1)(f) DSGVO (stable, secure website operation, abuse prevention, error analysis), and where applicable Art. 6(1)(b) DSGVO for booking-related use.
For technically necessary storage or access to terminal devices, § 25(2) TDDDG applies; for non-essential cookies/technologies, consent under § 25(1) TDDDG and Art. 6(1)(a) DSGVO applies.
Calendar Synchronisation with Booking.com / Airbnb
To avoid double bookings, we synchronise availability and booking periods via iCal with booking platforms such as Booking.com and Airbnb. Calendar data, booking references, stay periods and, depending on the iCal content, guest/booking details may be processed.
Legal bases under DSGVO: Art. 6(1)(b) DSGVO and Art. 6(1)(f) DSGVO.
Cash Receipts and Paperless Archive
Cash receipts and associated records are archived in Paperless (self-hosted) to fulfil tax, accounting and record-keeping obligations.
Legal bases under DSGVO: Art. 6(1)(c) DSGVO (statutory retention obligations), Art. 6(1)(f) DSGVO (record-keeping and proper accounting).
Cookies and Consent
luxrem.de uses a cookie consent mechanism with the categories necessary, preferences, statistics and marketing. Statistics and marketing services are not loaded prior to consent.
Legal bases: § 25 TDDDG, Art. 6(1)(a) DSGVO for cookies/technologies requiring consent; Art. 6(1)(f) DSGVO and § 25(2) TDDDG for technically necessary processes. Further details are set out in the Cookie Policy.
6. Recipients and Processors
Personal data may be transmitted to the following recipients or service providers:
- Infomaniak Network SA, Switzerland: hosting/VPS.
- bunny.net / BunnyWay d.o.o. or the relevant group company: CDN, website delivery and protection.
- Stripe: payment processing via Hosted Checkout.
- Booking.com and Airbnb: booking platforms/iCal synchronisation, insofar as guests book via these platforms or calendar data is synchronised.
- Paperless (self-hosted): archiving of cash receipts and records within the operator's own infrastructure.
- Tax advisors, legal advisors, authorities and courts, insofar as legally required or necessary for the enforcement of legal claims.
Where service providers process personal data on a contracted basis, data processing agreements or equivalent data protection arrangements are concluded as required.
7. Third-Country Transfers
Processing takes place in particular in Germany, Switzerland and the EU/EEA. From an EU perspective, Switzerland has an adequacy decision. For service providers such as Stripe, Booking.com, Airbnb or CDN/infrastructure services, data may also be transferred to third countries, in particular the USA.
Where personal data is transferred to countries without an adequate level of data protection, this is done only on the basis of appropriate safeguards, e.g. EU standard contractual clauses, additional protective measures or statutory exceptions.
8. Retention Periods
We store personal data only for as long as necessary for the respective purposes or as required by statutory retention obligations.
- Enquiries without a booking: 6 months from the last contact.
- Booking and contract data: 10 years pursuant to commercial and tax-law retention obligations (incl. Art. 958f OR, § 257 HGB).
- Invoices, receipts and accounting documents: 10 years (Art. 958f OR Switzerland; § 257 HGB and § 147 AO Germany).
- Server logs: 30 days.
- Cookie consent records: 12 months.
- iCal/OTA data: are retained for the duration of the stay and to prevent double bookings, and are deleted or overwritten once no longer required for calendar synchronisation.
9. Data Subject Rights
Under the DSGVO, data subjects have in particular the rights of access, rectification, erasure, restriction of processing, data portability, objection to processing based on legitimate interests, and withdrawal of consent with effect for the future.
Under Swiss DSG/revDSG, data subjects have in particular the rights of access, release or transfer of personal data, rectification, erasure or cessation of unlawful processing, to the extent the legal requirements are met.
To exercise these rights, a message to Booking@luxrem.de is sufficient.
10. Withdrawal of Consent
Consent granted, in particular for cookies in the statistics or marketing categories, may be withdrawn at any time with effect for the future. Withdrawal is as straightforward as granting consent, in particular via the cookie settings on the website.
11. Right to Lodge a Complaint
Data subjects have the right to lodge a complaint with a data protection supervisory authority.
For Germany: the North Rhine-Westphalia State Commissioner for Data Protection and Freedom of Information (LDI NRW), https://www.ldi.nrw.de
For Switzerland: Federal Data Protection and Information Commissioner (FDPIC), Feldeggweg 1, 3003 Berne, Switzerland, https://www.edoeb.admin.ch/
12. Obligation to Provide Data
Certain data is required for a booking and the conduct of the stay. Without such data, we may be unable to process enquiries, complete bookings, fulfil legal obligations or provide services. Optional details are indicated as such or apparent from the context.
13. Automated Decisions
No automated individual decision-making including profiling within the meaning of Art. 22 DSGVO takes place according to the current draft.
Source Basis
Sources and review notes: see README.md.
