Skip to main content
Pension Nauen Brandenburger Str. 19
Back to home page

Privacy policy

Last updated: 24 May 2026

This translation is provided for information only. In case of any discrepancy the German version is authoritative.

Thank you for your interest in our website. The protection of your personal data is important to us. Below we inform you in detail about the handling of your data under Art. 13 GDPR.

1. Controller

The controller for data processing on this website is:

Pension Nauen
Owner: R. Krause
Brandenburger Str. 19
14641 Nauen
Germany
Phone: +49 177 5628699
Email: info@pensionnauen.de

2. Collection and storage of personal data

2.1 When visiting the website (server log files)

When you visit our website, information is automatically sent to our host's server and stored in so-called server log files. The following are collected:

  • IP address of the requesting computer
  • Date and time of access
  • Name and URL of the requested file
  • Amount of data transferred
  • Status of the request
  • Browser identification and operating system
  • Referrer URL

The legal basis is Art. 6(1)(f) GDPR. Our legitimate interest lies in protection against abuse, maintaining operational stability and optimising our website. This data is not combined with other data sources. The logs are automatically deleted by the host after no more than 14 days.

2.2 When using our enquiry form

When you contact us via the enquiry form, the following information is processed:

  • Name and email address (required)
  • Phone number (optional)
  • Desired check-in and check-out dates and number of guests
  • Your message

This processing serves to respond to your enquiry and, where applicable, to initiate an accommodation contract. The legal basis is Art. 6(1)(b) GDPR (pre-contractual measures) and Art. 6(1)(f) GDPR (responding to enquiries). Your data is stored in our database (MariaDB on Linevast Managed MAX) and — if no contract is concluded — deleted no later than 12 months after the enquiry is closed. If a contract is concluded, the commercial and tax retention periods (generally up to 10 years) apply.

3. Cookies

Our public marketing pages set no cookies. We use no tracking, no analytics and no advertising cookies.

In the protected owner area at /admin we use technically necessary session cookies to maintain the login state. These cookies are only relevant to authorised users and are not set for public visitors. The legal basis is §25(2) No. 2 TDDDG (technically necessary cookies).

4. Processors and third-party providers

To provide our service we use the following service providers. Where required, data processing agreements (DPAs) under Art. 28 GDPR have been or will be concluded with each of them.

4.1 Hosting (Linevast Managed MAX)

The website is hosted by Linevast UG (haftungsbeschränkt) in Germany. Linevast processes the server log files on our behalf. A DPA is in place. The server location is Germany.

4.2 Email delivery (adomail.de)

Enquiry confirmations and notifications are sent via the SMTP service of adomail.de. Your contact data (name, email, content of the enquiry) is processed in the course of this. A DPA will be concluded before going live.

4.3 Google reviews (Google Places API)

On our site we display publicly available reviews from Google Maps. These are not loaded in your browser but fetched once per day from our server and cached in our database. No data is exchanged between your browser and Google when you visit our site. Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

4.4 Maps (MapLibre + OpenStreetMap)

On the “Location” page we display an interactive map. The map tiles are loaded directly from the OpenStreetMap Foundation (OSMF) servers when needed. This transmits your IP address to the OSMF (registered in the United Kingdom, Cambridge). The legal basis is Art. 6(1)(f) GDPR (providing a privacy-friendly map without Google Maps tracking).

The OSMF terms of use can be found at wiki.osmfoundation.org/wiki/Privacy_Policy .

5. Transfer of data

Your data is not transferred to third parties for purposes other than those listed below. We transfer your data to third parties only if:

  • You have given express consent (Art. 6(1)(a) GDPR),
  • transfer is necessary for the establishment, exercise or defence of legal claims (Art. 6(1)(f) GDPR),
  • there is a legal obligation (Art. 6(1)(c) GDPR),
  • this is necessary for contract performance (Art. 6(1)(b) GDPR).

6. Your rights

You have the following rights vis-à-vis us:

  • Right of access (Art. 15 GDPR)
  • Right to rectification (Art. 16 GDPR)
  • Right to erasure (Art. 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to object (Art. 21 GDPR)
  • Right to withdraw consent at any time (Art. 7(3) GDPR), without affecting the lawfulness of processing up to that point

7. Right to lodge a complaint

You have the right to lodge a complaint with a data protection supervisory authority. The authority competent for us is:

Die Landesbeauftragte für den Datenschutz und für das Recht auf Akteneinsicht Brandenburg
Stahnsdorfer Damm 77
14532 Kleinmachnow, Germany
Phone: +49 33203 356-0
Email: poststelle@lda.brandenburg.de
Web: www.lda.brandenburg.de

8. Data security

During your visit to the website we use the established TLS protocol (Transport Layer Security) in combination with the highest encryption level supported by your browser. You can recognise the encrypted connection by the padlock symbol in your browser bar and the “https://” prefix. Passwords are stored exclusively as a hash (Argon2id) and are not visible to us in plain text.

9. Validity and changes to this policy

This privacy policy is valid as of the date given above. As our website evolves or as legal or regulatory requirements change, it may become necessary to amend this policy. The current version is always available on this page.