Apartment Kunsthaus Nordhausen Logo
Apartment Kunsthaus Nordhausen

Privacy Policy

Last updated: 2025-08-21

1. Privacy at a Glance: Controller and Scope

General Information

This privacy policy provides an overview of what happens to your personal data when you visit this website.
Personal data means any information that can be used to personally identify you.
This policy explains what data we collect, why we collect it, and what rights you have regarding your data.
We are committed to protecting your privacy and handling your data in accordance with applicable data protection laws, particularly the EU General Data Protection Regulation (GDPR) and the German Telecommunications-Telemedia Data Protection Act (TTDSG).

Identification of the Controller

The entity responsible for data collection and processing on this website ("Controller" as defined in Art. 4 No. 7 GDPR) is:

Sylvia Dannewitz
Alexander-Puschkin-Str. 5
99734 Nordhausen
Germany
E-Mail: info@apartment-kunsthaus-nordhausen.de

As the Controller, Sylvia Dannewitz determines the purposes and means of processing personal data and is responsible for compliance with all applicable data protection laws.

Scope of this Policy

This policy applies to the use of the website and all related pages.

Key Definitions

  • Personal data: Any information relating to an identified or identifiable natural person.
  • Data subject: The identified or identifiable natural person to whom the personal data relates.
  • Processing: Any operation performed on personal data (e.g., collection, storage, use, transfer).
  • Controller: The person who determines the purposes and means of processing.
  • Processor: A person or organization processing personal data on behalf of the Controller.
2. Data Processing for Provision and Security of this Website (AWS Hosting)

Description of Processing

When you access our website, your browser automatically transmits certain data:

  • IP address
  • Date and time of the request
  • Browser type, version, and language
  • Operating system

These data are temporarily processed by our hosting provider to deliver website content.
No server log files are stored.

Hosting Provider (Processor)

Amazon Web Services (AWS)
Primary storage location: Frankfurt (Germany, EU)
Provider: Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, L-1855 Luxembourg

AWS acts as our processor under Art. 28 GDPR. A Data Processing Agreement (DPA) is in place.

Purpose and Legal Basis

Purpose: Secure, reliable, and performant delivery of the website via AWS CloudFront (CDN).
Legal basis: Legitimate interest under Art. 6(1)(f) GDPR.
Supported by Recital 49 GDPR (network and information security).

3. Use of Cookies and Consent Management (TTDSG & GDPR)

Explanation

Cookies are small text files stored in your browser.
They can be essential for operation or provide additional functionality (analytics).

Legal framework in Germany:

  • § 25 TTDSG: Storing/accessing cookies requires consent unless they are strictly necessary.
  • GDPR: Processing personal data via cookies requires a legal basis (usually consent under Art. 6(1)(a) GDPR).

Cookie Settings

On your first visit: consent banner.

Cookie-Reset

To delete all cookies and reset your settings, click here:

Cookie Categories

  • Strictly necessary: No consent required.

Table 1: Detailed Cookie Information

CategoryCookie NameProviderPurposeExpiry
Strictly necessarycookie-consentStores general consent status6 months
Strictly necessarycookie-consent-dateRecords timestamp of last consent decision6 months
Strictly necessarycookie-settingsStores granular consent decisions6 months
Strictly necessarypreferred-languageStores user's preferred language6 months

Analytics

We use Umami for privacy-friendly web analytics.
Tracking is only activated if you consent to analysis cookies in the cookie banner.
No personal data (such as IP addresses) is stored or shared. The collected information helps us understand how our website is used and improve your experience.

4. External Links to Third-Party Services (Booking Platform)

Booking Platform

Our website provides booking functionality via external link to:
https://www.fewo-channelmanager.de/
Provider: SECRA Bookings GmbH, Germany

All booking data (including payment data) are processed solely by SECRA.
See their privacy policy here:
https://www.fewo-channelmanager.de/data-privacy

5. Your Rights under GDPR

Your Rights

  • Right of access (Art. 15 GDPR)
  • Right to rectification (Art. 16 GDPR)
  • Right to erasure / right to be forgotten (Art. 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to object (Art. 21 GDPR)
  • Right to withdraw consent (Art. 7(3) GDPR)
6. Right to Lodge a Complaint with a Supervisory Authority

Your Right to Complaint

You have the right to lodge a complaint with a supervisory authority in your country of residence, workplace, or place of the alleged infringement (Art. 77 GDPR).

7. Data Security and International Data Transfers

Data Security

SSL/TLS encryption (indicated by "https://" and lock icon).
Appropriate technical and organizational security measures in place.

International Data Transfers

AWS CloudFront uses servers in the EU and North America.
Your IP address may be temporarily processed outside the EEA.

Safeguard: EU Standard Contractual Clauses (SCCs) included in our DPA with AWS.

8. Updates to this Privacy Policy

Policy Updates

We may update this policy to reflect changes in services or law.
The current version is always available on this website.
See "Last Updated" date above.

Contact

For questions about this privacy policy, contact us:

Sylvia Dannewitz

Alexander-Puschkin-Str. 5

99734 Nordhausen, Deutschland

Email: info@apartment-kunsthaus-nordhausen.de

Phone: +49 3631 881740

Mobile: +49 1522 8662578