Privacy Policy

Preamble

With the following privacy policy, we would like to inform you about the types of your personal data (hereinafter also referred to simply as "data"), the purposes for which we process them, and the scope of such processing. This privacy policy applies to all personal data processing operations carried out by us, both in the context of providing our services and in particular on our websites, in mobile applications, and within external online presences, such as our social media profiles (collectively referred to as "online offering").

The terms used are not gender-specific.

Effective date: June 14, 2025

Table of Contents

Controller

Dogukan Yapici
Alsterdorfer Straße 151
22297 Hamburg
Germany

Email address: admin@bookwith.ai

Overview of Processing

The following overview summarizes the types of data processed, the purposes of their processing, and the data subjects concerned.

Types of Data Processed

  • Inventory data.
  • Payment data.
  • Location data.
  • Contact data.
  • Content data.
  • Contract data.
  • Usage data.
  • Meta, communication, and procedural data.
  • Log data.

Categories of Data Subjects

  • Service recipients and clients.
  • Interested parties.
  • Communication partners.
  • Users.
  • Business and contractual partners.

Purposes of Processing

  • Provision of contractual services and fulfillment of contractual obligations.
  • Communication.
  • Security measures.
  • Direct marketing.
  • Reach measurement.
  • Office and organizational procedures.
  • Affiliate tracking.
  • Organizational and administrative procedures.
  • Feedback.
  • Marketing.
  • Profiles with user-related information.
  • Provision of our online offering and user-friendliness.
  • Information technology infrastructure.
  • Sales promotion.
  • Business processes and economic procedures.

Relevant Legal Bases

Legal Bases under the GDPR: The following is an overview of the legal bases of the GDPR on which we process personal data. Please note that in addition to the GDPR provisions, national data protection regulations may apply in your or our country of residence. If more specific legal bases apply in individual cases, we will inform you of them in this privacy policy.

  • Consent (Art. 6 para. 1 sentence 1 lit. a GDPR) – The data subject has given consent to the processing of their personal data for one or more specific purposes.
  • Performance of a contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b GDPR) – Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
  • Legal obligation (Art. 6 para. 1 sentence 1 lit. c GDPR) – Processing is necessary for compliance with a legal obligation to which the controller is subject.
  • Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR) – Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, provided that such interests are not overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.

National data protection regulations in Germany: In addition to the GDPR, national regulations apply in Germany, in particular the Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG). The BDSG contains specific regulations on the right to access, the right to erasure, the right to object, the processing of special categories of personal data, processing for other purposes, and transmission as well as automated decision-making in individual cases including profiling. In addition, the data protection laws of the individual federal states may apply.

Note on applicability of the GDPR and the Swiss DPA: These privacy notices serve both to provide information in accordance with the Swiss Data Protection Act (DSG) and the General Data Protection Regulation (GDPR). For the sake of broader applicability and clarity, the terms of the GDPR are used. In particular, instead of the terms used in the Swiss DPA such as “processing” of “personal data,” “overriding interest,” and “particularly sensitive personal data,” the corresponding GDPR terms “processing” of “personal data,” “legitimate interest,” and “special categories of data” are used. The legal meaning of the terms continues to be governed by the Swiss DPA within its scope of application.

Security Measures

We implement appropriate technical and organizational measures in accordance with legal requirements, taking into account the state of the art, implementation costs, and the nature, scope, circumstances, and purposes of processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons, in order to ensure a level of protection appropriate to the risk.

These measures include, in particular, safeguarding the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data, as well as access, input, transmission, availability, and separation of the data itself. Furthermore, we have established procedures to ensure the exercise of data subject rights, deletion of data, and responses to data risks. Additionally, we take into account the protection of personal data already during the development or selection of hardware, software, and procedures, in accordance with the principle of data protection through technology design and privacy-friendly default settings.

Transmission of Personal Data

In the course of processing personal data, it may occur that data is transmitted to or disclosed to other entities, companies, legally independent organizational units, or individuals. Recipients of this data may include, for example, service providers tasked with IT operations or providers of services and content embedded in a website. In such cases, we comply with legal requirements and, in particular, conclude appropriate contracts or agreements to protect your data with the recipients of your data.

International Data Transfers

Data processing in third countries: If we process data in a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)), or if this occurs in the context of the use of third-party services or the disclosure or transmission of data to other persons, entities, or companies (recognizable by the postal address of the provider or if this privacy policy explicitly refers to data transfers to third countries), this is always done in accordance with legal requirements.

For data transfers to the United States, we primarily rely on the Data Privacy Framework (DPF), which was recognized as a secure legal framework by an adequacy decision of the European Commission on July 10, 2023. Additionally, we have concluded Standard Contractual Clauses (SCCs) with the respective providers, which comply with the EU Commission’s requirements and set contractual obligations for the protection of your data.

This dual protection ensures comprehensive security for your data: the DPF serves as the primary level of protection, while the SCCs act as an additional safeguard. If changes arise concerning the DPF, the SCCs serve as a reliable fallback to ensure your data remains adequately protected even amid political or legal shifts.

We inform you, in relation to individual service providers, whether they are certified under the DPF and whether SCCs are in place. More information about the DPF and a list of certified companies can be found on the U.S. Department of Commerce website at https://www.dataprivacyframework.gov/ (in English).

For data transfers to other third countries, appropriate safeguards apply, in particular Standard Contractual Clauses, explicit consent, or legally required transfers. Information on third-country transfers and applicable adequacy decisions can be found on the EU Commission’s website: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection_en?prefLang=de

General Information on Data Storage and Deletion

We delete personal data that we process in accordance with legal requirements as soon as the underlying consents are withdrawn or there are no longer any legal grounds for processing. This includes cases in which the original purpose of the processing no longer applies or the data is no longer needed. Exceptions apply when legal obligations or special interests require extended retention or archiving of the data.

In particular, data that must be retained for commercial or tax reasons, or whose storage is necessary for legal prosecution or to protect the rights of other natural or legal persons, must be archived accordingly.

Our privacy notices contain additional information regarding the retention and deletion of data that apply specifically to certain processing operations.

When multiple retention or deletion periods apply to a data item, the longest period always takes precedence.

If a period does not explicitly begin on a specific date and is at least one year in length, it automatically begins at the end of the calendar year in which the triggering event occurred. In the case of ongoing contractual relationships in which data is stored, the triggering event is the effective date of termination or other conclusion of the legal relationship.

Data that is retained not for the original purpose but due to legal requirements or other reasons is processed exclusively for the reasons that justify its retention.

Additional Notes on Processing Operations, Procedures, and Services:

  • Data Retention and Deletion: The following general retention periods apply under German law:
    • 10 years – Retention period for books and records, annual financial statements, inventories, management reports, opening balance sheets, as well as instructions and other organizational documents necessary for understanding them (§ 147 (1) No. 1 in conjunction with (3) AO, § 14b (1) UStG, § 257 (1) No. 1 in conjunction with (4) HGB).
    • 8 years – Accounting vouchers such as invoices and cost receipts (§ 147 (1) Nos. 4 and 4a in conjunction with (3) Sentence 1 AO, and § 257 (1) No. 4 in conjunction with (4) HGB).
    • 6 years – Other business documents: received business letters, copies of sent business letters, and other documents relevant to taxation such as time sheets, operating cost sheets, calculation documents, pricing labels, and payroll documents unless already covered as vouchers and cash register receipts (§ 147 (1) Nos. 2, 3, 5 in conjunction with (3) AO, § 257 (1) Nos. 2 and 3 in conjunction with (4) HGB).
    • 3 years – Data required for potential warranty and damage claims or similar contractual claims and inquiries based on past business experience and typical industry practice is retained for the regular statutory limitation period of three years (§§ 195, 199 BGB).

Rights of Data Subjects

Rights of data subjects under the GDPR: As a data subject, you have various rights under the GDPR, particularly Articles 15 to 21:

  • Right to object: You have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data based on Article 6(1)(e) or (f) GDPR, including profiling based on those provisions. Where your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing, including profiling related to such direct marketing.
  • Right to withdraw consent: You have the right to withdraw any consent given at any time.
  • Right of access: You have the right to obtain confirmation as to whether personal data concerning you is being processed, and access to such data and further information as provided by law.
  • Right to rectification: You have the right, in accordance with the law, to request the completion or correction of inaccurate data concerning you.
  • Right to erasure and restriction of processing: You have the right, in accordance with legal requirements, to request that data concerning you be deleted without undue delay or to request a restriction of the processing of the data.
  • Right to data portability: You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used, and machine-readable format or to request the transfer to another controller, in accordance with legal requirements.
  • Right to lodge a complaint with a supervisory authority: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement, if you believe that the processing of your personal data infringes the GDPR.

Business Services

We process data of our contractual and business partners, such as customers and prospects (collectively referred to as “contractual partners”), in the context of contractual and similar legal relationships, as well as related measures and communication (including pre-contractual), for example, in response to inquiries.

We use this data to fulfill our contractual obligations. This includes obligations to provide agreed services, any necessary updates, and remedies for warranty and performance issues. In addition, we use the data to protect our rights, carry out administrative tasks, and manage our company operations. We also process data based on our legitimate interests in proper, economical business operations and in security measures to protect our contractual partners and business from misuse, data breaches, and other threats (e.g., by involving telecommunications, transport, subcontractors, banks, legal advisors, payment providers, or tax authorities). Within the scope of applicable law, we only pass on partner data to third parties if necessary for the purposes mentioned above or to comply with legal obligations. Contractual partners are informed about any additional processing (e.g., for marketing) within this privacy policy.

We inform contractual partners in advance or during data collection (e.g., via online forms, labels, or icons like asterisks) which data is required for the above purposes.

We delete the data after statutory warranty and similar obligations expire, generally after four years, unless it is stored in a customer account or archived for legal reasons (e.g., tax retention, typically ten years). Data disclosed by the contractual partner in the context of an assignment will be deleted in accordance with contractual and legal requirements, usually at the end of the assignment.

  • Types of data processed: Inventory data (e.g., full name, address, contact information, customer number); Payment data (e.g., bank details, invoices, payment history); Contact data (e.g., postal and email addresses, phone numbers); Contract data (e.g., contract subject, duration, customer category).
  • Data subjects: Service recipients and clients; Prospective clients; Business and contractual partners.
  • Purposes of processing: Provision of contractual services and performance of contractual obligations; Communication; Office and organizational procedures; Business processes and operational procedures.
  • Storage and deletion: Deletion as described in the section “General Information on Data Storage and Deletion.”
  • Legal basis: Contract performance and pre-contractual inquiries (Art. 6(1)(b) GDPR); Legal obligation (Art. 6(1)(c) GDPR); Legitimate interests (Art. 6(1)(f) GDPR).

Provision of the Online Offering and Web Hosting

We process user data to provide our online services. For this purpose, we process the user's IP address, which is necessary to transmit content and functionality of our services to the user’s browser or device.

  • Types of data processed: Usage data (e.g., page views, duration of visit, click paths, intensity and frequency of use, device types, operating systems, interactions with content and features); Meta-, communication- and procedural data (e.g., IP addresses, timestamps, identifiers, persons involved); Log data (e.g., login or access logs, timestamps).
  • Data subjects: Users (e.g., website visitors, users of online services).
  • Purposes of processing: Provision of our online services and user-friendliness; IT infrastructure (operation and provision of IT systems and devices); Security measures.
  • Storage and deletion: Deletion as described in the section “General Information on Data Storage and Deletion.”
  • Legal basis: Legitimate interests (Art. 6(1)(f) GDPR).

Additional notes on processing:

  • Access data and log file collection: Access to our online offering is logged in server log files. These may include addresses and names of accessed pages and files, timestamps, data volumes, success messages, browser types and versions, user operating systems, referrer URLs (previously visited pages), IP addresses, and the requesting provider. Server log files may be used for security purposes (e.g., preventing server overload or DDoS attacks) and to ensure server performance and stability; Legal basis: Legitimate interests (Art. 6(1)(f) GDPR). Data deletion: Log file data is stored for a maximum of 30 days and then deleted or anonymized unless further retention is required for evidence purposes.

Use of Cookies

“Cookies” are functions that store and retrieve information on users’ devices. They can serve various purposes, such as functionality, security, comfort of online services, and analytics. We use cookies in accordance with legal requirements and, where required, obtain prior user consent. If no consent is required, we rely on our legitimate interests. This applies when storage and retrieval of information is essential to provide explicitly requested content and features—e.g., saving settings or ensuring the security and functionality of our services. Consent can be withdrawn at any time, and we clearly inform users of the scope and use of cookies.

Legal basis: Whether we process personal data via cookies depends on user consent. If consent is given, this forms the legal basis. If not, we rely on legitimate interests as outlined in this section and in context of each service or process.

Storage duration: We distinguish between the following cookie types:

  • Temporary cookies (session cookies): These are deleted at the latest after the user leaves the website and closes their device (e.g., browser or app).
  • Permanent cookies: These remain stored even after closing the device, e.g., to keep login status or display preferred content on return visits. Analytics cookies may also fall under this category. If not otherwise specified, users should assume cookies are permanent and stored for up to two years.

General notes on withdrawal and opt-out: Users may revoke consent at any time and object to processing in accordance with legal provisions, including using browser privacy settings.

  • Types of data processed: Meta-, communication-, and procedural data (e.g., IP addresses, timestamps, identifiers, involved individuals).
  • Data subjects: Users (e.g., website visitors, users of online services).
  • Legal basis: Legitimate interests (Art. 6(1)(f) GDPR); Consent (Art. 6(1)(a) GDPR).

Further information on processing, procedures, and services:

  • Cookie data processing based on consent: We use a consent management solution that collects user consent for cookie usage and associated procedures and providers. This includes logging, managing, and allowing withdrawal of consent—especially for storage, retrieval, and processing of device-related information. Consent is stored server-side and/or in a cookie (opt-in cookie) or similar technology linked to the user or their device. If no specific provider is named, the following applies: Consent is stored for up to two years. A pseudonymous user ID, timestamp, scope of consent (e.g., cookie categories, providers), browser, system, and device data are recorded; Legal basis: Consent (Art. 6(1)(a) GDPR).

Blogs and Publishing Media

We use blogs or similar means of online communication and publication (hereinafter referred to as “publishing media”). Readers’ data is only processed to the extent necessary for the presentation of the publishing medium and communication between authors and readers or for security reasons. For further details, we refer to the processing information regarding visitors to our publishing media within this privacy policy.

  • Types of data processed: Inventory data (e.g., full name, address, contact details, customer number); Contact data (e.g., postal and email addresses or phone numbers); Content data (e.g., text or image-based messages and contributions, including authorship and creation timestamps); Usage data (e.g., page views, session duration, click paths, usage frequency and intensity, device types, operating systems, interactions with content and features); Meta, communication, and procedural data (e.g., IP addresses, timestamps, identifiers, involved persons).
  • Data subjects: Users (e.g., website visitors, users of online services).
  • Purposes of processing: Feedback (e.g., collecting feedback via online form); Provision of our online offering and user-friendliness; Security measures; Organizational and administrative procedures.
  • Storage and deletion: Deletion according to the section "General Information on Data Storage and Deletion".
  • Legal basis: Legitimate interests (Art. 6(1)(f) GDPR).

Additional notes on processing:

  • Comments and contributions: When users leave comments or other contributions, their IP addresses may be stored based on our legitimate interests. This serves our security in case someone leaves unlawful content (e.g., insults, prohibited political propaganda). In such cases, we may be held liable for the comment and are therefore interested in the identity of the author.

    We also reserve the right to process user data for spam detection based on our legitimate interests.

    In the case of surveys, we may temporarily store users’ IP addresses and use cookies to prevent multiple voting, again based on legitimate interests.

    Personal data, contact details, website information, and content shared in comments are stored permanently until users object.
    Legal basis: Legitimate interests (Art. 6(1)(f) GDPR).

Contact and Inquiry Management

When contacting us (e.g., by post, contact form, email, phone, or social media) or in the context of existing user and business relationships, the data of the inquiring individuals is processed insofar as necessary to respond to the inquiries and any requested actions.

  • Types of data processed: Inventory data; Contact data; Content data (e.g., messages and posts); Usage data; Meta, communication, and procedural data.
  • Data subjects: Communication partners.
  • Purposes of processing: Communication; Organizational and administrative procedures; Feedback; Provision of our online offering and user-friendliness.
  • Storage and deletion: Deletion according to the section "General Information on Data Storage and Deletion".
  • Legal basis: Legitimate interests (Art. 6(1)(f) GDPR); Contract performance and pre-contractual inquiries (Art. 6(1)(b) GDPR).

Additional notes on processing:

  • Contact form: When contacting us via contact form, email, or other means, we process the transmitted personal data to respond to the request. This typically includes name, contact details, and any additional information provided that is necessary to process the request. We use this data exclusively for the purpose of contact and communication. Legal basis: Contract performance and pre-contractual inquiries (Art. 6(1)(b) GDPR), Legitimate interests (Art. 6(1)(f) GDPR).

Newsletters and Electronic Notifications

We send newsletters, emails, and other electronic notifications (hereinafter “newsletters”) only with the consent of the recipients or based on legal permission. If the content of the newsletter is specified during registration, it is decisive for the user’s consent. Typically, only an email address is required to sign up. However, to personalize the newsletter, we may request additional information such as the recipient’s name or other relevant details.

Deletion and restriction of processing: We may retain unsubscribed email addresses for up to three years based on our legitimate interests to be able to prove prior consent. The processing of this data is limited to defending potential claims. A request for deletion is possible at any time, provided that the former consent is confirmed. In cases where objections must be permanently respected, we store the email address in a blocklist for that purpose.

We log the newsletter registration process based on our legitimate interests to demonstrate its proper execution. If we use a service provider to send emails, this is also based on our legitimate interest in efficient and secure delivery.

Content:

Information about us, our services, promotions, and offers.

  • Types of data processed: Inventory data; Contact data; Meta, communication, and procedural data; Usage data.
  • Data subjects: Communication partners.
  • Purposes of processing: Direct marketing (e.g., via email or post).
  • Legal basis: Consent (Art. 6(1)(a) GDPR).
  • Right to object (opt-out): You can unsubscribe from our newsletter at any time, i.e., withdraw your consent or object to further receipt. A link to unsubscribe is included at the end of each newsletter, or you can contact us via one of the methods provided above—preferably by email.

Additional notes on processing:

  • Open and click rate tracking: Our newsletters contain so-called “web beacons,” i.e., pixel-sized files that are retrieved from our or our provider’s server when the newsletter is opened. This collection includes technical data (e.g., browser, system, IP address, time of access) and is used for technical improvement and audience behavior analysis based on access location and times. It also tracks whether newsletters are opened and which links are clicked. These interactions are linked to individual recipients and stored in their profiles. The evaluations help us understand reading habits and adapt content accordingly or segment audiences. Legal basis: Consent (Art. 6(1)(a) GDPR).

Promotional Communication via Email, Post, Fax or Phone

We process personal data for the purpose of promotional communication via various channels such as email, telephone, post, or fax in accordance with legal requirements.

Recipients have the right to revoke their consent at any time or object to promotional communication.

Following a revocation or objection, we store the necessary contact data to prove prior authorization for up to three years after the end of the calendar year of revocation or objection, based on our legitimate interests. This processing is restricted to the purpose of possible legal defense. Based on our legitimate interest in respecting the revocation or objection, we also store the data needed to prevent further contact (e.g., email address, phone number, name).

  • Types of data processed: Inventory data; Contact data; Content data.
  • Data subjects: Communication partners.
  • Purposes of processing: Direct marketing; Marketing; Sales promotion.
  • Storage and deletion: See section \"General Information on Data Storage and Deletion\".
  • Legal basis: Consent (Art. 6(1)(a) GDPR); Legitimate interests (Art. 6(1)(f) GDPR).

Web Analytics, Monitoring and Optimization

Web analytics (also known as \"reach measurement\") is used to evaluate visitor flows on our online offering and may include behavior, interests, or demographic information such as age or gender in pseudonymous form. It helps us determine when and how our services are used, and which areas require improvement.

In addition to web analytics, we may use testing procedures (e.g., A/B testing) to compare and optimize different elements or versions of our services.

Unless stated otherwise, profiles may be created and information may be stored in or read from a browser/device. This includes visited pages, used elements, technical data (browser, system), and usage time. If users have agreed to location tracking, location data may also be processed.

We store IP addresses, but apply IP masking (pseudonymization via truncation) to protect user identities. No real names or email addresses are stored, only pseudonymous profiles.

  • Types of data processed: Usage data; Meta, communication, and procedural data.
  • Data subjects: Users.
  • Purposes of processing: Reach measurement; User profiling; Provision and optimization of our online offering.
  • Storage and deletion: See section \"General Information on Data Storage and Deletion\". Cookies may be stored for up to 2 years.
  • Security measures: IP masking.
  • Legal basis: Consent (Art. 6(1)(a) GDPR); Legitimate interests (Art. 6(1)(f) GDPR).

Further information:

  • Google Analytics: Used to measure and analyze usage via pseudonymous user IDs. No full IP addresses are stored for EU users; instead, geolocation is derived and IPs are deleted immediately.
    Provider: Google Ireland Limited, Dublin, Ireland
    Legal basis: Consent (Art. 6(1)(a) GDPR)
    Website: Google Analytics
    Privacy policy: Privacy Policy
    DPA: Processor Terms
    Data transfer mechanism: Data Privacy Framework (DPF), Standard Contractual Clauses
    Opt-Out: Browser Add-on, Ad Settings

Affiliate Programs and Affiliate Links

Our website includes affiliate links or other references (such as search forms, widgets, or discount codes) to third-party offers and services. If users follow these links and use the offers, we may receive a commission or other benefits.

To track conversions, third-party providers must recognize that users followed a link from our website. This is used solely for billing purposes and deleted when no longer needed.

Affiliate links may include parameters stored in the link or in cookies, such as referrer, timestamp, campaign ID, link type, or user ID.

  • Types of data processed: Contract data; Usage data; Meta, communication, and procedural data.
  • Data subjects: Interested parties; Users.
  • Purpose of processing: Affiliate tracking.
  • Storage and deletion: See section \"General Information on Data Storage and Deletion\".
  • Legal basis: Consent (Art. 6(1)(a) GDPR); Legitimate interests (Art. 6(1)(f) GDPR).

Additional Services:

  • Booking.com Affiliate Program:
    Provider: Booking.com B.V., Amsterdam, Netherlands
    Legal basis: Legitimate interests (Art. 6(1)(f) GDPR)
    Website: Booking.com
    Privacy policy: Privacy Policy

Customer Reviews and Rating Procedures

We participate in rating and review platforms to evaluate, improve, and promote our services. When users leave reviews on such platforms, the provider’s terms and privacy policies apply. Registration may be required.

To ensure the authenticity of reviews, we may share relevant data with the review platform (e.g., name, email, order number) – but only with the user's consent.

  • Types of data processed: Contract data; Usage data; Meta, communication, and procedural data.
  • Data subjects: Clients; Users.
  • Purposes of processing: Feedback; Marketing.
  • Legal basis: Legitimate interests (Art. 6(1)(f) GDPR).

Plug-ins and Embedded Features and Content

We integrate function and content elements into our online offering that are retrieved from the servers of their respective providers (hereinafter referred to as \"third parties\"). These may include graphics, videos, or maps (hereinafter collectively referred to as \"content\").

Such integration always requires that the third-party providers process the users' IP addresses, as they could not send the content to their browsers without the IP address. The IP address is therefore necessary for displaying this content or functionality. We strive to only use content whose respective providers use the IP address solely for delivering the content. Third parties may also use so-called pixel tags (invisible graphics, also referred to as \"web beacons\") for statistical or marketing purposes. The \"pixel tags\" can be used to analyze information such as visitor traffic on our pages. The pseudonymous information may also be stored in cookies on the user’s device and contain technical data about the browser, operating system, referring websites, time of visit, and other details regarding the use of our online offering. This data may also be combined with information from other sources.

Legal basis note: If we request user consent for the use of third-party providers, this constitutes the legal basis for data processing. Otherwise, user data is processed on the basis of our legitimate interests (i.e., interest in efficient, cost-effective, and user-friendly services). Please also refer to the section on cookies in this privacy policy.

  • Types of data processed: Usage data; Meta, communication, and procedural data; Location data.
  • Data subjects: Users (e.g., website visitors, users of online services).
  • Purposes of processing: Provision of our online offering and user-friendliness.
  • Storage and deletion: As stated in the \"General Information on Data Storage and Deletion\" section. Cookies may be stored for up to 2 years unless stated otherwise.
  • Legal basis: Consent (Art. 6(1)(a) GDPR); Legitimate interests (Art. 6(1)(f) GDPR).

Further information on processing, procedures, and services:

  • Google Fonts (retrieved from Google servers): Integration of fonts and symbols for the purpose of technically secure, maintenance-free, and efficient use, considering licensing restrictions and optimization of loading times. User IP addresses and technical device data (language settings, screen resolution, OS, hardware) are transmitted to provide the fonts properly. Google Fonts API handles requests by delivering CSS and fonts. IP addresses are not logged or analyzed. Only metadata such as requested URL, user-agent, and referrer URL are logged and used for diagnostics and usage statistics.
    Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
    Legal basis: Legitimate interests (Art. 6(1)(f) GDPR)
    Website: https://fonts.google.com/
    Privacy policy: https://policies.google.com/privacy
    Data transfer mechanism: Data Privacy Framework (DPF)
    More information: Google Fonts Privacy FAQ
  • Google Maps: We embed maps from the \"Google Maps\" service provided by Google. The data processed may include user IP addresses and location data.
    Provider: Google Cloud EMEA Limited, 70 Sir John Rogerson’s Quay, Dublin 2, Ireland
    Legal basis: Consent (Art. 6(1)(a) GDPR)
    Website: https://mapsplatform.google.com/
    Privacy policy: https://policies.google.com/privacy
    Data transfer mechanism: Data Privacy Framework (DPF)
Resources
Blog
Newsletter
Help centre
Support
Legal
Legal Notice
Privacy
Terms
Cookies
Contact
© BookwithAI All rights reserved.