Luxrem Apartments

Privacy Policy

1. Controller

The controller responsible for the processing of personal data on luxrem.de and in connection with bookings via Luxrem Apartments is:

Luxrem Apartments
[PLATZHALTER: vollständiger rechtlicher Name des Betreibers / Unternehmens]

[PLATZHALTER: Rechtsform]

Inhaber: Siran Klaus Paramajeyakumar

[PLATZHALTER: ladungsfähige Anschrift]


Email: Booking@luxrem.de

Phone Germany: +49 2118 1995950

Phone Switzerland: +41 79 933 38 40

[ANWALT PRÜFEN: Falls es für Deutschland und Schweiz zwei getrennte Rechtsträger gibt, müssen die Verantwortlichkeiten je Standort/Buchung getrennt dargestellt werden.]

2. Data Protection Officer / Data Protection Contact

[PLATZHALTER: Datenschutzbeauftragter, falls bestellt]
[PLATZHALTER: Datenschutzkontakt, falls kein Datenschutzbeauftragter bestellt ist]

[ANWALT PRÜFEN: Ob nach DSGVO/BDSG oder Schweizer DSG ein Datenschutzbeauftragter, Vertreter oder eine Kontaktstelle erforderlich bzw. sinnvoll ist.]

3. Applicable Data Protection Regulations

For guests, interested parties and website visitors from Germany, the EU and the EEA, the applicable regulations include in particular the General Data Protection Regulation (DSGVO), the Federal Data Protection Act (BDSG) and the Telecommunications-Digital Services-Data Protection Act (TDDDG). For processing relating to Switzerland, the Swiss Federal Act on Data Protection (DSG/revDSG) and the Data Protection Ordinance (DSV) also apply.

Where bookings concern a German location (Luxrem 1–3, Remscheid) and a Swiss location (Luxrem 4–6, Biel/Bienne), both legal systems may be relevant. In cases of doubt, the specific attribution must be reviewed by legal counsel.

4. Categories of Data

We process in particular the following categories of data:

5. Purposes and Legal Bases

Booking, Contract Performance and Guest Services

We process booking, contact, guest and communication data to respond to enquiries, accept bookings, organise stays, facilitate check-in/check-out, invoice services and fulfil contractual obligations.

Legal bases under DSGVO: Art. 6(1)(b) DSGVO (contract and pre-contractual measures), Art. 6(1)(c) DSGVO (legal obligations), Art. 6(1)(f) DSGVO (legitimate interests in efficient administration, customer communication and record-keeping).
Switzerland: Processing for contract performance, fulfilment of legal obligations and in the context of legitimate operational interests under DSG/revDSG.

Payment Processing via Stripe

For online payments, payment data is processed via Stripe. We use Stripe Hosted Checkout. The entry and processing of full payment data takes place at Stripe. We receive in particular payment status, transaction references and billing information.

Legal bases under DSGVO: Art. 6(1)(b) DSGVO, Art. 6(1)(c) DSGVO, Art. 6(1)(f) DSGVO.
[ANWALT PRÜFEN: Konkrete Stripe-Vertragspartei, Stripe-Unternehmen, Drittlandtransfer, Standardvertragsklauseln und Link zur Stripe-Datenschutzerklärung ergänzen.]

Website Operation, Hosting and Server Logs

The website runs as a Next.js application on an Infomaniak VPS in Geneva, Switzerland and is delivered via bunny.net as an EU CDN. When the website is accessed, technically necessary data is processed, in particular IP address, timestamp, URL accessed, referrer, user agent and technical error/security logs.

Legal bases under DSGVO: Art. 6(1)(f) DSGVO (stable, secure website operation, abuse prevention, error analysis), and where applicable Art. 6(1)(b) DSGVO for booking-related use.
For technically necessary storage or access to terminal devices, § 25(2) TDDDG applies; for non-essential cookies/technologies, consent under § 25(1) TDDDG and Art. 6(1)(a) DSGVO applies.

Calendar Synchronisation with Booking.com / Airbnb

To avoid double bookings, we synchronise availability and booking periods via iCal with booking platforms such as Booking.com and Airbnb. Calendar data, booking references, stay periods and, depending on the iCal content, guest/booking details may be processed.

Legal bases under DSGVO: Art. 6(1)(b) DSGVO and Art. 6(1)(f) DSGVO.
[ANWALT PRÜFEN: Tatsächliche iCal-Felder prüfen und Datenschutzhinweise der OTA-Plattformen verlinken.]

Cash Receipts and Paperless Archive

Cash receipts and associated records are archived in Paperless (self-hosted) to fulfil tax, accounting and record-keeping obligations.

Legal bases under DSGVO: Art. 6(1)(c) DSGVO (statutory retention obligations), Art. 6(1)(f) DSGVO (record-keeping and proper accounting).

Cookies and Consent

luxrem.de uses a cookie consent mechanism with the categories necessary, preferences, statistics and marketing. Statistics and marketing services are not loaded prior to consent.

Legal bases: § 25 TDDDG, Art. 6(1)(a) DSGVO for cookies/technologies requiring consent; Art. 6(1)(f) DSGVO and § 25(2) TDDDG for technically necessary processes. Further details are set out in the Cookie Policy.

6. Recipients and Processors

Personal data may be transmitted to the following recipients or service providers:

Where service providers process personal data on a contracted basis, data processing agreements or equivalent data protection arrangements are concluded as required.

7. Third-Country Transfers

Processing takes place in particular in Germany, Switzerland and the EU/EEA. From an EU perspective, Switzerland has an adequacy decision. For service providers such as Stripe, Booking.com, Airbnb or CDN/infrastructure services, data may also be transferred to third countries, in particular the USA.

Where personal data is transferred to countries without an adequate level of data protection, this is done only on the basis of appropriate safeguards, e.g. EU standard contractual clauses, additional protective measures or statutory exceptions. [ANWALT PRÜFEN: konkrete Transfermechanismen je Anbieter ergänzen.]

8. Retention Periods

We store personal data only for as long as necessary for the respective purposes or as required by statutory retention obligations.

9. Data Subject Rights

Under the DSGVO, data subjects have in particular the rights of access, rectification, erasure, restriction of processing, data portability, objection to processing based on legitimate interests, and withdrawal of consent with effect for the future.

Under Swiss DSG/revDSG, data subjects have in particular the rights of access, release or transfer of personal data, rectification, erasure or cessation of unlawful processing, to the extent the legal requirements are met.

To exercise these rights, a message to Booking@luxrem.de is sufficient.

10. Withdrawal of Consent

Consent granted, in particular for cookies in the statistics or marketing categories, may be withdrawn at any time with effect for the future. Withdrawal is as straightforward as granting consent, in particular via the cookie settings on the website.

11. Right to Lodge a Complaint

Data subjects have the right to lodge a complaint with a data protection supervisory authority.

For Germany: [PLATZHALTER: zuständige Datenschutzaufsichtsbehörde, voraussichtlich Landesbeauftragte/r für Datenschutz und Informationsfreiheit Nordrhein-Westfalen, anwaltlich prüfen.]
For Switzerland: Federal Data Protection and Information Commissioner (FDPIC), Feldeggweg 1, 3003 Berne, Switzerland, https://www.edoeb.admin.ch/

12. Obligation to Provide Data

Certain data is required for a booking and the conduct of the stay. Without such data, we may be unable to process enquiries, complete bookings, fulfil legal obligations or provide services. Optional details are indicated as such or apparent from the context.

13. Automated Decisions

No automated individual decision-making including profiling within the meaning of Art. 22 DSGVO takes place according to the current draft. [ANWALT/TECHNIK PRÜFEN: Falls dynamische Preisbildung, Betrugsprüfung, automatisierte Ablehnung oder Scoring eingesetzt wird, ergänzen.]

Source Basis

Sources and review notes: see README.md.