Logo Holiday homes and apartments on the Moselle
SearchHost

Privacy Policy

Status: March 2026

1. Data protection at a glance

The following information gives you an overview of what happens to your personal data when you visit our holiday home portal, contact us, create a user account, request or book accommodations, subscribe to our newsletter, submit reviews or provide us with data of other travelers or contact persons in the context of an inquiry or booking. Personal data is any data by which you can be personally identified or become identifiable.

Who is responsible for data collection on this website?

Data processing on this website is carried out by NeoLodge GmbH as the controller. You can find the contact details below in this Privacy Policy.

How do we collect your data?

Your data is collected, on the one hand, when you provide it to us, for example when you contact us, as part of a booking request, when creating a user account, during the payment process, when subscribing to the newsletter, when submitting a review or when you provide us with data of other travelers or contact persons. Other data is collected automatically or - in the case of optional technologies - only after your consent when you visit the website through our IT systems or used services. This concerns in particular technical data such as IP address, browser, operating system, referrer, time of page access or device information.

What do we use your data for?

We use your data in particular to technically provide and secure the website, to process inquiries, to set up and manage user accounts, to arrange and process bookings, to process payments, to communicate with guests and hosts, to send newsletters, to provide and moderate reviews, and for statistical analysis and optimization of our offering.

What rights do you have?

You have, in particular, the right to information, rectification, deletion, restriction of processing, data portability, objection to certain processing activities, and to withdraw consent given with effect for the future. You also have the right to lodge a complaint with a data protection supervisory authority.

2. Controller

NeoLodge GmbH
Oberer Wasen 23
73630 Remshalden
Germany

Phone: 07151 - 9943030
Email: info@neolodge.de
Support: support@neolodge.de

Managing Directors: Andreas Gold, Johannes Weyland
Register court: Amtsgericht Stuttgart
Registration number: HRB 801876
VAT ID: DE457391918

3. Contact for privacy inquiries

If you have questions about the processing of your personal data or wish to exercise your rights as a data subject, you can contact us at any time at support@neolodge.de.

To the extent that a data protection officer has been appointed for our company, you can reach them via the separately published contact details or via the above contact channels with the addition "Data Protection Officer".

4. Purposes and legal bases of processing

We process personal data only to the extent that there is a legal basis for doing so. Depending on the specific processing activity, we base the processing in particular on the following legal bases:

  • Art. 6 (1) lit. a GDPR - consent, for example for technologies and services in the categories "Functional", "Analytics" and "Marketing";
  • Art. 6 (1) lit. b GDPR - performance of a contract or implementation of pre-contractual measures, in particular in connection with inquiries, user accounts, booking requests, bookings and payments;
  • Art. 6 (1) lit. c GDPR - compliance with legal obligations, for example commercial and tax law retention, documentation and evidence obligations;
  • Art. 6 (1) lit. f GDPR - legitimate interests, in particular in the secure, stable, user-friendly and economically efficient provision of the website, IT security, abuse prevention, error analysis, communication, enforcement or defense of claims, as well as moderation and quality assurance of reviews;
  • Section 25 TDDDG - insofar as storing information on your device or accessing it requires consent or a statutory permission.

If we intend to further process personal data for a purpose other than that for which the data was collected, we will inform you of the new purpose and the other relevant circumstances before this further processing.

5. Hosting and technical provision of the website

We host our online offering with IONOS SE, Elgendorfer Straße 57, 56410 Montabaur, Germany. A data processing agreement has been concluded with the provider in accordance with Art. 28 GDPR.

When you visit our website purely for informational purposes, technical access data is automatically processed by our web server and the hosting provider in so-called server log files. This includes in particular:

  • IP address of the requesting device,
  • date and time of access,
  • page or file accessed,
  • referrer URL,
  • browser type and browser version,
  • operating system used,
  • hostname and other technical connection data.

The processing takes place to ensure the functionality, stability and security of the website and to defend against misuse and analyze errors. The legal basis is Art. 6 (1) lit. f GDPR. Our legitimate interest lies in the secure and trouble-free operation of our online offering.

We store log files only for as long as is necessary for the stated purposes. Longer storage takes place if this is required to investigate security incidents, pursue legal claims or defend and enforce claims.

6. Delivery of graphics and static content via a CDN

For the fast, stable and secure delivery of graphics and static content, we use a Content Delivery Network (CDN) from Amazon Web Services (AWS), in particular Amazon CloudFront. When such content is accessed, your IP address and other connection data, for example browser information, timestamps, header information and the requested resource, are transmitted to AWS servers.

Use takes place on the basis of our legitimate interest in a high-performance, secure and economical provision of our online offering in accordance with Art. 6 (1) lit. f GDPR. Further information on possible transfers to third countries can be found in section 22 of this Privacy Policy.

7. Locally integrated resources

We integrate fonts, JavaScript files and CSS files locally. Therefore, no automatic transmission of personal data to third parties takes place solely through external fonts, stylesheets or script libraries. We provide separate information on external services in this Privacy Policy.

8. SSL/TLS encryption

This website uses SSL/TLS encryption for security reasons and to protect the transmission of confidential content. An encrypted connection can usually be recognized by the fact that your browser's address line begins with "https://".

9. Consent management / consent tool

We use a self-developed consent management system to store, document and technically implement your choices for the categories "Necessary (always active)", "Functional", "Analytics" and "Marketing". For this purpose, we store on your device an entry necessary for consent management, for example a cookie or an entry in local storage or session storage, containing your choice. In this context, your consent decision, the affected category, timestamp, technical metadata and, where applicable, a pseudonymous identifier are processed in particular.

The category "Marketing" is only relevant insofar as marketing-related services or technologies are actually used on the respective page.

The processing takes place in order to comply with our legal obligations to document and respect your choices and to technically provide consent management. The legal bases are Art. 6 (1) lit. c GDPR, Art. 6 (1) lit. f GDPR and Section 25 (2) TDDDG. You can change or withdraw your choices at any time via the privacy settings or cookie settings on our website. Technologies in the categories "Functional", "Analytics" and "Marketing" remain disabled without your consent. Technologies in the category "Necessary (always active)" remain unaffected.

10. Cookies, local storage and similar technologies

Our website uses cookies and comparable technologies such as local storage or session storage. We distinguish between the category "Necessary (always active)" and - after your consent - the categories "Functional", "Analytics" and "Marketing".

We use technologies in the "Necessary (always active)" category on the basis of Section 25 (2) TDDDG. Where personal data is processed in this context, this takes place on the basis of Art. 6 (1) lit. f GDPR. Our legitimate interest lies in the secure, stable and functional provision of the website. This also includes functions that you actively call up and that are then necessary for the requested display, such as the map view. We use technologies in the "Functional", "Analytics" and "Marketing" categories only on the basis of your consent pursuant to Section 25 (1) TDDDG and Art. 6 (1) lit. a GDPR.

11. Contact with us

If you contact us, for example by email, contact form or telephone, we process the information you provide in order to handle your inquiry. This includes in particular your name, contact details, the content of your message and any other information you voluntarily provide.

The legal basis is Art. 6 (1) lit. b GDPR if your inquiry concerns the conclusion or performance of a contract, and otherwise Art. 6 (1) lit. f GDPR on the basis of our legitimate interest in the efficient handling of inquiries. We store this data as long as necessary to complete the inquiry and beyond that only if statutory retention obligations or legitimate interests exist.

12. User account

If you create a user account with us, we process the information required to create and manage the account. This includes in particular your name, email address, access data, account preferences and any other information you provide in connection with creating or using the account.

The processing takes place on the basis of Art. 6 (1) lit. b GDPR for the performance of the user agreement relating to the account. We store the account data for the duration of the account's existence and thereafter only to the extent that statutory retention obligations or overriding legitimate interests require this.

13. Booking requests and bookings

When you send a booking request, make a booking or use related functions on our portal, we process the information required to carry out the request or booking. This includes in particular your name, contact details, travel period, information on fellow travelers, details of the requested or booked accommodation, communication content and any other information you provide in this context.

The processing takes place on the basis of Art. 6 (1) lit. b GDPR for the implementation of pre-contractual measures or the performance of a contract. To the extent necessary, we pass this data on to the respective provider, landlord, host or other service partner so that the request or booking can be processed.

14. Payment processing

In connection with payments, we process the information necessary to carry out the payment. Depending on the selected payment method, this may in particular include name, payment amount, booking reference, billing address and payment status. The actual payment data, in particular card or account details, is generally processed directly by the integrated payment service providers Stripe or PayPal.

The processing takes place on the basis of Art. 6 (1) lit. b GDPR. In addition, processing may take place on the basis of Art. 6 (1) lit. f GDPR, in particular for fraud prevention, error handling and documentation.

For payment processing via Stripe, Stripe Payments Europe, Limited, Ireland, is relevant for data processing in Europe. Further information can be found in Stripe's Privacy Policy: https://stripe.com/privacy.

As part of its global infrastructure, Stripe may also process data in third countries, in particular in the USA. Further information on international data transfers can be found in Stripe's Privacy Policy and in section 22 of this Privacy Policy.

For payment processing via PayPal, PayPal (Europe) S.à r.l. et Cie, S.C.A., Luxembourg, is responsible for the European Economic Area. Further information can be found in PayPal's Privacy Policy: https://www.paypal.com/de/legalhub/paypal/privacy-full.

PayPal may also process data outside the EEA, in particular in the USA. Further information on international data transfers can be found in PayPal's Privacy Policy and in section 22 of this Privacy Policy.

15. Newsletter and Mailjet

If you subscribe to our newsletter, we process your email address and any additional voluntary information in order to send you the newsletter and document your subscription. We use Mailjet / Sinch Email for this. As a rule, subscriptions take place via the double opt-in procedure.

The legal basis is your consent pursuant to Art. 6 (1) lit. a GDPR. You can withdraw your consent at any time with effect for the future, in particular via the unsubscribe link in the newsletter or by contacting us. After unsubscribing, we delete your newsletter recipient data unless there is a legal obligation or a legitimate interest in continued storage of proof of consent.

Further information can be found at: https://www.mailjet.com/legal/privacy-policy/ and on data processing at https://www.mailjet.com/legal/dpa/.

16. Review functions

When you submit reviews or reports of experience about accommodations on our portal, we process the information you provide for this purpose. This may in particular include your name or pseudonym, your review content, star or point ratings, the time of submission, any assignment to a booking, as well as technical metadata and IP addresses for the prevention of misuse.

Reviews may be published on our website after a content or formal review. The legal basis is Art. 6 (1) lit. b GDPR insofar as the review function is part of the use of our portal or a booking, as well as Art. 6 (1) lit. f GDPR for moderation, quality assurance, prevention of misuse and transparent presentation of user experiences.

Providing review content is voluntary. Mandatory information is required only to the extent that, without it, we cannot assign, review or publish a review. We store reviews for as long as the respective review is to be displayed online or there are legitimate interests in documentation, prevention of misuse or legal defense.

Please provide only such information in review fields as is necessary for the review and refrain in particular from providing sensitive personal data.

17. Web analytics with Matomo (self-hosted)

We use Matomo in a self-hosted version for statistical analysis of the use of our online offering. We operate the Matomo instance within our hosting infrastructure. No transfer of analytics data to external analytics providers takes place.

Matomo is used only if you have consented to the "Analytics" category. In this context, page views, usage duration, visitor origin, technical information about browser and device, approximate location data, interactions as well as shortened or anonymized IP addresses are processed in particular. The legal basis is Art. 6 (1) lit. a GDPR in conjunction with Section 25 (1) TDDDG.

You can withdraw any consent given at any time via our privacy settings. A Matomo opt-out integrated on the website also takes effect within the browser or device used in each case.

18. Google Tag Manager

We use Google Tag Manager, a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Tag Manager is used for the technical management and delivery of website tags and scripts. According to the provider, Google Tag Manager itself does not create user profiles; however, when the service is loaded, standard HTTP request data, in particular IP address, browser information, referrer and technical header information, is transmitted to Google.

Which further data processing operations take place depends on the specific tags and services integrated. We provide information on these in the relevant sections of this Privacy Policy. To the extent that the use of Google Tag Manager or the tags controlled through it is not assigned to the "Necessary (always active)" category, it is used only on the basis of your consent pursuant to Art. 6 (1) lit. a GDPR in conjunction with Section 25 (1) TDDDG. This applies in particular to tags or scripts in the "Functional", "Analytics" and "Marketing" categories.

Further information can be found at: https://policies.google.com/privacy.

19. Map material and location display with OpenStreetMap

To display locations and geographically classify accommodations, we integrate map material from OpenStreetMap. The map display is loaded only when you actively open the map view or a corresponding location function. In this case, your browser establishes a connection to servers of the OpenStreetMap Foundation or the respective tile or map server used. In this context, your IP address, browser and device data, referrer, date and time as well as the map section you called up may in particular be processed.

In our privacy settings, the map function is assigned to the category "Necessary (always active)". This applies insofar as the map function is loaded only after your active request and serves to display the location information specifically selected by you. Access to your device or the processing of information on it takes place in this case on the basis of Section 25 (2) no. 2 TDDDG. Insofar as personal data is processed, this takes place on the basis of Art. 6 (1) lit. f GDPR. Our legitimate interest lies in the user-friendly and functionally appropriate display of accommodation locations and in providing a map function specifically requested by you.

Further information can be found in the Privacy Policy of the OpenStreetMap Foundation at https://osmfoundation.org/wiki/Privacy_Policy and in the Tile Usage Policy at https://operations.osmfoundation.org/policies/tiles/.

20. Social media: Facebook, Instagram and Pinterest

Our website contains links to our company profiles on Facebook, Instagram and Pinterest. We do not use active social media plugins, but only pure links. This means that simply visiting our website does not automatically transmit data to these platforms.

Only when you click such a link do you leave our website and a connection to the servers of the respective provider is established. From that point on, the providers process data under their own data protection responsibility. If you communicate with us via our profiles, we process the data transmitted to us in order to handle your request on the basis of Art. 6 (1) lit. f GDPR or - if your request concerns the conclusion or performance of a contract - Art. 6 (1) lit. b GDPR.

Information on data processing by the platforms can be found here:

21. Recipients of data / categories of recipients

Your personal data is only disclosed if there is a legal permission to do so, you have consented or the disclosure is necessary for the performance of a contract. Recipients may in particular be:

  • hosting, infrastructure, CDN and IT security service providers,
  • technical service providers for communication, email dispatch, analytics and consent management,
  • payment service providers, banks and payment processors,
  • accommodation providers, landlords, hosts or other service partners in connection with inquiries and bookings,
  • tax advisors, auditors, legal advisors, insurers or debt collection service providers, insofar as this is necessary for contract execution or legal enforcement,
  • authorities, courts or other public bodies, insofar as we are legally obliged to do so.

Insofar as external service providers act as processors for us, this takes place on the basis of a data processing agreement in accordance with Art. 28 GDPR. Insofar as recipients process data under their own responsibility, further processing is governed by their respective privacy notices.

22. Data transfers to third countries

Some of the services we use or their sub-processors may process data in states outside the European Union or the European Economic Area, in particular in the United Kingdom or in the USA. Such a transfer takes place only if the legal requirements of Art. 44 et seq. GDPR are met.

Insofar as there is an adequacy decision of the European Commission for a third country, the transfer may be based on this. This applies in particular to transfers to certified companies in the USA under the EU-US Data Privacy Framework and - where applicable - to the United Kingdom. Insofar as no adequacy decision applies, we base transfers on appropriate safeguards, in particular standard contractual clauses pursuant to Art. 46 GDPR, internal data protection rules or other legally recognized transfer instruments.

Depending on the provider, the following transfer mechanisms may in particular apply according to their information:

  • Google: EU-US Data Privacy Framework and/or standard contractual clauses where processing takes place in the USA;
  • Stripe: adequacy decisions, standard contractual clauses and/or certifications under the EU-US Data Privacy Framework;
  • PayPal: Binding Corporate Rules, adequacy decisions, standard contractual clauses or statutory exceptions;
  • Mailjet / Sinch Email: standard contractual clauses and - where relevant - EU-US Data Privacy Framework or other permissible transfer mechanisms;
  • AWS / CloudFront: adequacy decisions and/or standard contractual clauses where processing takes place outside the EEA.

You may request a copy of appropriate safeguards or further information on the transfer mechanisms used from us via the contact details stated in section 2 or 3. In addition, we refer to the privacy notices of the respective providers.

23. Storage period

We store personal data only for as long as necessary for the respective purposes or for as long as statutory retention obligations exist. The specific storage period depends on the type of processing activity, the purpose of processing and commercial, tax, civil or supervisory retention and documentation periods.

  • Server log files are stored only for as long as necessary for the secure and stable operation of the website and for the clarification of malfunctions or security incidents.
  • Contact requests are stored until the inquiry has been finally processed and thereafter only insofar as this is necessary for documentation, compliance with legal obligations or the assertion, exercise or defense of legal claims.
  • User account data is stored for the duration of the existence of the user account; earlier deletion is possible if no statutory retention obligations or overriding legitimate interests oppose this.
  • Booking, contract and billing data is stored for the duration of the contractual relationship and thereafter within the framework of statutory retention obligations, in particular under commercial and tax law.
  • Payment and invoice documents are stored within the framework of statutory evidence and retention obligations and, where necessary, for fraud prevention and legal defense.
  • Newsletter data is stored until you unsubscribe; proof of consent is stored beyond that for as long as we have a legal interest in documentation or are legally obliged to do so.
  • Reviews are stored as long as the respective review is to be displayed online or there are legitimate interests in documentation, moderation, abuse prevention or legal defense.
  • Proof of consent is stored as long as we need proof of your consent or withdrawal to comply with legal obligations or for legal defense.

24. Obligation to provide data

Providing personal data is neither legally nor contractually required for the purely informational visit of our website. However, without certain technical data such as IP address or header information, the website cannot be delivered for technical reasons.

In the context of contact forms, user accounts, booking requests, bookings and payments, providing the data marked as required is contractually necessary or necessary for carrying out pre-contractual measures or for concluding the contract. Without this data, we cannot process your request, provide a user account, conclude a contract or carry out a payment or booking.

Providing data for newsletters, reviews or other voluntary functions is voluntary. Without the respective necessary information, however, the function in question cannot be used or cannot be used fully.

25. Your rights as a data subject

Within the framework of the statutory conditions, you have in particular the following rights:

  • right of access to your personal data stored by us (Art. 15 GDPR),
  • right to rectification of inaccurate or completion of incomplete data (Art. 16 GDPR),
  • right to deletion of your data (Art. 17 GDPR),
  • right to restriction of processing (Art. 18 GDPR),
  • right to data portability (Art. 20 GDPR),
  • right to object to certain processing activities (Art. 21 GDPR),
  • right to withdraw consents given with effect for the future,
  • right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR).

Objection to direct advertising and legitimate interests

Insofar as we process your data on the basis of Art. 6 (1) lit. f GDPR, you have the right to object to the processing at any time on grounds relating to your particular situation. If personal data is processed for the purpose of direct advertising, you have the right to object at any time to the processing of your personal data for such advertising purposes.

26. Right to lodge a complaint with the competent supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a data protection supervisory authority. For our company, the competent authority is in particular the State Commissioner for Data Protection and Freedom of Information Baden-Württemberg:

Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg
Heilbronner Straße 35
70191 Stuttgart
Website: https://www.baden-wuerttemberg.datenschutz.de/

27. Automated decisions

We do not make decisions based exclusively on automated processing within the meaning of Art. 22 GDPR. Automated risk assessments or fraud prevention measures by payment service providers remain unaffected and take place under their own data protection responsibility.

28. Current status and changes to this Privacy Policy

We reserve the right to adapt this Privacy Policy so that it always complies with current legal requirements or to implement changes to our services in the Privacy Policy, for example when introducing new services or functions. The current Privacy Policy then applies to your next visit.

Succeed as a Host

Succeed as a Host

  • Get more bookings

    by listing on more than 35 high-reach portals.

  • Manage everything centrally

    with real-time data on your property availability.

  • Reach your ideal guests

    who appreciate your hospitality and whose expectations perfectly match your property.