Privacy Policy
1. Controller
The controller for data processing is:Manfred Hengeler
Frohnhofen 3, 87452 Altusried, Deutschland
hengeler.shofrohnhofen3@gmail.com
+491629383177
The processing of your personal data is based on the EU General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG), and the Telecommunications-Telemedia Data Protection Act (TTDSG). The legal bases are in particular Art. 6(1)(b) GDPR (contract performance), Art. 6(1)(f) GDPR (legitimate interest, e.g. IT security), and, if applicable, Art. 6(1)(a) GDPR (consent). If data is transferred to recipients in third countries, we use EU standard contractual clauses or other appropriate safeguards.
2. Collected Data and Cookies
We collect personal data to provide our contractual services (e.g. booking and accommodation), to ensure the security of our IT systems, and to technically provide our website. To secure your data, we use SSL/TLS encryption when you access our website.
2.1 Stripe (stripe.com)
- stripe.csrf: CSRF protection for payments.
- site-auth: Merchant authorization in the Stripe dashboard.
- private_machine_identifier, machine_identifier: Fraud prevention and device recognition.
- merchant, cid: Stripe account ID and client ID for merchant identification.
- _ga: Stripe-internal Google Analytics (not for our website).
- stripe_sid, stripe_mid: Session IDs for secure assignment of payment sessions.
- stripe_orig_props: Referrer and landing page information for fraud prevention.
- secure-has_logged_in: Display of login status in the Stripe dashboard.
Stripe processes your payment data (e.g. credit card information) as an independent controller for the purpose of fraud prevention and payment processing. Our legal basis for transmitting payment data is Art. 6(1)(b) GDPR (contract performance). International data transfers are based on EU standard contractual clauses.
2.2 Own Cookies (hengelershof.com)
- cookies-accepted: Stores your consent to set non-essential cookies.
- NEXT_LOCALE: Stores the language you have selected (Next.js i18n).
- Secure-authjs.session-token: Access token for your session via NextAuth.js.
- Secure-authjs.callback-url: Stores the URL for redirection after OAuth login.
- __Host-authjs.csrf-token: CSRF token to secure your login via Auth.js.
Technically necessary cookies are essential for the operation of the site and are set even without consent. We only set non-essential cookies after your active consent (Art. 6(1)(a) GDPR) via our cookie banner.
3. Payment Processing with Stripe
To process your online payment, we use Stripe (Stripe Payments), a payment service from Stripe.com. Your payment data is transmitted directly to Stripe; we only receive confirmation of payment success. Without this transmission, we cannot complete your booking.
Legal basis: Art. 6(1)(b) GDPR (contract performance). Stripe processes payment data as an independent provider for fraud prevention and payment processing. International data transfers are secured by EU standard contractual clauses.
4. Login via Google OAuth
You can log in to our website using your Google account. We only receive the information (e.g. name, email address) that you explicitly release to us in the Google OAuth consent screen.
We use this data exclusively for authentication and management of your user account. Our privacy policy is hosted on the same domain and is linked in the OAuth consent screen as required by Google. We comply with Google's Limited Use Policy.
5. Your Rights
5. Your Rights
- Right to information about your stored personal data
- Right to rectification of incorrect or incomplete data
- Right to erasure (‘right to be forgotten’)
- Right to restriction of processing
- Right to data portability
- Right to object to processing based on legitimate interests
- Right to withdraw consent already given
- Right to lodge a complaint with a data protection supervisory authority
To exercise these rights, you can contact us at any time using the contact details provided above.
6. Data Deletion and Retention Period
Your personal data will be deleted or blocked as soon as the purpose of processing no longer applies. Storage beyond this period only takes place if required by law (e.g. tax retention periods).
7. Updating the Privacy Policy
This privacy policy is always available at https://www.hengelershof.com/en/privacypolicy and is updated immediately if our data processing procedures change. Last updated: July 3, 2025.