We take the protection of your personal data very seriously and treat it confidentially in accordance with statutory data protection regulations.
The controller responsible for the processing of personal data on this website is:
A legally mandated Data Protection Officer is not currently required for our company. For data protection related questions, please contact the controller directly at datenschutz@checkin-guide.com.
We process personal data of our users only to the extent necessary to provide a functional website and our content and services. Personal data is only processed with the user's consent or where another legal basis applies.
Where we obtain consent for the processing of personal data, Art. 6(1)(a) GDPR serves as the legal basis. For processing related to contract fulfilment, Art. 6(1)(b) GDPR applies. For legal obligations, Art. 6(1)(c) GDPR applies. Where processing is based on legitimate interests, Art. 6(1)(f) GDPR applies.
Personal data is deleted or blocked as soon as the purpose for its storage no longer applies. Further storage may occur where required by European or national legislation (e.g. statutory retention periods under § 147 AO, § 257 HGB).
Each time our website is accessed, our system automatically collects data from the accessing computer system. The following data is collected:
This data is stored in log files of our system. It is not stored together with other personal data of the user.
The legal basis for the temporary storage of data and log files is Art. 6(1)(f) GDPR (legitimate interest). Our legitimate interest lies in ensuring the smooth operation of the website and improving our services.
Temporary storage of the IP address by the system is necessary to allow delivery of the website to the user's computer. Log files are used exclusively to ensure operation and improve the security of our website.
Data is deleted as soon as it is no longer necessary for the purpose of collection – at the latest after 7 days. Extended storage is possible; in this case, IP addresses are fully anonymised.
Our website uses cookies. Cookies are text files stored in the user's browser. We distinguish between:
| Type | Name | Purpose | Storage Period | Legal Basis |
|---|---|---|---|---|
| Technically necessary | Session Cookie | Ensuring operation, login status | End of session | Art. 6(1)(f) GDPR |
| Technically necessary | CSRF Token | Security against cross-site request forgery | End of session | Art. 6(1)(f) GDPR |
| Functional | Language preference | Storing the selected language | 12 months | Art. 6(1)(a) GDPR |
Technically necessary cookies are set without separate consent, as they are essential for the operation of the website. For all other cookies, we obtain your consent.
You can configure your browser to be informed about the setting of cookies and to allow cookies only in individual cases, to exclude the acceptance of cookies for certain cases or in general, and to activate the automatic deletion of cookies when the browser is closed. Disabling cookies may limit the functionality of this website.
Our website provides a contact form for electronic communication. If a user makes use of this option, the data entered in the form is transmitted to us and stored. This data includes:
At the time the message is sent, the user's IP address and the date and time of registration are also stored.
The legal basis for processing is Art. 6(1)(a) GDPR (consent) and Art. 6(1)(b) GDPR where contact is aimed at concluding a contract.
Processing of personal data from the form is used solely to handle the contact request. Other personal data collected during email contact serves to prevent misuse of the contact form and to ensure the security of our IT systems.
Data is deleted as soon as it is no longer necessary for the purpose of collection. This is the case when the conversation with the user has ended – generally after 3 years, provided no statutory retention obligations apply.
The user has the right to withdraw consent to processing their personal data at any time. If the user contacts us by email, they may object to the storage of their personal data at any time. In such cases, the conversation cannot be continued. All personal data stored as part of the contact will be deleted.
Hotel operators and accommodation providers may register on our website and create a customer account. The following data is collected during registration:
The legal basis for processing is Art. 6(1)(b) GDPR (contract performance). Processing is necessary for the performance of a contract to which the data subject is a party.
Data is used exclusively for:
Data is stored for the duration of the contractual relationship. After termination of the contract, data is deleted unless statutory retention obligations apply. Tax and commercial retention periods amount to up to 10 years (§ 147 AO, § 257 HGB).
CheckIn Guide provides hotel operators and accommodation providers (our customers) with a software-as-a-service platform. In the context of this platform, our customers process data of their guests. In this relationship, CheckIn Guide acts as a data processor pursuant to Art. 28 GDPR – the respective hotelier is the controller.
The following guest data may be processed through platform use:
Order processing is carried out on the basis of a Data Processing Agreement (DPA) pursuant to Art. 28 GDPR, which we conclude with each of our customers. The DPA can be provided upon request.
Data protection responsibility for the processing of guest data lies with the respective hotelier as controller within the meaning of Art. 4(7) GDPR. Hoteliers are obliged to inform their guests about data processing in the context of the CheckIn Guide (e.g. in their privacy policy or booking confirmation email).
All guest data is stored and processed exclusively on servers located in the European Union (Germany). No transfer to third countries takes place.
We use the payment service provider Stripe, Inc. (185 Berry Street, Suite 550, San Francisco, CA 94107, USA) to process payments. Stripe operates in the EU through its Irish subsidiary (Stripe Payments Europe, Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, D02 H210, Ireland).
The following data is transmitted to Stripe during payment processing:
The legal basis is Art. 6(1)(b) GDPR (contract performance). The transfer is necessary for the processing of the payment transaction.
Stripe is certified under the EU–U.S. Data Privacy Framework and has standard contractual clauses pursuant to Art. 46 GDPR as a guarantee of an adequate level of data protection. Further information can be found in Stripe's Privacy Policy: stripe.com/en-gb/privacy
This website uses Google Fonts for the uniform display of fonts, provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. When a page is accessed, your browser loads the required fonts directly from Google servers, which causes your IP address to be transmitted to Google.
The legal basis is Art. 6(1)(f) GDPR (legitimate interest). Our legitimate interest lies in the uniform and optimised presentation of our online offering.
Google Fonts are used to ensure a consistent and appealing presentation of the website. If your browser does not support Google Fonts or you prevent their loading, the page will be displayed in a standard system font. Further information about Google Fonts can be found at: fonts.google.com and in Google's Privacy Policy: policies.google.com/privacy
We currently use no analytics or tracking tools (e.g. Google Analytics, Matomo, etc.) on our website. Should we deploy such services in future, we will update this Privacy Policy accordingly and – where required – obtain your consent.
This website is hosted by a provider with server locations in the European Union (Germany). The provider processes connection data (IP addresses, access times, retrieved files) on our behalf pursuant to Art. 28 GDPR, as required for the technical operation of the website.
The legal basis is Art. 6(1)(f) GDPR (legitimate interest in reliable and secure website operation) and Art. 28 GDPR (data processing agreement with the hosting provider).
For the delivery of JavaScript libraries and fonts, we use the CDN of jsDelivr (Prospect One Sp. z o.o., Królewska 65A/1, 30-081 Kraków, Poland). jsDelivr is a European provider. Your IP address is transmitted to jsDelivr servers when CDN resources are retrieved. Further information: jsDelivr Privacy Policy
We have concluded Data Processing Agreements pursuant to Art. 28 GDPR with all service providers that process personal data on our behalf. These agreements ensure that service providers only process personal data in accordance with our instructions and in compliance with the GDPR.
Our main data processors are:
| Service Provider | Purpose | Server Location |
|---|---|---|
| Hosting Provider | Website hosting, database operation | Germany / EU |
| Stripe Payments Europe | Payment processing | Ireland / EU |
| Email Service Provider | Transactional emails | EU |
Some of our service providers are located in third countries (outside the EU/EEA) or process data there. We ensure an adequate level of data protection through the following safeguards:
| Service Provider | Third Country | Safeguard |
|---|---|---|
| Google LLC (Fonts) | USA | EU–U.S. Data Privacy Framework, Standard Contractual Clauses (Art. 46 GDPR) |
| Stripe, Inc. | USA | EU–U.S. Data Privacy Framework, Standard Contractual Clauses (Art. 46 GDPR) |
You have the right to receive a copy of the standard contractual clauses upon request. Please contact us at datenschutz@checkin-guide.com.
We only store personal data for as long as necessary. An overview of the applicable storage periods:
| Data Type | Storage Period | Legal Basis |
|---|---|---|
| Server log files | 7 days (then anonymised) | Art. 6(1)(f) GDPR |
| Contact form data | 3 years from end of contact | Art. 6(1)(a)(b) GDPR |
| Customer account data | Duration of contract + statutory periods | Art. 6(1)(b) GDPR |
| Billing data / invoices | 10 years (§ 147 AO, § 257 HGB) | Art. 6(1)(c) GDPR |
| Guest data (order processing) | As instructed by the hotel (controller) | Art. 28 GDPR |
| Session cookies | End of session | Art. 6(1)(f) GDPR |
As a data subject, you have the following rights pursuant to the GDPR:
You have the right to request confirmation of whether personal data concerning you is being processed and, if so, what data this is, along with information about the purposes of processing, recipients, and storage periods.
You have the right to request the correction of inaccurate or incomplete personal data concerning you without undue delay.
You have the right to request the deletion of personal data concerning you without undue delay, provided no statutory retention obligations prevent this.
You have the right to request the restriction of processing of personal data concerning you where you contest the accuracy of the data, processing is unlawful, or you have objected to processing.
You have the right to receive personal data concerning you in a structured, commonly used, and machine-readable format, and to transmit it to another controller.
You have the right to object at any time, on grounds relating to your particular situation, to processing of personal data concerning you which is based on Art. 6(1)(e) or (f) GDPR.
Where processing is based on your consent, you have the right to withdraw it at any time. The withdrawal of consent does not affect the lawfulness of processing carried out prior to withdrawal.
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority if you consider that the processing of personal data concerning you infringes the GDPR.
The competent supervisory authority for CheckIn Guide is:
We reserve the right to update this Privacy Policy to reflect changes in law or changes to our services. The current version can be found at any time at www.checkin-guide.com/privacy-en.html.
In the event of significant changes, we will notify you by email (where you have provided an email address) or through a prominent notice on the website.
Current version: April 2026. This Privacy Policy was last reviewed and updated in April 2026.