Privacy Policy & Cookie Notice

Last updated: July 15, 2026

Introduction

This privacy policy explains how Buchungsnest ("we", "us", or "our") collects, uses, and protects your personal data when you use our booking calendar application.

Cookie Usage

Our application uses cookies and similar technologies that are essential for the website to function properly. We only use strictly necessary cookies required for core functionality.

Types of Cookies We Use

1. Session Cookies (Strictly Necessary)

Purpose: Authentication and session management

Description: These cookies are essential for you to log in and use the administrative features. They maintain your login session and ensure secure access to your account.

Retention: Session-based (deleted when you close your browser or log out)

Legal Basis: Legitimate interest (GDPR Art. 6(1)(f)) - necessary for the operation of the service

2. Blazor Server Cookies (Strictly Necessary)

Purpose: Real-time server communication

Description: These cookies enable the interactive features of the application by maintaining a SignalR connection between your browser and our server.

Retention: Session-based (deleted when you close your browser)

Legal Basis: Legitimate interest (GDPR Art. 6(1)(f)) - necessary for the operation of the service

3. Antiforgery Cookies (Strictly Necessary)

Purpose: Security and CSRF protection

Description: These cookies protect you from cross-site request forgery attacks by verifying that form submissions come from authenticated users.

Retention: Session-based

Legal Basis: Legitimate interest (GDPR Art. 6(1)(f)) - necessary for security

4. Preference Cookies (Functional)

Purpose: Theme preference storage

Description: These cookies remember your theme preference (light/dark mode) to enhance your user experience.

Retention: Persistent (stored in localStorage until manually cleared)

Legal Basis: Consent (GDPR Art. 6(1)(a))

Data We Collect

  • Account Information: Email address, password (encrypted), and role (Admin/Client)
  • Business Data: Client names, guest house names, booking details, and guest information
  • Technical Data: Session identifiers, authentication tokens (encrypted in browser storage)

How We Use Your Data

We use your personal data to:

  • Provide and maintain the booking calendar service
  • Authenticate your identity and manage your session
  • Store and display your bookings and guest house information
  • Enable role-based access control (Admin vs. Client)
  • Remember your preferences (e.g., theme selection)

Data Storage and Security

Your data is stored in a SQLite database on our server. We implement appropriate technical and organizational measures to protect your personal data, including:

  • Encrypted password storage using industry-standard hashing
  • Encrypted session data in browser storage
  • HTTPS encryption for data transmission
  • Access controls and authentication requirements

Your Rights (GDPR)

Under the General Data Protection Regulation (GDPR), you have the following rights:

  • Right to Access: Request a copy of your personal data
  • Right to Rectification: Correct inaccurate personal data
  • Right to Erasure: Request deletion of your personal data
  • Right to Restriction: Limit how we use your personal data
  • Right to Data Portability: Receive your data in a structured format
  • Right to Object: Object to our processing of your personal data
  • Right to Withdraw Consent: Withdraw consent at any time (where processing is based on consent)

Third-Party Services

This application does not use third-party analytics, advertising, or tracking services. All data processing occurs within our own infrastructure.

Managing Cookies

You can manage or delete cookies through your browser settings. However, please note that disabling strictly necessary cookies will prevent you from using key features of the application, including logging in and managing bookings.

Browser cookie settings:

Data Retention

We retain your personal data for as long as your account is active or as needed to provide you with our services. If you wish to delete your account and associated data, please contact us.

Contact Us

If you have any questions about this privacy policy, your data, or wish to exercise your GDPR rights, please contact us at:

Email: privacy@example.com

Changes to This Policy

We may update this privacy policy from time to time. We will notify you of any changes by updating the "Last updated" date at the top of this policy.