Privacy Policy

Privacy Policy

Updated on 30.03.2021

We have written this privacy statement to explain to you, in accordance with the requirements of the General Data Protection Regulation (EU) 2016/679, what information we collect, how we use data and what choices you have as a visitor to this website.

Privacy statements usually sound very technical. This version, on the other hand, is intended to describe the most important things to you as simply and clearly as possible.

If you still have questions, we would like to ask you to follow the existing links and look at further information on third party sites, or simply write us an e-mail. You can find our contact details in the Legal Notice.

Automatic data storage

When you visit websites these days, certain information is automatically created and stored, including on this website. This collected data should be collected as sparingly as possible and only with justification. By website, by the way, we mean the entirety of all web pages on your domain, i.e. everything from the home page to the very last subpage (like this one). By domain, we mean

Even while you are visiting our website right now, our web server – that is the computer on which this website is stored – usually automatically saves data such as the following for reasons of operational security, to compile access statistics etc.

  • the complete Internet address (URL) of the website accessed (here:
  • browser and browser version (e.g. Chrome 87)
  • the operating system used (e.g. Windows 10)
  • the address (URL) of the previously visited page (referrer URL) (e.g.
  • the host name and IP address of the device being accessed (e.g. COMPUTERNAME and
  • the date and time
  • in files, the so-called web server log files.

Usually, these files are stored for a fortnight and then automatically deleted. We do not share this data, but we cannot exclude the possibility that this data may be viewed by authorities in the event of unlawful behaviour.

In short, your visit is logged by our provider (Hetzner), the company that runs our website on special computers (servers), but we do not pass on your data!


Our website uses HTTP cookies to store user-specific data. If you would like to know what cookies are, how we use them and how you can delete them, please visit our Cookie Policy.

Storage of personal data

Personal data that you submit to us electronically on this website, such as your name, e-mail address, address or other personal details when submitting a form or comment, together with the time and IP address, will only be used by us for the stated purpose, kept secure and not passed on to third parties.

We therefore only use your personal data for communication with those visitors who expressly wish to be contacted and for processing the services and products offered on this website. We do not disclose your personal data without your consent, but we cannot rule out the possibility that this data may be accessed in the event of unlawful conduct.

If you send us personal data by e-mail – thus away from this website – we cannot guarantee secure transmission and protection of your data. We recommend that you never send confidential data by e-mail without encryption.

According to Article 6(1)(a) GDPR (lawfulness of processing), the legal basis is that you give us consent to process the data you have entered. You can revoke this consent at any time – an informal e-mail is sufficient, you will find our contact details in the imprint.

Rights according to the General Data Protection Regulation

According to the provisions of the GDPR, you are generally entitled to the following rights:

  • Right to rectification (Article 16 GDPR)
  • Right to erasure (“right to be forgotten”) (Article 17 GDPR)
  • Right to restriction of processing (Article 18 GDPR)
  • Right to notification – obligation to give notice in connection with the rectification or erasure of personal data or the restriction of processing (Article 19 GDPR)
  • Right to data portability (Article 20 GDPR)
  • Right to object (Article 21 GDPR)
  • Right not to be subject to a decision based solely on automated processing, including profiling (Article 22 GDPR).

If you believe that the processing of your data violates data protection law or your data protection rights have otherwise been violated in any way, you can contact the Federal Commissioner for Data Protection and Freedom of Information (BfDI).

Evaluation of visitor behaviour

In the following data protection declaration, we inform you whether and how we evaluate data from your visit to this website. The evaluation of the collected data is generally anonymous and we cannot draw any conclusions about your person from your behaviour on this website. You can find out more about how to object to this analysis of your visit data in the following data protection declaration.

TLS encryption with https

TLS, encryption and https sound very technical and they are. We use HTTPS (the Hypertext Transfer Protocol Secure stands for “secure hypertext transfer protocol”) to transfer data tap-proof on the Internet.

This means that the complete transmission of all data from your browser to our web server is secured – no one can “listen in”.

We have thus introduced an additional layer of security and fulfil data protection by design of technology Article 25(1) GDPR). By using TLS (Transport Layer Security), an encryption protocol for secure data transmission on the Internet, we can ensure the protection of confidential data.

You can recognise the use of this data transmission protection by the small lock symbol at the top left of the browser to the left of the Internet address ( and the use of the https scheme (instead of http) as part of our Internet address.

If you want to know more about encryption, we recommend a Google search for “Hypertext Transfer Protocol Secure wiki” to get good links to further information.

Web analysis with the AWStats analysis tool

On the basis of Art. 6 Para. 1 lit. e GDPR in conjunction with § 3 Federal Data Protection Act, the Oude Bakkerij Bed& Breakfast uses the AWStats analysis tool ( to statistically evaluate visitor access as part of its public relations work. The web servers themselves are operated by Hetzner ( and any log files that arise are immediately anonymised. The data from the log files of the web server are analysed in anonymised form, i.e. without identifying the users by IP addresses or other personal data. Access to this analysis data is only possible for a few employees of the Oude Bakkerij Bed& Breakfast.

The collection, processing and use of this data, as well as its evaluation, is solely for statistical purposes and to optimise the Oude Bakkerij Bed& Breakfast website content. We use these statistics exclusively to measure activities and to improve or adapt our web pages to the needs of users.

If individual pages of our website are called up, the following data is stored:

        the website called up

        the website from which the user accessed the website (referrer)

        the sub-pages accessed from the accessed website

        the time spent on the website

        the frequency with which the website is accessed.

Google Maps Privacy Policy

We use Google Maps from Google Inc. on our website. Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services in Europe. Google Maps enables us to better show you locations and thus adapt our service to your needs. By using Google Maps, data is transmitted to Google and stored on Google servers. Here we would like to go into more detail about what Google Maps is, why we use this Google service, what data is stored and how you can prevent this.

What is Google Maps?

Google Maps is an internet map service provided by Google. With Google Maps, you can search for exact locations of cities, sights, accommodation or businesses online via a PC, tablet or app. If companies are represented on Google My Business, further information about the company is displayed in addition to the location. To show how to get there, map sections of a location can be integrated into a website using HTML code. Google Maps shows the earth’s surface as a street map or as an aerial or satellite image. Thanks to the Street View images and the high-quality satellite images, very accurate representations are possible.

Why do we use Google Maps on our website?

All our efforts on this site are aimed at providing you with a useful and meaningful time on our website. By integrating Google Maps we can provide you with the most important information about various locations. You can see at a glance where we are located. The directions always show you the best or fastest way to reach us. You can call up the directions for routes by car, public transport, on foot or by bicycle. For us, providing Google Maps is part of our customer service.

What data does Google Maps store?

In order for Google Maps to be able to offer its service in full, the company has to collect and store data from you. This includes, among other things, the search terms entered, your IP address and also the latitude and longitude coordinates. If you use the route planner function, the start address entered is also stored. However, this data storage happens on the Google Maps websites. We can only inform you about this, but cannot influence it. Since we have integrated Google Maps into our website, Google sets at least one cookie (name: NID) in your browser. This cookie stores data about your user behaviour. Google uses this data primarily to optimise its own services and to provide you with individual, personalised advertising.

The following cookie is set in your browser due to the integration of Google Maps:

Name: NID

Wert: 188=h26c1Ktha7fCQTx8rXgLyATyITJ311265114-5

Purpose: NID is used by Google to customise advertisements to your Google search. With the help of the cookie, Google “remembers” your most frequently entered search queries or your previous interaction with ads. This way you will always get tailored ads. The cookie contains a unique ID that Google uses to collect your personal preferences for advertising purposes.

Expiry date: after 6 months

Note: We cannot guarantee completeness in the information we store. Especially when using cookies, changes can never be excluded. In order to identify the cookie NID, a separate test page was created where only Google Maps was integrated.

How long and where is the data stored?

Google servers are located in data centres all over the world. However, most servers are located in America. For this reason, your data is increasingly stored in the USA. You can find out exactly where Google’s data centres are located here:

Google distributes the data on different data carriers. This means that the data can be accessed more quickly and is better protected against any attempts at manipulation. Each data centre also has special emergency programmes. If, for example, there are problems with Google’s hardware or a natural disaster paralyses the servers, the data will pretty much remain protected anyway.

Google stores some data for a set period of time. For other data, Google only offers the option of deleting it manually. Furthermore, the company also anonymises information (such as advertising data) in server logs by deleting part of the IP address and cookie information after 9 and 18 months respectively.

How can I delete my data or prevent data storage?

With the automatic deletion of location and activity data introduced in 2019, location and web/app activity information will be stored for either 3 or 18 months – depending on your decision – and then deleted. In addition, you can also manually delete this data from your history at any time via your Google Account. If you want to completely prevent your location tracking, you must pause the “Web and App Activity” section in the Google Account. Click “Data and personalisation” and then on the “Activity setting” option. Here you can switch the activities on or off.

In your browser, you can also deactivate, delete or manage individual cookies. Depending on which browser you use, this always works slightly differently.

If you generally do not want cookies, you can set up your browser so that it always informs you when a cookie is to be set. This way, you can decide for each individual cookie whether or not to allow it.

Google is an active participant in the EU-U.S. Privacy Shield Framework, which regulates the correct and secure transfer of personal data. You can find more information about this at If you want to learn more about Google’s data processing, we recommend that you read the company’s own privacy policy at

Google Fonts privacy policy

We use Google Fonts on our website. These are the “Google Fonts” of the company Google Inc. For the European area, the company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services.

You do not have to log in or enter a password to use Google fonts. Furthermore, no cookies are stored in your browser. The files (CSS, fonts) are requested via the Google domains and According to Google, the requests for CSS and fonts are completely separate from all other Google services. If you have a Google account, you do not need to worry about your Google account information being transmitted to Google while using Google Fonts. Google records the use of CSS (Cascading Style Sheets) and the fonts used and stores this data securely. We will look at exactly how this data is stored in more detail.

What are Google Fonts?

Google Fonts (formerly Google Web Fonts) is a directory of over 800 fonts that Google makes available to its users free of charge. Many of these fonts are published under the SIL Open Font License, while others are published under the Apache License. Both are free software licences.

Why do we use Google Fonts on our website?

With Google Fonts, we can use fonts on our own website, but we don’t have to upload them to our own server. Google Fonts is an important component in keeping the quality of our website high. All Google Fonts are automatically optimised for the web and this saves data volume and is a great advantage especially for use with mobile devices. When you visit our site, the low file size ensures a fast loading time. Furthermore, Google Fonts are secure web fonts. Different image synthesis systems (rendering) in different browsers, operating systems and mobile devices can lead to errors. Such errors can sometimes distort the appearance of texts or entire web pages. Thanks to the fast Content Delivery Network (CDN), there are no cross-platform problems with Google Fonts. Google Fonts supports all major browsers (Google Chrome, Mozilla Firefox, Apple Safari, Opera) and works reliably on most modern mobile operating systems, including Android 2.2+ and iOS 4.2+ (iPhone, iPad, iPod). We therefore use Google Fonts so that we can present our entire online service as beautifully and consistently as possible.

What data is stored by Google?

When you visit our website, the fonts are reloaded via a Google server. This external call-up transmits data to the Google servers. In this way, Google also recognises that you or your IP address are visiting our website. The Google Fonts API was developed to reduce the use, storage and collection of end user data to what is necessary for the proper provision of fonts. By the way, API stands for “Application Programming Interface” and serves, among other things, as a data transmitter in the software sector.

Google Fonts stores CSS and font requests securely at Google and is thus protected. Through the collected usage figures, Google can determine how well the individual fonts are received. Google publishes the results on internal analysis pages, such as Google Analytics. In addition, Google also uses data from its own web crawler to determine which websites use Google Fonts. This data is published in the Google Fonts BigQuery database. Entrepreneurs and developers use the Google web service BigQuery to be able to examine and move large amounts of data.

It should be noted, however, that each Google Font request also automatically transmits information such as language settings, IP address, browser version, browser screen resolution and browser name to the Google servers. Whether this data is also stored cannot be clearly determined or is not clearly communicated by Google.

How long and where is the data stored?

Google stores requests for CSS assets for one day on its servers, which are mainly located outside the EU. This allows us to use fonts with the help of a Google stylesheet. A stylesheet is a format template that can be used to easily and quickly change the design or font of a website, for example.

The font files are stored by Google for one year. Google’s aim is to fundamentally improve the loading time of websites. If millions of web pages refer to the same fonts, they are cached after the first visit and immediately reappear on all other web pages visited later. Sometimes Google updates font files to reduce file size, increase language coverage and improve design.

How can I delete my data or prevent data storage?

The data that Google stores for a day or a year cannot simply be deleted. The data is automatically transmitted to Google when the page is accessed. In order to delete this data prematurely, you must contact Google support at Data storage can only be prevented in this case if you do not visit our site.

Unlike other web fonts, Google allows us unlimited access to all fonts. So we can access an unlimited sea of fonts and get the most out of our website. You can find out more about Google Fonts and other issues at There, Google does go into privacy-related matters, but really detailed information about data storage is not included. It is relatively difficult to get really precise information from Google about stored data.

You can also find out what data Google basically collects and what it is used for at

Google Fonts Local Privacy Policy

On our website we use Google Fonts from the company Google Inc. The company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for the European area. We have integrated the Google Fonts locally, i.e. on our web server – not on Google’s servers. This means that there is no connection to Google servers and therefore no data transfer or storage.

What are Google Fonts?

Google Fonts used to be called Google Web Fonts. This is an interactive directory of over 800 fonts that Google provides free of charge. With Google Fonts, you could use fonts without uploading them to your own server. However, in order to prevent any transfer of information to Google servers in this regard, we have downloaded the fonts to our server. In this way, we act in a privacy-compliant manner and do not send any data to Google Fonts.

Unlike other web fonts, Google allows us unlimited access to all fonts. This means we have unlimited access to a sea of fonts and can thus get the most out of our website. You can find out more about Google Fonts and other questions at

MotoPress privacy policy

MotoPress is a WordPress hotel booking plugin that includes all the features that allow us to rent out rooms. This includes the contact and booking form.

What personal data is processed as part of the contact and booking process?

Personal data is processed depending on the contact method. A distinction can be made between contacting us by e-mail or using the contact and booking form.

Contact by e-mail

The Oude Bakkerij Bed & Breakfast can be contacted by e-mail via the central e-mail address (

If you use this method of contact, the data you provide (e.g. surname, first name, address, etc.), or at least the e-mail address, and the information contained in the e-mail (including any personal data you may have provided) will be processed for the purpose of contacting you and dealing with your request. We would like to point out that the data is processed on the basis of Article 6 Paragraph 1 lit. e DSGVO in conjunction with Section 3 BDSG. Processing of the personal data provided by you is necessary for the purpose of processing your request.

Contacting us via the contact and booking form

On our website, you can also use our contact and booking form to send your request to the Oude Bakkerij Bed&Breakfast.

The content of the contact and booking form is transmitted via an encrypted https connection.

If a user takes advantage of this option, the data entered in the input mask is transmitted to us and stored. These data are:


        e-mail address

        Company (optional, booking form only)

        Nationality (booking form only)

        Street and house number (booking form only)

        Postcode (booking form only)

        Place of residence (booking form only)

        Telephone number (booking form only)

        Notes (optional, booking form only)

If you use the forms for communication and booking, it is necessary to provide personal data. Without this data, your request cannot be processed. We process the personal data outlined above in accordance with the provisions of the GDPR and the BDSG (german shortage for Federal Data Protection Act) on the basis of your consent (Art. 6 para. 1 lit. a GDPR).

Your data will be processed exclusively within Oude Bakkerij Bed&Breakfast by the relevant employees. Your data will not be transferred to third parties. Processing takes place exclusively in Germany and the Netherlands. We take technical and organisational measures to ensure that your data is protected against accidental or intentional manipulation and unauthorised access. Your transmitted data will be stored for the processing of your enquiry and for possible follow-up enquiries until revoked. As a rule, they are deleted after 12 months. Other periods may apply within the framework of statutory retention periods. If you wish to change or delete your data, you can do so at any time by contacting us in the easiest way for you.

What personal data is processed in the context of the use of social networks?

The Oude Bakkerij Bed & Breakfast is active on the social networks Facebook, TripAdvisor and Instagram. On the Oude Bakkerij Bed& Breakfast website, these are exclusive links to the respective external presentation of our establishment on the corresponding platform. The Oude Bakkerij Bed & Breakfast does not store any data relevant to data protection.

What personal data is processed in the context of providing information?

The processing of personal data depends on the type of information provided, for example whether you fill out a contact form and/or make a booking.

WooCommerce privacy policy

We have integrated the open-source shop system WooCommerce as a plugin on our website. This WooCommerce plugin is based on the WordPress content management system, which is a subsidiary of Automattic Inc. (60 29th Street #343, San Francisco, CA 94110, USA). Through the implemented functions, data is sent to Automattic Inc., stored and processed. In this privacy policy, we inform you what data is involved, how the network uses this data and how you can manage or prevent the data storage.

What is WooCommerce?

WooCommerce is an online shop system that has been part of the WordPress directory since 2011 and was developed specifically for WordPress websites. It is a customisable, open source eCommerce platform based on WordPress and has also been integrated into our website as a WordPress plugin.

Why do we use WooCommerce on our website?

We use this convenient online shop solution to offer you our physical or digital products or services in the best possible way on our website. The aim is to provide you with simple and easy access to our range of products, so that you can get to your desired products quickly and easily. With WooCommerce, we have found a good plugin that meets our requirements for an online shop. We primarily use Woocommerce to integrate various payment options, such as Stripe and Paypal.

What data is stored by WooCommerce?

Information that you actively enter into a text field in our online shop can be collected and stored by WooCommerce or Automattic. So when you register with us or order a product, Automattic can collect, process and store this data. This may include credit card or billing information in addition to email address, name or address. Automattic may subsequently use this information for its own marketing campaigns.

There is also information that Automattic automatically collects from you in so-called server log files:

        IP address

        Browser information

        Default language setting

        Date and time of web access

WooCommerce also sets cookies in your browser and uses technologies such as pixel tags (web beacons), for example, to clearly identify you as a user and potentially offer interest-based advertising. WooCommerce uses a number of different cookies that are set depending on the user action. This means, for example, that when you add a product to your shopping cart, a cookie is set so that the product remains in the shopping cart when you leave our website and return at a later time.

Here we show you an example list of possible cookies that can be set by WooCommerce:

Name: woocommerce_items_in_cart

Value: 1

Purpose: The cookie helps WooCommerce determine when the content in the shopping cart changes.

Expiry date: after end of session

Name: woocommerce_cart_hash

Wert: 447c84f810834056ab37cfe5ed27f204311265114-7

Purpose: This cookie is also used to recognise and store changes in your shopping cart.

Expiry date: after end of session

Name: wp_woocommerce_session_d9e29d251cf8a108a6482d9fe2ef34b6

Wert: 1146%7C%7C1589034207%7C%7C95f8053ce0cea135bbce671043e740311265114-4aa

Purpose: This cookie contains a unique identifier for you so that the shopping cart data can be found in the database.

Expiry date: after 2 days

How long and where is the data stored?

Unless there is a legal obligation to keep data for a longer period of time, WooCommerce deletes the data when it is no longer needed for its own purposes for which it was stored. For example, server log files that contain technical data about your browser and IP address are deleted after about 30 days. Until then, Automattic uses the data to analyse the traffic on its own websites (for example, all WordPress pages) and to fix possible problems. The data is stored on Automattic’s American servers.

How can I delete my data or prevent data storage?

You have the right to access and object to the use and processing of your personal data at any time. You can also file a complaint with a state supervisory authority at any time.

In your browser, you also have the option to individually manage, delete or deactivate cookies. However, please note that deactivated or deleted cookies have possible negative effects on the functions of our WooCommerce online shop. Depending on which browser you use, managing cookies works slightly differently.

Automattic is an active participant in the EU-U.S. Privacy Shield Framework, which governs the accurate and secure transfer of personal data (more information).

For more details on the privacy policy and what data is collected by WooCommerce and how, please visit and for general information on WooCommerce, please visit

Stripe Privacy Policy

We use a payment tool on our website provided by the American technology company and online payment service Stripe. For customers within the EU, Stripe Payments Europe (Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland) is responsible. This means that if you choose Stripe as your payment method, your payment will be processed through Stripe Payments. In this process, data necessary for the payment process will be forwarded to Stripe and stored. In this privacy policy, we give you an overview of this data processing and storage by Stripe and explain why we use Stripe on our website.

What is Stripe?

The technology company Stripe provides payment solutions for online payments. With Stripe it is possible to accept credit and debit card payments in our web shop. Stripe takes care of the entire payment process. A big advantage of Stripe is, for example, that you never have to leave our website or shop during the payment process and the payment processing is very fast.

Why do we use Stripe for our website?

Of course, we want to offer the best possible service with our website and our integrated online shop so that you feel comfortable on our site and use our offers. We know that your time is precious and therefore payment processes in particular need to work quickly and smoothly. In addition to our other payment providers, we have found Stripe to be a partner that ensures secure and fast payment processing.

Stripe enables us to offer the following payment methods:

  • Bank Transer
  • PayPal Standard
  • Credit Card Payment
  • iDEAL
  • Apple Pay
  • Instant Bank Transfer
  • Bancontact

What data is stored by Stripe?

If you choose Stripe as your payment method, personal data will also be transmitted from you to Stripe and stored there. This is transaction data. This data includes the payment method (i.e. credit card, debit card or account number), bank code, currency, amount and date of payment. In the case of a transaction, your name, e-mail address, billing or shipping address and sometimes your transaction history may also be transmitted. This data is necessary for authentication. Stripe may also collect your name, address, phone number and country in addition to technical data about your device (such as IP address) for fraud prevention, financial reporting and to fully provide its services.

Stripe does not sell any of your data to independent third parties, such as marketing agencies or other companies that have nothing to do with the Stripe company. However, the data may be shared with internal departments, a limited number of external Stripe partners or for regulatory compliance purposes. Stripe also uses cookies to collect data. Here is a selection of cookies that Stripe may set during the payment process:

Name: m

Wert: edd716e9-d28b-46f7-8a55-e05f1779e84e040456311265114-5

Purpose: This cookie appears when you select the payment method. It stores and recognises whether you access our website via a PC, tablet or smartphone.

Expiry date: after 2 years

Name: __stripe_mid

Wert: fc30f52c-b006-4722-af61-a7419a5b8819875de9311265114-1

Purpose: This cookie is required in order to carry out a credit card transaction. For this purpose, the cookie stores your session ID.

Expiry date: after one year

Name: __stripe_sid

Wert: 6fee719a-c67c-4ed2-b583-6a9a50895b122753fe

Purpose: This cookie also stores your ID and is used for the payment process on our website by Stripe.

Expiry date: after the session has expired.

How long and where is the data stored?

Personal data is generally stored for the duration of the service provision. This means that the data is stored until we terminate our relationship with Stripe. However, in order to comply with legal and regulatory obligations, Stripe may also store personal data beyond the duration of the service provision. As Stripe is a global company, data may also be stored in any country where Stripe provides services. Thus, data may also be stored outside your country, for example in the USA.

At Oude Bakkerij Bed&Breakfast, we store cancelled or unpaid booking requests for 14 days. We store successful bookings for 12 months. After the 12 months, the data is anonymised.

How can I delete my data or prevent data retention?

Stripe is still a participant in the EU-U.S. Privacy Shield Framework, which regulated the correct and secure transfer of personal data until 16 July 2020. After the European Court of Justice declared the agreement invalid, the company now no longer relies on it, but still acts in accordance with the Privacy Shield principles.

You always have the right of access, rectification and deletion of your personal data. If you have any questions, you can also contact the Stripe team at any time.

You can delete, deactivate or manage cookies that Stripe uses for its functions in your browser. Depending on which browser you use, this works in different ways. Please note, however, that the payment process may then no longer work.

We have now given you a general overview of how Stripe processes and stores data. If you would like to obtain even more and even more detailed information, the detailed Stripe privacy statement serves as a good source.

Paypal Privacy Policy

Use and application of PayPal

We have integrated components from PayPal on this website. PayPal is an online payment service provider. Payments are processed via so-called PayPal accounts, which represent virtual private or business accounts. In addition, PayPal offers the possibility of processing virtual payments via credit cards if a user does not have a PayPal account. A PayPal account is managed via an e-mail address, which is why there is no classic account number. PayPal makes it possible to initiate online payments to third parties or to receive payments. PayPal also assumes trustee functions and offers buyer protection services.

The European operating company of PayPal is PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg, Luxembourg.

If the data subject selects “PayPal” as a payment option during the ordering process in our online shop, data of the data subject will be automatically transmitted to PayPal. By selecting this payment option, the data subject consents to the transmission of personal data required for payment processing.

What data is stored by PayPal?

The personal data transmitted to PayPal are usually first name, last name, address, e-mail address, IP address, telephone number, mobile phone number or other data necessary for the processing of the payment. Personal data that is necessary for the processing of the purchase contract is also personal data that is related to the respective order.

How does PayPal handle the data?

The purpose of transmitting the data is payment processing and fraud prevention. The controller will transfer personal data to PayPal in particular if there is a legitimate interest for the transfer. The personal data exchanged between PayPal and the controller may be transferred by PayPal to credit reference agencies. The purpose of this transmission is to check identity and creditworthiness.

PayPal may disclose the personal data to affiliated companies and service providers or subcontractors, insofar as this is necessary for the fulfilment of contractual obligations or the data is to be processed on behalf.

How can I delete my data or prevent data storage?

The data subject has the option to revoke the consent to the handling of personal data at any time vis-à-vis PayPal. A revocation does not affect personal data that must be processed, used or transmitted for (contractual) payment processing.

The applicable data protection provisions of PayPal can be found here.

Sofortüberweisung Privacy Policy

We offer the payment method “Sofortüberweisung” of the company Sofort GmbH for cashless payment on our website. Sofort GmbH has been part of the Swedish company Klarna since 2014, but has its headquarters in Germany, Theresienhöhe 12, 80339 Munich.

If you decide to use this payment method, personal data will be transmitted to Sofort GmbH or Klarna, respectively, stored and processed there. This data protection text gives you an overview of the data processing by Sofort GmbH.

What is an “Sofortüberweisung”?

Sofortüberweisung is an online payment system that allows you to place an order via online banking. In this case, the payment processing is carried out by Sofort GmbH and we immediately receive information about the payment made. Every user who has an active online banking account with PIN and TAN can use this method. Only a few banks do not yet support this payment method.

Why do we use “Sofortüberweisung” on our website?

Our goal with our website and our integrated online shop is to offer you the best possible service. In addition to the overall experience on the website and alongside our offers, this also includes a smooth, fast and secure payment processing of your orders. To ensure this, we use “Sofortüberweisung” as a payment system.

What data is stored by “Sofortüberweisung”?

When you make an instant transfer via the Sofort/Klarna service, data such as name, account number, bank code, subject, amount and date are stored on the company’s servers. We also receive this information via the payment confirmation.

As part of the account coverage check, Sofort GmbH checks whether your account balance and overdraft facility cover the payment amount. In some cases it is also checked whether Sofort transfers have been successfully carried out in the last 30 days. In addition, your user identification (such as your user number or contract number) is collected and stored in a shortened (“hashed”) form, as well as your IP address. For SEPA transfers, the BIC and IBAN are also stored.

According to the company, no other personal data (such as account balances, turnover data, drawing limits, account lists, mobile phone number, authentication certificates, security codes or PIN/TAN) is collected, stored or passed on to third parties.

Sofortüberweisung also uses cookies to make its own service more user-friendly. When you order a product, you will be redirected to the Sofort or Klarna website. After successful payment, you will be redirected to our thank you page. The following three cookies are set here:


Wert: e8cipp378mdscn9e17kajlfhv7311265114-5

Purpose: This cookie stores your session ID.

Expiry date: after the browser session ends

Name: User[user_cookie_rules] Value: 1

Purpose: This cookie stores your consent to the use of cookies.

Expiry date: after 10 years

Name: _ga

Wert: GA1.2.69759879.1589470706

Purpose: By default, analytics.js uses the cookie _ga to store the user ID. Basically, it is used to distinguish between website visitors. This is a cookie from Google Analytics.

Expiry date: after 2 years

Note: The cookies listed here do not claim to be complete. It is always possible that Sofortüberweisung also uses other cookies.

How long and where is the data stored?

All collected data is stored within the legal retention obligation. This obligation can last between three and ten years.

Klarna/Sofort GmbH tries to store data only within the EU or the European Economic Area (EEA). If data is transferred outside the EU/EEA, the data protection must comply with the GDPR, the country must be in an EU adequacy decision or have the US Privacy Shield certificate.

How can I delete my data or prevent data retention?

You can withdraw your consent for Klarna to process personal data at any time. You also always have the right to information, correction and deletion of your personal data. To do so, you can simply contact the company’s data protection team by emailing

You can manage, delete or deactivate possible cookies used by Sofortüberweisung in your browser. Depending on your preferred browser, this works in different ways.

If you would like to find out more about the data processing by the “Sofortüberweisung” company Sofort GmbH, we recommend that you read the data protection declaration.

Apple Pay Privacy Policy

You can find their Privacy Policy here.

Bancontact Privacy Policy

You can find their Privacy Policy here.

iDEAL Privacy Policy

You can find their Privacy Policy here.

Amendment of the privacy policy

The Oude Bakkerij Bed&Breakfast reserves the right to adapt the privacy policy to ensure that it always complies with the current legal requirements. We recommend that you read our privacy policy regularly to stay up to date on the protection of the personal data we collect.