We use cookies to improve your experience and measure site traffic. Learn more.

Privacy Policy

1. Who we are
This website is operated by:
2424 Hotel GmbH Tal 24 80331 Munich Germany Email: welcome@hausimtal.com Phone: +49 89 90 421 840
Managing Director: Alexander Haas
ANAGRAM is a hospitality brand operated by 2424 Hotel GmbH.
In the following, we refer to ourselves as “we” or “ANAGRAM”.
2. General information
We process personal data in accordance with the EU General Data Protection Regulation (GDPR) and applicable German data protection laws.
Personal data means any information that can identify you personally.
3. Data collection when visiting our website
When you visit our website, certain technical data is automatically collected to ensure stability and security.
This includes:
• IP address • date and time of access • browser type and version • operating system • referring URL • pages visited
• brief per-IP request rates (held in server memory for up to 60 seconds to block abusive traffic; never written to disk or combined with other data) Legal basis: Art. 6(1)(f) GDPR (legitimate interest in secure and stable operation)
Server log data is stored only as long as necessary for security purposes.
4. Cookies & Consent Management
Our website uses cookies and similar technologies.
Cookies help us:
• ensure proper website functionality • improve user experience • analyze website usage • deliver relevant advertising
Non-essential cookies are only used with your consent.
You can change or withdraw your consent at any time via the cookie settings.
Legal basis: Art. 6(1)(a) GDPR (consent)
5. Booking engine
Our website includes a first-party booking engine ("IBE") that we operate directly. When you make a booking we process:
• your name, email and phone number • your postal address • your selected dates, room and rate plan • any optional services you add (breakfast, crib, etc.) • any special requests you submit • the number and approximate ages of guests in your party
Payments
Card payments are processed by Adyen N.V. (Simon Carmiggeltstraat 6-50, 1011 DJ Amsterdam, Netherlands) on our behalf. Adyen is a PCI-DSS Level 1 processor. Your card number is entered directly into Adyen's secure checkout — we never see or store your card details; our servers receive only an anonymous payment reference.
Reservation system
Confirmed bookings are sent to Apaleo GmbH (Karlstraße 43, 80333 Munich, Germany), our hotel management system. Apaleo acts as a processor on our behalf and may also send you a booking confirmation directly from the property's mailbox.
Legal basis: Art. 6(1)(b) GDPR (performance of a contract).
We keep booking records for the retention period required by German tax and accounting law (typically 10 years), after which personal details are automatically redacted while preserving the anonymised booking record.
6. Contacting us
If you contact us via email or contact form, we process the information you provide to handle your request.
Legal basis:
• Art. 6(1)(b) GDPR (contractual inquiries) • Art. 6(1)(f) GDPR (general inquiries)
Your data will be deleted once the request has been resolved, unless legal retention obligations apply.
7. Newsletter
If you subscribe to our newsletter, we will use your email address to send updates, events and news from ANAGRAM.
Subscription requires a double opt-in confirmation.
You can unsubscribe at any time via the link included in each newsletter.
We use a professional newsletter service provider that processes data on our behalf.
Legal basis: Art. 6(1)(a) GDPR (consent)
8. Google Analytics
We use Google Analytics to understand how visitors use our website and to improve our services.
Google Analytics uses cookies and similar technologies.
Information collected may include:
• pages visited • time spent on site • interactions • approximate geographic location • device and browser information
IP anonymization is activated.
Data may be transferred to Google servers in the United States. Transfers are safeguarded through EU-approved mechanisms.
Google processes data on our behalf.
Legal basis: Art. 6(1)(a) GDPR (consent)
You can withdraw your consent at any time via cookie settings.
8a. Booking-engine analytics
To understand how guests interact with our booking engine (which rooms are viewed, where bookings are abandoned, whether promo codes convert) we record anonymous usage events from the booking flow.
What we store:
• an anonymous session identifier (a random UUID generated in your browser) • which step of the booking flow you were on • the dates and party size you searched for • technical context: device type, browser language, the site you came from
What we do not store:
• your name, email, address, phone number or card details • your IP address • any identifier that could link your analytics events back to you
These records are used internally to improve the booking experience. They expire after 18 months.
The session identifier and your current booking progress are also saved in your browser's local storage so you can close and reopen the booking engine without losing your place. You can clear this at any time via your browser's site-data settings.
If your browser sends the DNT: 1 ("Do Not Track") signal we do not record these events at all.
Legal basis: Art. 6(1)(f) GDPR (legitimate interest in understanding how our own service is used, balanced by full anonymisation).
8b. Website analytics (Google Analytics)
To understand how visitors use our public website (which pages are viewed and how people move between them) we use Google Analytics 4, a service of Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland).
Consent first. Google Analytics is loaded behind Google Consent Mode and stays switched off until you accept our cookie notice. Until you accept, no Google Analytics cookie (e.g. _ga) is set and no data is sent to Google.
When you accept, Google Analytics may set cookies and process your IP address and online identifiers to produce aggregated usage statistics for us. Google may transfer this data to servers outside the EU/EEA, relying on the EU–U.S. Data Privacy Framework and Standard Contractual Clauses. We never send your name, email, address, phone number or payment details to Google, and Google Analytics is not used inside the booking or payment flow.
If your browser sends the DNT: 1 ("Do Not Track") signal, Google Analytics is never loaded.
Withdrawing consent. You can withdraw consent at any time by clearing this site's cookies and local storage in your browser, or via Google's opt-out add-on (https://tools.google.com/dlpage/gaoptout). New visits then stay in the cookieless, consent-denied state.
9. Meta (Facebook & Instagram) Advertising
We use Meta advertising technologies, including the Meta Pixel, to measure campaign effectiveness and deliver relevant ads.
This allows us to:
• understand visitor interactions • measure ad performance • show relevant ads on Facebook and Instagram
Meta may process data in the United States.
Data processing only occurs with your consent.
Legal basis: Art. 6(1)(a) GDPR (consent)
You can adjust your advertising preferences directly via Meta platforms.
10. Data sharing
We only share personal data when necessary:
• with service providers (hosting, newsletter, analytics) • to process bookings and payments • when legally required
All service providers are contractually bound to comply with GDPR requirements.
11. International data transfers
Some service providers may process data outside the European Economic Area.
Where this occurs, we ensure appropriate safeguards such as:
• EU Standard Contractual Clauses • adequacy decisions • recognized data protection frameworks
12. Data retention
We store personal data only as long as necessary for the purposes stated above or as required by legal retention obligations.
13. Your rights
Under GDPR, you have the right to:
• access your stored data • correct inaccurate data • request deletion • restrict processing • object to processing • data portability • withdraw consent at any time
To exercise your rights, contact us at:
welcome@hausimtal.com
You also have the right to lodge a complaint with a data protection authority.
14. Data security
We use SSL encryption and technical security measures to protect your data against unauthorized access, loss or misuse.
15. Updates to this policy
We may update this Privacy Policy to reflect legal or operational changes.
The latest version will always be available on this page.