We use cookies to improve your experience and measure site traffic. Learn more.
Privacy Policy
1. Who we areThis website is operated by:2424 Hotel GmbH
Tal 24
80331 Munich
Germany
Email: welcome@hausimtal.com
Phone: +49 89 90 421 840Managing Director: Alexander HaasANAGRAM is a hospitality brand operated by 2424 Hotel GmbH.In the following, we refer to ourselves as “we” or “ANAGRAM”.2. General informationWe process personal data in accordance with the EU General Data Protection Regulation (GDPR) and applicable German data protection laws.Personal data means any information that can identify you personally.3. Data collection when visiting our websiteWhen you visit our website, certain technical data is automatically collected to ensure stability and security.This includes:• IP address
• date and time of access
• browser type and version
• operating system
• referring URL
• pages visited• brief per-IP request rates (held in server memory for up to 60 seconds to block abusive traffic; never written to disk or combined with other data)
Legal basis: Art. 6(1)(f) GDPR (legitimate interest in secure and stable operation)Server log data is stored only as long as necessary for security purposes.4. Cookies & Consent ManagementOur website uses cookies and similar technologies.Cookies help us:• ensure proper website functionality
• improve user experience
• analyze website usage
• deliver relevant advertisingNon-essential cookies are only used with your consent.You can change or withdraw your consent at any time via the cookie settings.Legal basis: Art. 6(1)(a) GDPR (consent)5. Booking engineOur website includes a first-party booking engine ("IBE") that we operate directly. When you make a booking we process:• your name, email and phone number
• your postal address
• your selected dates, room and rate plan
• any optional services you add (breakfast, crib, etc.)
• any special requests you submit
• the number and approximate ages of guests in your partyPaymentsCard payments are processed by Adyen N.V. (Simon Carmiggeltstraat 6-50, 1011 DJ Amsterdam, Netherlands) on our behalf. Adyen is a PCI-DSS Level 1 processor. Your card number is entered directly into Adyen's secure checkout — we never see or store your card details; our servers receive only an anonymous payment reference.Reservation systemConfirmed bookings are sent to Apaleo GmbH (Karlstraße 43, 80333 Munich, Germany), our hotel management system. Apaleo acts as a processor on our behalf and may also send you a booking confirmation directly from the property's mailbox.Legal basis: Art. 6(1)(b) GDPR (performance of a contract).We keep booking records for the retention period required by German tax and accounting law (typically 10 years), after which personal details are automatically redacted while preserving the anonymised booking record.6. Contacting usIf you contact us via email or contact form, we process the information you provide to handle your request.Legal basis:• Art. 6(1)(b) GDPR (contractual inquiries)
• Art. 6(1)(f) GDPR (general inquiries)Your data will be deleted once the request has been resolved, unless legal retention obligations apply.7. NewsletterIf you subscribe to our newsletter, we will use your email address to send updates, events and news from ANAGRAM.Subscription requires a double opt-in confirmation.You can unsubscribe at any time via the link included in each newsletter.We use a professional newsletter service provider that processes data on our behalf.Legal basis: Art. 6(1)(a) GDPR (consent)8. Google AnalyticsWe use Google Analytics to understand how visitors use our website and to improve our services.Google Analytics uses cookies and similar technologies.Information collected may include:• pages visited
• time spent on site
• interactions
• approximate geographic location
• device and browser informationIP anonymization is activated.Data may be transferred to Google servers in the United States. Transfers are safeguarded through EU-approved mechanisms.Google processes data on our behalf.Legal basis: Art. 6(1)(a) GDPR (consent)You can withdraw your consent at any time via cookie settings.8a. Booking-engine analyticsTo understand how guests interact with our booking engine (which rooms are viewed, where bookings are abandoned, whether promo codes convert) we record anonymous usage events from the booking flow.What we store:• an anonymous session identifier (a random UUID generated in your browser)
• which step of the booking flow you were on
• the dates and party size you searched for
• technical context: device type, browser language, the site you came fromWhat we do not store:• your name, email, address, phone number or card details
• your IP address
• any identifier that could link your analytics events back to youThese records are used internally to improve the booking experience. They expire after 18 months.The session identifier and your current booking progress are also saved in your browser's local storage so you can close and reopen the booking engine without losing your place. You can clear this at any time via your browser's site-data settings.If your browser sends the DNT: 1 ("Do Not Track") signal we do not record these events at all.Legal basis: Art. 6(1)(f) GDPR (legitimate interest in understanding how our own service is used, balanced by full anonymisation).8b. Website analytics (Google Analytics)To understand how visitors use our public website (which pages are viewed and how people move between them) we use Google Analytics 4, a service of Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland).Consent first. Google Analytics is loaded behind Google Consent Mode and stays switched off until you accept our cookie notice. Until you accept, no Google Analytics cookie (e.g. _ga) is set and no data is sent to Google.When you accept, Google Analytics may set cookies and process your IP address and online identifiers to produce aggregated usage statistics for us. Google may transfer this data to servers outside the EU/EEA, relying on the EU–U.S. Data Privacy Framework and Standard Contractual Clauses. We never send your name, email, address, phone number or payment details to Google, and Google Analytics is not used inside the booking or payment flow.If your browser sends the DNT: 1 ("Do Not Track") signal, Google Analytics is never loaded.Withdrawing consent. You can withdraw consent at any time by clearing this site's cookies and local storage in your browser, or via Google's opt-out add-on (https://tools.google.com/dlpage/gaoptout). New visits then stay in the cookieless, consent-denied state.Legal basis: Art. 6(1)(a) GDPR (your consent). See Google's privacy policy at https://policies.google.com/privacy.9. Meta (Facebook & Instagram) AdvertisingWe use Meta advertising technologies, including the Meta Pixel, to measure campaign effectiveness and deliver relevant ads.This allows us to:• understand visitor interactions
• measure ad performance
• show relevant ads on Facebook and InstagramMeta may process data in the United States.Data processing only occurs with your consent.Legal basis: Art. 6(1)(a) GDPR (consent)You can adjust your advertising preferences directly via Meta platforms.10. Data sharingWe only share personal data when necessary:• with service providers (hosting, newsletter, analytics)
• to process bookings and payments
• when legally requiredAll service providers are contractually bound to comply with GDPR requirements.11. International data transfersSome service providers may process data outside the European Economic Area.Where this occurs, we ensure appropriate safeguards such as:• EU Standard Contractual Clauses
• adequacy decisions
• recognized data protection frameworks12. Data retentionWe store personal data only as long as necessary for the purposes stated above or as required by legal retention obligations.13. Your rightsUnder GDPR, you have the right to:• access your stored data
• correct inaccurate data
• request deletion
• restrict processing
• object to processing
• data portability
• withdraw consent at any timeTo exercise your rights, contact us at:welcome@hausimtal.comYou also have the right to lodge a complaint with a data protection authority.14. Data securityWe use SSL encryption and technical security measures to protect your data against unauthorized access, loss or misuse.15. Updates to this policyWe may update this Privacy Policy to reflect legal or operational changes.The latest version will always be available on this page.