Privacy Policy

The protection of your personal data is important to us. In the following, we inform you in accordance with Articles 13 and 14 of the General Data Protection Regulation (GDPR) about which personal data we process when you visit this website and use our services.

1. Controller

PBA Abschleppdienst GmbH
(operator of the hotel brand “Hotel Boxenstop”)
Neusser Straße 1a
41542 Dormagen, Germany
Represented by the Managing Director: Franz Scheerbarth
Phone: +49 2133 295020
E-mail: info@boxenstop.de

2. General information on data processing

We process our users’ personal data only to the extent necessary to provide a functional website together with our content and services. Processing generally takes place only with the user’s consent or on one of the legal bases set out in Art. 6(1) GDPR.

3. Provision of the website and server log files

Each time our website is accessed, our hosting provider automatically collects information transmitted by your browser, including:

  • IP address of the requesting device
  • date and time of access
  • name and URL of the file retrieved
  • browser and operating system used
  • referrer URL (the previously visited page)

This data is technically required to deliver the website and to ensure system security and stability. The legal basis is our legitimate interest in secure and stable operation (Art. 6(1)(f) GDPR). Log files are deleted after a short period unless they are exceptionally needed longer to investigate security incidents.

4. Cookies

We use only technically necessary cookies required for the operation of the website (e.g. for session management and to store your language preference). These are permitted without consent under Section 25(2) TDDDG. We do not use any tracking, analytics or marketing cookies and, in particular, do not use Google Analytics or comparable web-analytics services. A cookie consent banner is therefore not required on this website.

5. Contact form and e-mail contact

If you contact us via the contact form or by e-mail, we process the data you provide (e.g. name, e-mail address, subject and message) in order to handle and respond to your enquiry. The legal basis is Art. 6(1)(b) GDPR (initiation/performance of a contract) or Art. 6(1)(f) GDPR (responding to general enquiries). Transmission is TLS-encrypted; e-mails are sent via our own mail server. Your data is deleted once your enquiry has been fully dealt with, provided no statutory retention obligations apply.

6. Online booking

For room reservations we use the booking system of our service provider (hotellogin.cloud, embedded via boxenstop.one). The data collected during a booking (e.g. name, contact details, booking and, where applicable, payment data) is processed to perform the accommodation contract (Art. 6(1)(b) GDPR). A data-processing agreement pursuant to Art. 28 GDPR is in place with the provider of the booking system. Payment data is transmitted and processed exclusively in encrypted form.

7. Embedded third-party content and services

Maps and directions: Map tiles are served from our own server; address/geocoding requests are made server-side via the Nominatim service of the OpenStreetMap Foundation. Your browser does not establish a direct connection to third parties for this. The route links provided lead to Google Maps or Apple Maps; only when you click them do you reach their sites, where their respective privacy policies apply.

YouTube videos: Where videos are embedded, they are loaded in extended privacy mode (youtube-nocookie.com) and only after your active click. Until then, no data is transmitted to YouTube. By clicking, you consent to the transfer of data to Google Ireland Ltd. or Google LLC (USA) (Art. 6(1)(a) GDPR). Any transfer to the USA is based on the EU-US Data Privacy Framework or the EU standard contractual clauses.

Fonts: We use only fonts hosted locally on our own server. No connection to Google or other third-party servers is established when the page is loaded.

8. Recipients and processors

Your data is only passed on to carefully selected service providers who support us in providing our services (in particular the hosting provider, the booking-system provider and the e-mail service provider). These are bound by data-processing agreements pursuant to Art. 28 GDPR and process data exclusively on our instructions. No data is passed on for advertising purposes.

9. Your rights as a data subject

You have the following rights regarding your personal data:

  • Right of access (Art. 15 GDPR)
  • Right to rectification (Art. 16 GDPR)
  • Right to erasure (Art. 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to object to processing (Art. 21 GDPR)
  • Right to withdraw consent with effect for the future (Art. 7(3) GDPR)

10. Right to lodge a complaint with a supervisory authority

Without prejudice to any other remedy, you have the right to lodge a complaint with a data protection supervisory authority. The authority responsible for us is:
State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia (LDI NRW)
Kavalleriestraße 2–4, 40213 Düsseldorf, Germany

11. Retention periods

  • Booking and invoice data: 10 years (Section 147 AO, Section 257 HGB)
  • Commercial letters and business correspondence: 6 years
  • Contact enquiries: until finally processed, unless retention obligations apply
  • Server log files: short-term storage, then deletion

12. Data security

For security reasons and to protect the transmission of your data, this website uses TLS/SSL encryption (recognisable by “https://” and the padlock symbol in your browser’s address bar).

Last updated: June 2026

Book now