Thank you for your interest in Villa Oleander. The protection of your personal data is important to us. Below we inform you in accordance with Articles 13 and 14 of the General Data Protection Regulation (GDPR) about the data we process in connection with our website and the rental of the holiday villa.
Hildisch-Holan-Kerschbaumer GbR („HHK GbR“)
Donaustaufer Str. 13, 80993 Munich, Germany
Phone: +49 (89) 543 569 22
Email: info@villa-oleander.com
Data Protection Officer: Klaus Kerschbaumer, reachable at the above address or at info@villa-oleander.com.
With regard to the personal data concerning you, you have the following rights:
You also have the right to lodge a complaint with a data protection supervisory authority. The authority responsible for us is the Bavarian State Office for Data Protection Supervision (BayLDA), Promenade 18, 91522 Ansbach, Germany.
Our website is hosted as a static site on Microsoft Azure Static Web Apps (Microsoft Ireland Operations Ltd., data centre within the EU). A data processing agreement is in place with Microsoft. When you access the website, technically required connection data (e.g. IP address, date/time, file requested, volume of data transferred, browser type/operating system) is processed in order to deliver the page and ensure IT security.
Legal basis: Art. 6(1)(f) GDPR (legitimate interest in secure, trouble-free operation). The website is technically maintained by KAndySoft UG (haftungsbeschränkt), Donaustaufer Str. 13, 80993 Munich.
Fonts are served locally from our own server (no calls to external font services such as Google Fonts). Merely visiting the website therefore transfers no data to web-font providers.
We only use technically necessary cookies or comparable storage techniques, e.g. to store your language and privacy settings. These are required to operate the website; no consent is needed for them (Art. 6(1)(f) GDPR, § 25(2) TDDDG). We do not use tracking or marketing cookies.
On the „Availability“ section we embed the availability calendar / booking engine of Beds24.com Limited (widget loaded via media.xmlcal.com / beds24.com). When the widget loads, connection data (incl. IP address) may be transferred to Beds24 and – if you start an enquiry – the booking data you enter is transmitted to Beds24. A transfer to third countries cannot be excluded; in that case Beds24 relies on appropriate safeguards (e.g. EU Standard Contractual Clauses).
Legal basis: Art. 6(1)(b) GDPR (initiation/performance of the rental contract) and Art. 6(1)(f) GDPR (efficient booking handling).
To show the route, we embed map material from Google Maps (Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland; where applicable Google LLC, USA). When the map loads, your IP address is transferred to Google. The legal basis is Art. 6(1)(f) GDPR (attractive presentation and easy findability). For any data transfers to the USA, Google relies on the EU-US Data Privacy Framework and/or EU Standard Contractual Clauses.
To book and carry out a rental we process the data required for that purpose, in particular:
Purposes and legal bases: conclusion and performance of the rental contract, communication around check-in/check-out, key handover and the stay (Art. 6(1)(b) GDPR); compliance with legal obligations, in particular guest-registration obligations (Art. 6(1)(c) GDPR); assertion of any claims for damages (Art. 6(1)(f) GDPR).
Bookings reach us in various ways – directly or via online booking platforms. If you book via a platform, the respective platform first collects your data as an independent controller under its own privacy policy and transmits to us the data required for the booking. In particular we use:
We manage the booking and guest data received through these channels in our internal booking and guest-management system RentalBizMan (provided and operated by KAndySoft UG as a processor on servers within the EU; a data processing agreement under Art. 28 GDPR is in place). RentalBizMan is used solely to organise your booking, to communicate with you and to fulfil our contractual and legal obligations. Your data is not used for advertising purposes.
Legal basis: Art. 6(1)(b) and (c) GDPR.
Under Greek law we are obliged to record guest data and report it to the Greek authorities (tax administration). For this we collect the required passport data before arrival via our online check-in form; a copy of the passport is not required. The legal basis is Art. 6(1)(c) GDPR in conjunction with the applicable Greek registration and tax regulations.
For payment processing (rent, down payment, deposit) we use payment service providers depending on the chosen method, in particular:
When you select the corresponding payment method, the payment data required for processing is transmitted directly to the respective provider, which processes it as an independent controller. The legal basis is Art. 6(1)(b) GDPR.
We store personal data only as long as necessary for the stated purposes. Booking and contract data is retained for the statutory retention periods (in particular commercial and tax-law periods of up to 10 years). Data not subject to a retention obligation is deleted once the respective purpose no longer applies.
We take appropriate technical and organisational measures to protect your data, including transport encryption (TLS/SSL), access restrictions and – where possible – two-factor authentication for access to booking systems.
Last updated: June 2026. We update this policy whenever changes to our processing or to the legal situation require it.