Privacy Policy
As of: June 2026
This privacy policy informs you about how we and our service providers process your personal data within the meaning of the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG) and the German Telecommunications Digital Services Data Protection Act (TDDDG). We strive for a presentation that is as clear and transparent as possible. If you have any questions, please contact the points of contact named below.
Table of contents
- Controller
- General information on data processing
- Hosting
- Server log files
- Cookies and consent management (consent)
- Google Maps
- Google Fonts
- Google reviews
- Social media profiles and embedded functions
- Contacting us
- Booking / accommodation contract
- Recipients and processors
- Transfer to third countries
- Your rights
- Data security
- Validity and amendment of this privacy policy
1. Controller
The controller within the meaning of Art. 4 No. 7 GDPR is:
TIN INN GmbH
Forster Weg 40
41849 Wassenberg
Germany
Commercial register: HRB 25129, Local Court (Amtsgericht) Aachen
E-mail: kontakt@tin-inn.com
Phone: +49 (0) 2432 / 8969000
2. General information on data processing
2.1 Scope
This policy applies to the processing of personal data in the course of our business activities, in particular via the website tin-inn.com including all sub-pages (e.g. location pages), our social media presences and communication by e-mail and telephone.
2.2 Definition of personal data
Personal data means any information relating to an identified or identifiable natural person (Art. 4 No. 1 GDPR), e.g. name, address, e-mail address, IP address.
2.3 Legal bases
We process personal data on the following legal bases:
- Consent (Art. 6(1)(a) GDPR) – you have consented to the processing for a specific purpose.
- Performance of a contract / pre-contractual measures (Art. 6(1)(b) GDPR).
- Legal obligation (Art. 6(1)(c) GDPR), e.g. retention obligations under tax and commercial law.
- Legitimate interest (Art. 6(1)(f) GDPR), insofar as our interests do not override the interests or fundamental rights of the data subject.
Insofar as cookies are set or information on your end device is accessed that is not strictly necessary, we additionally obtain your consent pursuant to Section 25(1) TDDDG.
2.4 Storage period
We store personal data only for as long as is necessary for the respective purposes or as long as statutory retention obligations exist. If the purpose ceases to apply or you withdraw your consent, we delete the data, provided that no statutory retention obligations prevent this.
3. Hosting
Our website is hosted by Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen. When you visit the website, Hetzner processes the technically necessary data on our behalf (in particular IP address, time of access, resources accessed). The legal basis is our legitimate interest in the secure and stable operation of the website (Art. 6(1)(f) GDPR). We have concluded a data processing agreement with Hetzner pursuant to Art. 28 GDPR.
4. Server log files
When the website is used merely for information purposes, our system or our hosting service provider automatically collects data that your browser transmits:
- IP address,
- date and time of access,
- page/file accessed, volume of data transferred,
- referrer URL,
- browser type and version, operating system.
The processing is carried out to deliver the website and to ensure the security and stability of the system. The legal basis is Art. 6(1)(f) GDPR. The log files are deleted after 14 days, unless security-relevant incidents require longer storage.
5. Cookies and consent management (consent)
We use cookies and comparable technologies (e.g. local storage). Technically necessary cookies that are required for the operation of the website are set on the basis of Section 25(2) TDDDG or Art. 6(1)(f) GDPR without consent.
We set all non-necessary cookies and services (in particular maps and other embedded third-party content) only after you have given your consent via our consent management tool (cookie banner). Your selection is stored so that you are not asked again on each visit.
Withdrawal: You can withdraw or change your consent at any time with effect for the future via the "Cookie settings" link in the footer of the website. The lawfulness of the processing carried out up to the withdrawal remains unaffected.
6. Google Maps
On our location pages we embed the map service Google Maps in order to show you our locations and how to get there.
The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"); responsible for data transfers outside the EEA is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
- How it works: Google Maps is only loaded after you have given your consent (placeholder/two-click solution or activation via our consent tool). Before you give your consent, no data is transmitted to Google in this respect.
- Data processed: in particular your IP address, information about the device and browser you use, and where applicable location data and usage data relating to your interaction with the map. Google may set cookies and access information on your end device.
- Purpose: display of interactive maps and directions.
- Legal basis: your consent pursuant to Art. 6(1)(a) GDPR and Section 25(1) TDDDG.
- Transfer to third countries: a transfer to the USA is possible. Google LLC is certified under the EU-US Data Privacy Framework; in addition, Google relies on the EU Commission's standard contractual clauses (Art. 46(2)(c) GDPR).
- Withdrawal: at any time via the cookie settings (see section 5).
Further information: Google's privacy policy at https://policies.google.com/privacy.
7. Google Fonts
We embed fonts locally from our server. No connection to Google's servers takes place in this respect.
8. Google reviews
We display Google reviews on our website. The provider is Google Ireland Limited (for the address see section 6).
- Legal basis: consent (Art. 6(1)(a) GDPR, Section 25(1) TDDDG), insofar as this involves access to your end device or content is loaded from Google.
- Transfer to third countries: storage on Google servers, also possible outside the EU; the basis is the EU-US Data Privacy Framework and standard contractual clauses.
- Withdrawal: you can delete your own review at any time via your Google account or contact us.
9. Social media profiles and embedded functions
We operate profiles on social media platforms – in particular Instagram, Facebook and LinkedIn – and link to them in the footer of our website. Where content from these platforms is embedded on our website, this is done only after you have given your consent (Art. 6(1)(a) GDPR, Section 25(1) TDDDG); in this process personal data may be transferred to the platform providers, also outside the EU. Merely linking to our profiles does not yet transmit any personal data to the providers.
When you visit our profiles on the platforms themselves, the providers process data on their own responsibility or as joint controllers together with us pursuant to Art. 26 GDPR. Further details can be found in the privacy policies of the respective providers.
10. Contacting us
If you contact us by e-mail, telephone or contact form, we process the data you provide in order to handle your enquiry. The legal basis is Art. 6(1)(b) GDPR (for contract-related enquiries) or Art. 6(1)(f) GDPR (other enquiries). The data is deleted as soon as it is no longer required and no retention obligations prevent this.
11. Booking / accommodation contract
To carry out a booking, we process the data required for this purpose (e.g. name, contact details, stay details, payment data). The legal basis is Art. 6(1)(b) GDPR and, for statutory retention obligations, Art. 6(1)(c) GDPR. The booking is processed via the booking and hotel management system used; payment data is processed via the payment service providers integrated therein, for which their privacy notices additionally apply.
12. Recipients and processors
We only pass on data insofar as this is necessary for the fulfilment of the purpose or is legally permitted, in particular to processors (hosting, booking/payment processing) on the basis of contracts pursuant to Art. 28 GDPR, as well as to authorities insofar as this is required by law.
13. Transfer to third countries
Insofar as data is transferred to countries outside the EEA, we ensure an adequate level of data protection, in particular through an adequacy decision (e.g. EU-US Data Privacy Framework for certified US providers) or through the EU Commission's standard contractual clauses together with supplementary measures.
14. Your rights
You have the right to:
- Access (Art. 15 GDPR),
- Rectification (Art. 16 GDPR),
- Erasure (Art. 17 GDPR),
- Restriction of processing (Art. 18 GDPR),
- Data portability (Art. 20 GDPR),
- Withdrawal of consent given with effect for the future (Art. 7(3) GDPR).
Right to object (Art. 21 GDPR): Insofar as we process data on the basis of legitimate interests (Art. 6(1)(f) GDPR), you have the right to object at any time, on grounds relating to your particular situation.
Right to lodge a complaint (Art. 77 GDPR): You can lodge a complaint with a data protection supervisory authority, in particular with the State Commissioner for Data Protection and Freedom of Information of North Rhine-Westphalia (LDI NRW), Kavalleriestr. 2–4, 40213 Düsseldorf, poststelle@ldi.nrw.de, which is responsible for us.
To exercise your rights, an informal message to the contact details named under section 1 is sufficient.
15. Data security
We use SSL/TLS encryption to protect the transmission of confidential content. You can recognise an encrypted connection by "https://" and the padlock symbol in your browser's address bar.
16. Validity and amendment of this privacy policy
This privacy policy is currently valid and is dated June 2026. As our website develops further or due to changed legal requirements, it may become necessary to amend it. The respective current version can be accessed on this page.