The Lakeside Loft

Privacy Policy

Last updated: April 2026

1. Data Controller

The data controller within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws of the member states as well as other data protection provisions is:

Bahlburg & Hohn GbR Werderstr. 51b 13587 Berlin Germany

Authorized partners: Philippe Bahlburg and Philip Hohn VAT ID: DE330254157

Phone: +49 1511 4949700 Email (Bookings): booking@thelakesideloft.de Email (Catering): catering@thelakesideloft.de Website: https://www.thelakesideloft.de

2. General Information on Data Processing

We only process personal data of our users to the extent necessary to provide a functional website as well as our content and services (e.g. boat rental, event booking, catering). The processing regularly occurs only after consent (Art. 6 para. 1 lit. a GDPR), for the fulfillment of a contract or initiation (lit. b), to fulfill legal obligations (lit. c) or on the basis of legitimate interests (lit. f).

3. Hosting and Website Provision

Our website is hosted by an external service provider (hoster). With each visit, information automatically transmitted by your browser is stored in so-called server log files:

  • IP address
  • Date and time of access
  • Name and URL of the retrieved file
  • Amount of data transferred
  • Referrer URL
  • Browser used, operating system, and language

Processing is carried out to ensure trouble-free operation, IT system security, and to fend off attacks. The legal basis is Art. 6 para. 1 lit. f GDPR (legitimate interest). Log files are generally deleted after a maximum of 14 days, unless security-relevant incidents require longer storage.

4. Booking Request via Online Form

On our page https://www.thelakesideloft.de/buchungsanfrage, we offer you the opportunity to submit a non-binding booking request. In doing so, we process the following information:

Event Details: Occasion (e.g. birthday, wedding, corporate event, Christmas party, baby shower, bachelor(ette) party), requested date, start time and duration, number of people, indication whether children under 12 will participate, desired extras (e.g. jetski, drinks, BBQ or healthy catering, skipper, overnight stay) and optional notes / special requests in the free text field.

Contact and Address Data: First name, last name, phone number, email address (mandatory), optional company, street & house number, ZIP code, and city.

Purposes of Processing: Processing your request, creating a customized offer, communicating with you, and, if applicable, executing the contract for the booked service.

Legal Basis: Art. 6 para. 1 lit. b GDPR (initiation and execution of a contract). For information you voluntarily provide in the free text field, Art. 6 para. 1 lit. a GDPR (consent) also applies.

Note on Information regarding Children: Asking whether children under 12 will participate solely serves capacity and safety planning on board. No personal data of individual children is collected.

Storage Duration: We store your data for as long as it is necessary to process your request and execute any contract. Subsequently, the data will be deleted in compliance with statutory retention periods (in particular §§ 147 AO, 257 HGB – usually 6 or 10 years for accounting-relevant documents). Requests that do not lead to a contract will be deleted after 12 months at the latest, provided no statutory retention requirements oppose this.

Recipients: Data is only passed on to third parties if this is necessary for the execution of the contract (e.g. to skippers, catering partners) or if we are legally obligated. Contracts according to Art. 28 GDPR exist with commissioned processors (e.g. hoster, email service providers).

5. Contact by Email or Phone

When you contact us by email (booking@thelakesideloft.de, catering@thelakesideloft.de) or by phone (+49 1511 4949700), we process your information to handle the request and in case follow-up questions arise. The legal basis is Art. 6 para. 1 lit. b GDPR for contract-related requests, otherwise Art. 6 para. 1 lit. f GDPR (legitimate interest in efficient processing). Data will be deleted as soon as it is no longer required for its purpose and no statutory retention periods oppose this.

6. Cookies and Similar Technologies

We use technically necessary cookies on our website to provide basic functions (e.g. session handling, language selection). The legal basis is § 25 para. 2 no. 2 TDDDG in conjunction with Art. 6 para. 1 lit. f GDPR.

Furthermore, we use cookies and similar technologies for analysis and reach measurement purposes as well as for the integration of external content (see sections 7 and 8) exclusively on the basis of your consent in accordance with § 25 para. 1 TDDDG in conjunction with Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time with effect for the future via our cookie settings.

7. Web Analysis with Google Analytics 4

We use Google Analytics 4 (Measurement ID: G-1YNG6JLD59), a web analysis service from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). Google Analytics uses cookies and similar technologies to analyze user behavior on our website and to create reports on website activities.

Processed Data (among others): anonymized IP address, device and browser information, operating system, referrer URL, pages visited, length of stay, interactions, approximate location (country/region), pseudonymous user and event identifiers.

IP Anonymization: Google Analytics 4 shortens or anonymizes IP addresses by default before storing them. To our knowledge, a combination with other data from Google does not take place without corresponding consent.

Purpose: Analysis of the use of our website, improvement of our offer, and reach measurement.

Legal Basis: Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG (consent via our cookie/consent banner). No tracking takes place without your consent. You can revoke your consent at any time with effect for the future.

Third-Country Transfer: Using Google Analytics may result in the transfer of personal data to Google servers in the USA. Google LLC is certified under the EU-U.S. Data Privacy Framework, meaning an adequate level of data protection within the meaning of Art. 45 GDPR exists. In addition, standard contractual clauses pursuant to Art. 46 para. 2 lit. c GDPR are in place.

Storage Duration: Event data collected by Google Analytics is automatically deleted according to our settings after a maximum of 14 months.

Further information: https://policies.google.com/privacy and https://support.google.com/analytics/answer/6004245.

8. Google Maps

On our contact page (https://www.thelakesideloft.de/contact), we integrate map material from the "Google Maps" service. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Through integration, Google receives information that you have accessed the corresponding subpage of our website. In addition, your IP address, information about your browser and device, and – if you are logged into a Google account – an assignment to your user account are transmitted to Google.

Purpose: Display of our mooring (Marina Valentinswerder) and improvement of user-friendliness.

Legal Basis: Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG (consent). Google Maps is only loaded after you have consented via our consent banner. You can revoke your consent at any time with effect for the future.

Third-Country Transfer: A transfer to the USA cannot be ruled out. Google LLC is certified under the EU-U.S. Data Privacy Framework; in addition, standard contractual clauses pursuant to Art. 46 GDPR are in place.

Further information on the handling of user data can be found in Google's privacy policy: https://policies.google.com/privacy.

9. Embedded Content / External Resources

Our website runs on the Next.js framework. Scripts and fonts are delivered from our own domain – as far as technically feasible – to avoid data transfers to third parties. Apart from the services mentioned in sections 7 and 8 (Google Analytics, Google Maps), no other external libraries or content are currently embedded. Should further third-party content (e.g. videos, social media embeddings, payment providers) be added in the future, we will inform you here and – if necessary – obtain your prior consent.

10. Data Disclosure to Third Parties

Your personal data will only be transmitted to third parties if:

  • You have expressly consented (Art. 6 para. 1 lit. a GDPR),
  • This is necessary for the execution of a contract (Art. 6 para. 1 lit. b GDPR),
  • A legal obligation exists (Art. 6 para. 1 lit. c GDPR), or
  • This is permissible on the basis of legitimate interests (Art. 6 para. 1 lit. f GDPR).

To perform our services, data may in particular be passed on to the following categories of recipients: hosting providers, email providers, skippers, catering partners, and – based on your consent – Google Ireland Limited (Analytics, Maps).

11. Your Rights as a Data Subject

You have the following rights at any time:

  • Information (Art. 15 GDPR) about your personal data stored by us;
  • Correction of incorrect data (Art. 16 GDPR);
  • Deletion (Art. 17 GDPR), provided no retention periods oppose this;
  • Restriction of processing (Art. 18 GDPR);
  • Data portability (Art. 20 GDPR);
  • Objection to processing based on legitimate interests (Art. 21 GDPR);
  • Revocation of granted consent with effect for the future (Art. 7 para. 3 GDPR);
  • Complaint to a supervisory authority (Art. 77 GDPR). The authority responsible for us is the Berlin Commissioner for Data Protection and Freedom of Information, Alt-Moabit 59–61, 10555 Berlin.

To exercise your rights, an informal message to booking@thelakesideloft.de or to the postal address given above is sufficient.

12. Obligation to Provide Data

The provision of personal data is neither legally nor contractually required. However, to process a booking request, we need at least an email address and the event details required to provide the service. Without this information, we cannot process your request.

13. Automated Decision-Making / Profiling

Automated decision-making including profiling within the meaning of Art. 22 GDPR does not take place.

14. Data Security

We use SSL/TLS encryption to protect your data during transmission. You can recognize an encrypted connection by the lock symbol in your browser and the URL prefix https://.

15. Currency and Modification of this Privacy Policy

This privacy policy is currently valid. Through the further development of our website or due to changed legal or regulatory requirements, it may become necessary to adapt this privacy policy. The current version can be accessed by you at any time on this page.