Data Privacy

Data Privacy Policy

This Privacy Policy explains how personal information is collected, used, and protected when you visit this website (Website).

This Website is operated in accordance with applicable privacy laws, including PIPEDA, GDPR, UK GDPR, and CCPA/CPRA.

Last updated: April 4, 2026

Applicable Regulations

  • Canadian Personal Information Protection and Electronic Documents Act (PIPEDA)
  • EU General Data Protection Regulation (GDPR)
  • UK GDPR
  • California Consumer Privacy Act / California Privacy Rights Act (CCPA/CPRA)
  • Other applicable international privacy laws

Data Controller

Controller within the meaning of data protection laws: see Legal.

Hosting, Infrastructure, and Security

The Website is hosted on Cloudflare Pages and uses Cloudflare's global network for content delivery, DDoS protection, and security services. Cloudflare Workers may process technical request data to enable dynamic functionality and performance optimization.

Service provider: Cloudflare, Inc., 101 Townsend Street, San Francisco, CA 94107, USA.

When you access the Website, Cloudflare may process:

  • IP address
  • Date and time of request
  • Browser type and version
  • Operating system
  • Referrer URL
  • Requested content
  • Request metadata
  • Security-related information

Purpose:

  • Website delivery
  • DDoS protection
  • Performance optimization
  • IT security and error diagnostics
  • Infrastructure stability

Legal basis:

  • PIPEDA: Legitimate business purposes
  • GDPR Art. 6(1)(f): Legitimate interest in secure and stable operation

Data may be processed on servers located in the United States or other countries.

Cloudflare Privacy Policy: https://www.cloudflare.com/privacypolicy/

Automatically Collected Data (Server Logs)

When visiting the Website, certain data is automatically recorded in server logs:

  • IP address
  • Access date and time
  • Requested resource
  • HTTP status code
  • Browser information

This data is used solely for technical and security purposes and is not used to identify individuals. Retention is limited to what is necessary for operational security.

Cookies

The Website uses strictly necessary cookies required for secure operation and core functionality.

In addition, optional cookies from third-party providers may be set if you activate "Full Experience Mode". Optional cookies are only used after you provide explicit consent. These cookies may be set by:

  • Google (Google Maps, YouTube)
  • Spotify

Optional cookies may process:

  • IP address
  • Device and browser information
  • Usage data
  • Interaction data

Legal basis:

  • PIPEDA: Meaningful consent
  • GDPR Art. 6(1)(a): Consent

You may withdraw consent at any time using the Full Experience toggle in the footer. Consent is stored for up to 6 months.

Optional Third-Party Services ("Full Experience Mode")

Certain interactive features are disabled by default to protect your privacy. If you activate "Full Experience Mode", the following third-party services may be loaded:

Google Maps

Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Purpose: Display interactive maps.

Data Processing: When loaded, Google may process your IP address and technical request data and may set cookies. Data may be transferred to servers in the United States or other third countries.

Privacy Policy: https://policies.google.com/privacy

YouTube

Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Purpose: Display embedded video content.

Data Processing: When a video is loaded, YouTube may process your IP address, device information, and usage data, and may set cookies. Data may be transferred to the United States or other third countries.

Privacy Policy: https://policies.google.com/privacy

Spotify

Provider: Spotify AB, Regeringsgatan 19, 111 53 Stockholm, Sweden.

Purpose: Provide embedded audio playback.

Data Processing: When activated, Spotify may process your IP address and interaction data and may set cookies. Data may be transferred outside Canada and the European Union.

Privacy Policy: https://www.spotify.com/legal/privacy-policy/

The Website operator does not control how these providers process personal data. Processing is governed by the respective provider's privacy policies.

Legal basis:

  • PIPEDA: Meaningful consent
  • GDPR Art. 6(1)(a): Explicit consent

Withdrawal of Consent

You may withdraw your consent at any time using the Full Experience toggle in the footer.

Upon withdrawal:

  • The consent cookie will be deleted
  • Third-party services will no longer load
  • Previously set third-party cookies must be managed directly with the respective provider

Comment System

The Website includes a self-developed and self-hosted comment system.

When submitting a comment, we may collect:

  • Name (if provided)
  • Email address (if required)
  • IP address
  • Comment content
  • Timestamp

Purpose:

  • Display comments
  • Prevent spam and abuse
  • Maintain platform integrity

Legal basis:

  • User-initiated interaction
  • Legitimate interest in moderation and security

Comments remain publicly visible unless deletion is requested.

Newsletter

The Website offers a newsletter subscription service.

When subscribing, we collect:

  • Email address
  • IP address
  • Timestamp of subscription

Purpose:

  • Sending periodic newsletters with travel content
  • Managing subscriptions
  • Preventing abuse

Subscriptions use a double opt-in process. After submitting the form, a confirmation email is sent. The subscription is only activated after clicking the confirmation link.

Legal basis:

  • PIPEDA: Express consent
  • GDPR Art. 6(1)(a): Consent (double opt-in)

Subscriber data is retained until the user unsubscribes. You can unsubscribe at any time via the Newsletter page or the unsubscribe link included in each email.

Newsletter forms are protected by Cloudflare Turnstile (see the Spam Protection section below).

Contact Form

The Website provides a contact form for inquiries.

When submitting the contact form, we collect:

  • Name (if provided)
  • Email address
  • Message content
  • IP address
  • Timestamp

Purpose:

  • Responding to user inquiries
  • Handling press requests and collaboration proposals

Legal basis:

  • PIPEDA: User-initiated interaction
  • GDPR Art. 6(1)(f): Legitimate interest in responding to inquiries

Contact form submissions may be retained for as long as necessary to respond to the inquiry, fulfill legal obligations, or resolve disputes.

The contact form is protected by Cloudflare Turnstile (see the Spam Protection section below).

Spam Protection (Cloudflare Turnstile)

To protect the Website from spam and automated abuse, we use Cloudflare Turnstile, a security service provided by Cloudflare, Inc.

Turnstile is used to verify whether interactions are performed by a human user.

When Turnstile is loaded, Cloudflare may process:

  • IP address
  • Browser and device information
  • Interaction data
  • Security signals

Turnstile is designed as a privacy-preserving alternative to traditional CAPTCHA services and does not use tracking cookies for advertising purposes.

Legal basis:

  • PIPEDA: Legitimate business purposes
  • GDPR Art. 6(1)(f): Legitimate interest in preventing abuse and ensuring platform security

Data may be processed in the United States or other third countries.

Cloudflare Privacy Policy: https://www.cloudflare.com/privacypolicy/

Affiliate Programs

The Website participates in affiliate programs, including:

  • Amazon Partner Program
  • Booking.com
  • Agoda
  • Expedia
  • Trip.com
  • Check24.de

When you click an affiliate link, you are redirected to the respective external website.

Those third-party providers may:

  • Set cookies
  • Track referral information
  • Process IP address
  • Use tracking technologies

The Website operator does not control how those external websites process personal data. Affiliate tracking occurs only after a user actively clicks a link.

Please consult the privacy policies of those providers directly.

Legal basis:

  • PIPEDA: Legitimate commercial interest
  • GDPR Art. 6(1)(f)

No personal data is transmitted to affiliate networks without user interaction.

Amazon Partner Program Advertisements

The Website may display product links or advertising elements from the Amazon Partner Program. Amazon may process personal data once you interact with their links or services. For further details, please consult Amazon's official privacy policy.

Content Delivery Networks (CDN)

This Website uses jsDelivr, a public CDN, to deliver certain static resources (e.g., JavaScript libraries).

Service provider: Prospect One Sp. z o.o. (Poland). Infrastructure operated globally via CDN partners.

When accessing CDN-hosted resources, your IP address and technical request data may be processed to deliver content efficiently and securely.

Legal basis:

  • PIPEDA: Legitimate commercial interest
  • GDPR Art. 6(1)(f)

Website Analytics

This Website uses Simple Analytics, a privacy-friendly analytics service provided by Simple Analytics B.V., The Netherlands.

Simple Analytics collects aggregated, non-personal website usage data. It does not use cookies, does not collect personal data, does not track individual visitors, and does not perform fingerprinting or behavioral profiling.

Simple Analytics may process:

  • Page URLs visited
  • Referrer information
  • Browser and device type (aggregated)
  • Country of origin (derived, not stored as IP)

Simple Analytics does not:

  • Use cookies or tracking pixels
  • Collect IP addresses
  • Track individual visitors across pages or sessions
  • Perform behavioral profiling
  • Share data with third parties for advertising

Legal basis:

  • PIPEDA: Legitimate business purposes
  • GDPR Art. 6(1)(f): Legitimate interest in understanding website usage without processing personal data

No consent is required for Simple Analytics under GDPR, as it does not process personal data or use cookies.

Simple Analytics Privacy Policy: https://simpleanalytics.com/privacy

Data Retention

Personal data is retained only for as long as necessary to:

  • Operate the Website
  • Fulfill legal obligations
  • Maintain security
  • Respond to user interactions

Users may request deletion of personal data at any time.

Your Rights

Canadian Residents (PIPEDA)

You have the right to:

  • Access your personal information
  • Request correction
  • Withdraw consent where applicable

EU / EEA / UK Residents (GDPR)

You have the right to:

  • Access
  • Rectification
  • Erasure
  • Restriction
  • Objection
  • Data portability
  • Lodge a complaint with a supervisory authority

Where processing is based on consent, you have the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

California Residents (CCPA/CPRA)

You have the right to:

  • Know what personal information is collected
  • Request deletion
  • Request correction
  • Opt out of sale or sharing

This Website does not sell personal information.

Requests may be submitted via the Contact page.

Security

We use appropriate technical and organizational safeguards, including:

  • HTTPS encryption
  • Secure hosting infrastructure
  • Access controls

However, no system is completely secure.

Children's Privacy

The Website is not directed at children under the age required by applicable local law. We do not knowingly collect personal information from minors.