Data Privacy

Get real-time financial insights, automate cash flow tracking, and secure funding


1. Privacy at a Glance

General Information

The following notes provide a simple overview of what happens to your personal data when you visit this website. Personal data is any data with which you could be personally identified. Detailed information on the subject of data protection can be found in our privacy policy listed below this text.


Data Collection on this Website

Who is responsible for the data collection on this website?

The data processing on this website is carried out by the website operator. The operator's contact details can be found in the website's Imprint (Legal Notice).

How do we collect your data?

Some data is collected when you provide it to us. This could, for example, be data you enter into a contact form.

Other data is collected automatically by our IT systems when you visit the website. This data is primarily technical data such as the browser and operating system you are using or the time you accessed the page. This data is collected automatically as soon as you enter our website.

What do we use your data for?

Part of the data is collected to ensure the proper functioning of the website. Other data can be used to analyze how visitors use the site.

What rights do you have regarding your data?

You have the right at any time to request information about your stored data, its origin, its recipients, and the purpose of its collection at no charge. You also have the right to request that it be corrected, blocked, or deleted. If you have given your consent to data processing, you may revoke this consent at any time for the future. You also have the right to request the restriction of the processing of your personal data under certain circumstances. You also have the right to lodge a complaint with the competent supervisory authority.

You can contact us at any time using the address given in the Imprint if you have further questions about privacy and data protection.


2. General Information and Mandatory Disclosures

Data Protection

The operators of this website take the protection of your personal data very seriously. We treat your personal data as confidential and in accordance with the statutory data protection regulations and this privacy policy.

If you use this website, various pieces of personal data will be collected. This privacy policy explains what information we collect and what we use it for. It also explains how and for what purpose this happens.

Please note that data transmitted via the internet (e.g., via email communication) may be subject to security breaches. Complete protection of your data from third-party access is not possible.

Note on the party responsible for this website (the "controller")

The party responsible for processing data on this website is:

Codyco GmbH
Ortlerstraße 1C
81373 Munich
Germany

Email: info@codyco.ai

The controller is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data (names, email addresses, etc.).

Storage Duration

Unless a more specific storage period has been specified in this privacy policy, your personal data will remain with us until the purpose for which it was collected no longer applies. If you assert a legitimate request for deletion or revoke your consent to data processing, your data will be deleted, unless we have other legally permissible reasons for storing your personal data (e.g., tax or commercial law retention periods); in the latter case, the deletion will take place after these reasons cease to apply.

Revocation of Your Consent to the Processing of Your Data

Many data processing operations are only possible with your express consent. You may revoke your consent at any time. The legality of the data processing carried out before the revocation remains unaffected by the revocation.

Right to Object to Data Collection in Special Cases and to Direct Marketing (Art. 21 GDPR)

IF THE DATA PROCESSING IS BASED ON ART. 6(1)(E) OR (F) GDPR, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA AT ANY TIME FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. THE RESPECTIVE LEGAL BASIS ON WHICH PROCESSING IS BASED CAN BE FOUND IN THIS PRIVACY POLICY. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR AFFECTED PERSONAL DATA UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS, AND FREEDOMS, OR THE PROCESSING IS FOR THE PURPOSE OF ASSERTING, EXERCISING, OR DEFENDING LEGAL CLAIMS (OBJECTION UNDER ART. 21(1) GDPR).

IF YOUR PERSONAL DATA IS PROCESSED FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR THE PURPOSE OF SUCH MARKETING; THIS ALSO APPLIES TO PROFILING TO THE EXTENT THAT IT IS RELATED TO SUCH DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL THEN NO LONGER BE USED FOR THE PURPOSE OF DIRECT MARKETING (OBJECTION UNDER ART. 21(2) GDPR).

Right to Lodge a Complaint with a Supervisory Authority

In the event of breaches of the GDPR, data subjects have a right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, their place of work, or the place of the alleged infringement.

Right to Data Portability

You have the right to have data which we process based on your consent or in fulfillment of a contract automatically delivered to yourself or to a third party in a standard, machine-readable format. If you require the direct transfer of data to another responsible party, this will only be done to the extent technically feasible.

SSL/TLS Encryption

This site uses SSL or TLS encryption for security reasons and for the protection of the transmission of confidential content, such as the inquiries you send to us as the site operator. You can recognize an encrypted connection in your browser's address line when it changes from "http://" to "https://" and the lock icon is displayed in your browser's address bar.

3. Data Collection on this Website

Server Log Files

The provider of the website automatically collects and stores information that your browser automatically transmits to us in "server log files". These are:

  • Browser type and browser version

  • Operating system used

  • Referrer URL

  • Host name of the accessing computer

  • Time of the server request

  • IP address

This data will not be combined with data from other sources.

The collection of this data is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimization of their website – for this purpose, the server log files must be recorded.

Contact Form

Should you send us questions via the contact form, we will collect the data entered on the form, including the contact details you provide, to answer your question and any follow-up questions. We do not share this information without your permission.

The processing of this data is based on Art. 6(1)(b) GDPR if your inquiry is related to the fulfillment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the inquiries sent to us (Art. 6(1)(f) GDPR) or on your consent (Art. 6(1)(a) GDPR) if it was requested.

Inquiry by E-mail or Telephone

If you contact us by e-mail or telephone, your inquiry, including all resulting personal data (name, inquiry), will be stored and processed by us for the purpose of processing your request. We do not pass these data on without your consent. The legal basis is either Art. 6(1)(b) GDPR or our legitimate interest (Art. 6(1)(f) GDPR).

4. Additional Information

Rb2b

When you visit or log in to our website from the US, cookies and similar technologies may be used by our online data partners or vendors to associate these activities with other personal information they or others have about you, including by association with your email. We (or service providers on our behalf) may then send communications and marketing to these email. You may opt out of receiving this advertising by visiting https://app.retention.com/optout.

When you visit or log in to our website, cookies and similar technologies may be used by our online data partners or vendors to associate these activities with other personal information they or others have about you, including by association with your email. We (or service providers on our behalf) may then send communications and marketing to these email. You may opt out of receiving this advertising by visiting https://app.retention.com/optout. You also have the option to opt out of the collection of your personal data in compliance with GDPR. To exercise this option, please visit https://www.rb2b.com/rb2b-gdpr-opt-out.


Codyco AI

You have the option to submit requests by phone via our AI assistant "Mia." The protection of your personal data is a central concern for us. Below, we inform you in accordance with Articles 13 and 14 of the General Data Protection Regulation (GDPR) about how we process your data when using "Mia."

1. Controller and Processor

The controller responsible for processing your data within the meaning of the GDPR is the hotel:

[Hotel Name] [Hotel Address] [Hotel Email Address for Data Protection Inquiries]

For the technical operation of "Mia," we engage a specialized service provider as a processor, who processes your data strictly according to our instructions:

CODYCO GmbH Ortlerstraße 1C, 81373 Munich Contact for Data Protection: datenschutz@codyco.ai

2. Purpose and Legal Basis for Data Processing

When you call our AI assistant "Mia," your data is processed for the following clearly defined purposes:

a) To Process Your Request

The primary purpose is to understand and handle your specific request. Depending on the nature of your request, we rely on different legal bases:

  • If you are a guest at our hotel: The processing of your requests (e.g., room service, issue reporting) is carried out to fulfill the accommodation contract with you (Legal basis: Art. 6(1)(b) GDPR).

  • If you wish to make a booking: The processing of your request to reserve a room or other service is carried out to perform pre-contractual measures (Legal basis: Art. 6(1)(b) GDPR).

  • For general inquiries: If you have a general question (e.g., about opening hours or directions), we process your data based on our legitimate interest (Legal basis: Art. 6(1)(f) GDPR).

b) Recognition for Improved Service (Legitimate Interest)

To provide you with faster and more personalized service during future calls, our system creates an internal profile linked to your phone number. This allows "Mia" to take the context of previous conversations into account, so you do not have to repeat information with every call.

The legal basis for this is our legitimate interest in efficient and customer-friendly service design (Art. 6(1)(f) GDPR). You can object to this form of profiling at any time (see Section 6).

3. Types of Data Processed

To process your requests, we process the following categories of data:

  • Contact and Identity Data: Your name (if provided) and your phone number (caller ID).

  • Request and Booking Data: Information necessary to fulfill your request, such as your room number or details of an order/booking.

  • Conversation Data: Transcripts (text version) and machine-generated summaries of the conversation content.

  • Linking Information: An internal identifier (user profile) that connects your caller ID with your past requests (transcripts) to maintain the conversation context.

  • Technical Metadata: Date, time, and duration of the call.

Important Note: No audio recordings of your conversation are stored.

4. Storage Duration

We store your data only for as long as necessary to fulfill the purposes mentioned:

  • Conversation transcripts and summaries are retained for a period of 24 months to track the proper handling of your requests and address any follow-up questions.

  • Internal User Profile: The profile linked to your phone number remains active as long as conversation data (transcripts) is associated with it. You have the right to request the deletion of your entire caller profile at any time in accordance with Art. 17 GDPR.

  • Data subject to statutory retention obligations (e.g., from invoices) is stored in accordance with the respective legal retention periods.

After these periods expire, the data is securely deleted or fully anonymized.

5. Recipients of the Data and Third Parties

Within the hotel, only authorized employees have access to the information relevant to them.

Additionally, our service provider CODYCO engages further technical sub-processors to provide the service. A current list of these providers can be provided upon request. All service providers are based within the EU/EEA or are bound by appropriate safeguards to comply with European data protection standards.

6. Your Rights as a Data Subject

You have the right at any time to:

  • Access (Art. 15 GDPR).

  • Rectification (Art. 16 GDPR).

  • Erasure ("Right to be Forgotten") (Art. 17 GDPR).

  • Restriction of processing (Art. 18 GDPR).

  • Object to processing based on legitimate interests (Art. 21 GDPR).

  • Data portability (Art. 20 GDPR).

To exercise your rights, please contact us (the hotel) directly using the contact details provided in Section 1 above.


*Last Updated: 05.09.2025*