Privacy Policy

1. Who we are

Shanti Nivas – Nature Park/Vacation Home/Regeneration in Pongol, Libona, Bukidnon, Philippines

Owner: Aileen & Matthias Krueck, H.-Kaeppler-Platz 9, 07629 Hermsdorf, Germany

Controller responsible for data processing: Matthias Krueck

Mail to: contact@shanti-nivas.com

Phone: +49 177 243 9484

2. General information

We take the protection of your personal data very seriously.
This Privacy Policy explains how we collect, process, and protect personal data in accordance with the EU General Data Protection Regulation (GDPR) and applicable data protection laws.

3. Access Data and Server Log Files

When visiting our website, the hosting provider automatically collects and stores information in so-called server log files. These include:

  • IP address (anonymized where possible)
  • Date and time of access
  • Pages visited
  • Browser type and operating system

This data is processed exclusively to ensure the technical security, stability, and proper functioning of the website.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest)

4. Cookies

Our website uses only technically necessary cookies.
These cookies are required for the basic operation and security of the website.

➡️ No tracking, analytics, or profiling cookies are used.

Legal basis: Art. 6(1)(f) GDPR

5. Contact Form and Email Communication

If you contact us via the contact form or email, the information you provide (such as name, email address, and message content) will be stored and processed solely to handle your inquiry.

Your data will:

  • not be shared with third parties
  • be used only for the stated purpose
  • be deleted after your request has been fully processed, unless legal obligations require longer storage

Legal basis:
Art. 6(1)(a) GDPR (consent)
Art. 6(1)(b) GDPR (pre-contractual measures)

6. Booking and Reservation Requests

When you submit a booking or reservation request, we process personal data such as:

  • Name
  • Contact details
  • Travel and stay dates
  • Additional information provided voluntarily

This data is used exclusively for the organization and management of your stay in our nature park.

Legal basis: Art. 6(1)(b) GDPR

6.1 Bookings via Airbnb

If you make a reservation through Airbnb, personal data is processed by Airbnb in accordance with Airbnb’s Privacy Policy.

We receive from Airbnb only the information necessary to manage your booking, such as:

  • Name
  • Contact details
  • Booking dates
  • Number of guests
  • Messages exchanged via the Airbnb platform

This data is used exclusively for:

  • Processing and managing your reservation
  • Communication before and during your stay
  • Compliance with legal obligations

Further processing of your data is carried out in accordance with this Privacy Policy.

Legal basis:
Art. 6(1)(b) GDPR (performance of a contract)

6.2 Bookings via Booking.com

If you book via Booking.com, your personal data is processed by Booking.com under its own responsibility as a data controller.

We receive booking-related data from Booking.com, including:

  • Name
  • Contact details
  • Booking and stay information
  • Payment status (no full payment details)

The data is used solely for:

  • Managing your reservation
  • Guest communication
  • Legal and administrative purposes

Legal basis:
Art. 6(1)(b) GDPR (performance of a contract)

6.3 Direct Bookings (Website, Email, WhatsApp, Telephone)

If you book directly with us, we process personal data that you voluntarily provide, such as:

  • Name
  • Email address and/or phone number
  • Stay dates
  • Number of guests
  • Additional information related to your stay

This data is used exclusively for:

  • Processing your booking request
  • Organizing and managing your stay
  • Communication before, during, and after your stay (if necessary)

Legal basis:
Art. 6(1)(b) GDPR (contract or pre-contractual measures)
Art. 6(1)(a) GDPR (consent, where applicable)

6.4 Payments

Payments are handled either:

  • via the respective booking platform (Airbnb / Booking.com), or
  • directly by bank transfer or cash (for direct bookings)

We do not store full payment or credit card details on our own systems.

6.5 Guest Registration & Legal Obligations

In accordance with applicable laws and local regulations, we may be required to collect and store certain guest information for:

  • Guest registration
  • Security and safety purposes
  • Compliance with legal obligations

Legal basis:
Art. 6(1)(c) GDPR (legal obligation)

7. WhatsApp and Telephone Contact

If you contact us via WhatsApp or telephone, personal data will be processed in accordance with the privacy policies of the respective service providers.

Please note that WhatsApp (Meta Platforms) may process data outside the European Union.

Legal basis: Art. 6(1)(a) GDPR

8. Social Media Links

Our website contains links to social media platforms such as Facebook or Instagram.

When clicking on these links, you leave our website, and the privacy policies of the respective platforms apply.

➡️ No social media plugins or embedded tracking tools are used on this website.

9. Website Hosting

This website is hosted by:

STRATO GmbH

Otto-Ostrowski-Straße 7, 10249 Berlin

The hosting provider processes personal data only within the scope of data processing on our behalf and in compliance with the GDPR.

10. Data Transfer to Third Countries

As our business is located in the Philippines, personal data may be processed outside the European Union.

We ensure that appropriate safeguards are in place to guarantee a level of data protection consistent with the requirements of the GDPR.

11. Data Retention

Personal data is stored only for as long as necessary to fulfill the purposes for which it was collected or as required by legal retention obligations.

12. Your Rights

Under the GDPR, you have the right to:

Lodge a complaint with a data protection supervisory authority

Access your personal data (Art. 15 GDPR)

Rectify inaccurate or incomplete data (Art. 16 GDPR)

Request erasure of your data (Art. 17 GDPR)

Restrict processing (Art. 18 GDPR)

Data portability (Art. 20 GDPR)

Withdraw consent at any time (Art. 7 GDPR)

13. Data Security

We implement appropriate technical and organizational measures to protect personal data against unauthorized access, loss, misuse, or alteration.

14. Updates to This Privacy Policy

We reserve the right to update this Privacy Policy when necessary to reflect legal, technical, or operational changes.
The current version published on this website shall apply.