Privacy policy
and information on the collection of personal data and legal notice pursuant to Sec. 5 of the German Digital Services Act (DDG) and Sec. 18 of the German Interstate Media Treaty (MStV)
Scope: www.guestnex.com (marketing website)
Last updated: 28 May 2026
Introduction
We are pleased about your visit to our website. The protection of your personal data is important to us. Below we inform you about which data is processed when you use this online offering and what rights you have.
This privacy policy applies exclusively to the marketing website www.guestnex.com. It does not apply to the application at app.guestnex.com; a separate privacy policy applies to its use.
Controller
The controller within the meaning of the GDPR is:
DO.si
Inh. Oliver Nord
Südstraße 111a
33647 Bielefeld, Germany
Data protection officer
Karin Nord
Südstraße 111a
33647 Bielefeld, Germany
on@on-consultant.de
Provider identification pursuant to Sec. 5 DDG and Sec. 18 (2) MStV
The service provider within the meaning of Sec. 5 DDG is the controller
named above.
Responsible for content pursuant to Sec. 18 (2) MStV: Oliver Nord, address as
above.
General information
Personal data is all data that relates to you personally, e.g. name, e-mail address or your usage behaviour.
Accessing the website (server connection data)
This website is served statically; we do not operate our own log server. When you access the website, our hosting provider Cloudflare (see the "Hosting" section) processes technically necessary connection data, in particular:
- IP address
- date and time of the request
- content of the request
- access status / HTTP status code
- amount of data transferred
- referrer URL
- browser type and version (user agent)
- operating system
Processing serves the functionality, stability and security of the website.
Legal basis: Art. 6 (1) (f) GDPR (legitimate interest in secure,
stable provision)
Storage period: processed for a maximum of 24 hours within
the Cloudflare network
Hosting (Cloudflare Pages)
We use Cloudflare Pages to provide this website (Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, USA). The aforementioned connection data is processed in the course of this.
Legal basis: Art. 6 (1) (f) GDPR
Third country: USA – Cloudflare is certified under the EU-US
Data Privacy Framework (see the "Transfers to third countries" section).
Web fonts
We use the typefaces Fraunces, Manrope and
IBM Plex Mono self-hosted (via @fontsource).
No connection is made to Google Fonts or other third-party
providers; no personal data is transmitted to third parties for this purpose.
Analytics (Cloudflare Web Analytics)
We use Cloudflare Web Analytics for anonymised reach measurement. No cookies are set, no information is stored on or read from your device, no personal data is collected and no device fingerprints are created. Only aggregated metrics (page views, referrer, country at country level) are recorded.
As no access to your device takes place, no consent under Sec. 25 TDDDG is required for this.
Legal basis: Art. 6 (1) (f) GDPR (legitimate interest in statistical evaluation)
Demo requests (contact form)
When you submit the demo form, we process the data you provide together with technical accompanying data in order to handle your request and to prevent abuse:
- name
- e-mail address
- name of the campsite
- optional message
- time of consent or of receipt
- truncated user agent (browser/device identifier)
- a SHA-256 hash of your IP address generated with a secret key (salt) to limit the request frequency and to prevent abuse (the IP address itself is not stored in plain text)
- where applicable, campaign parameters from the URL (UTM: source, medium, campaign)
Transmission is encrypted and goes to a serverless function of our processor Supabase, which validates and stores the request and triggers a notification e-mail to us. For sending e-mail we use Resend; in doing so, name, e-mail address, campsite name and any message are transmitted to Resend.
Legal bases:
- Art. 6 (1) (a) GDPR (consent given via the consent checkbox)
- Art. 6 (1) (b) GDPR (pre-contractual measures at your request)
- Art. 6 (1) (f) GDPR (processing of the IP hash and user agent to prevent spam/abuse)
Storage period: until the request has been handled or until you revoke consent, but at most 6 months for contract initiation, unless statutory retention obligations apply
Recipients / processors
We use carefully selected service providers as processors (Art. 28 GDPR):
- Cloudflare, Inc. (USA) – hosting, delivery and reach measurement
- Supabase (EU) – processing and storage of demo requests
- Resend, Inc. (USA) – sending of notification e-mails
No further disclosure of your data to third parties takes place unless we are legally obliged to do so.
Cookies
This website sets no cookies and stores no information on your device that would require consent under Sec. 25 TDDDG. Neither analytics nor marketing/tracking cookies are used; a consent banner is therefore not required.
Transfers to third countries
When using Cloudflare and Resend, personal data may be processed in the USA. The transfer is safeguarded by:
- Cloudflare: certification under the EU-US Data Privacy Framework (adequacy decision of the EU Commission)
- Resend: certification under the EU-US Data Privacy Framework (certified since 13 March 2025, incl. UK Extension); for transfers from Switzerland, Standard Contractual Clauses (adapted to the revised Swiss FADP), as there is no Swiss-US DPF certification
No automated decision-making
No automated decision-making, including profiling, within the meaning of Art. 22 GDPR takes place.
Your rights
You have the following rights:
- access (Art. 15 GDPR)
- rectification (Art. 16 GDPR)
- erasure (Art. 17 GDPR)
- restriction (Art. 18 GDPR)
- data portability (Art. 20 GDPR)
- objection (Art. 21 GDPR)
- withdrawal of consent given (Art. 7 (3) GDPR)
- complaint to a supervisory authority (Art. 77 GDPR)
Objection and withdrawal
Insofar as we process data on the basis of legitimate interests (Art. 6 (1) (f) GDPR), you may object at any time on grounds relating to your particular situation (Art. 21 GDPR). You may withdraw consent given at any time with effect for the future; the lawfulness of processing carried out before withdrawal remains unaffected.
Status
This privacy policy is dated 28 May 2026 and will be amended if changes to data processing or to the legal situation require it.