Privacy policy

General information

1.1 Controller

straiv GmbH
Industriestraße 23
70565 Stuttgart
Deutschland

info@straiv.io
+49 711 25 24 73 00

You can reach our data protection officer via the following contact details: dpo@straiv.io

1.2 Disclosure of personal data

Unless expressly stated below or in this privacy policy in the description of the individual processing operations, your personal data will not be passed on to third parties or other recipients.

We use the services of external service providers for the provision (hosting), content and technical operation of our website, and for the organization of our company. The personal data collected on this website is stored on the hoster’s servers and can be viewed by our technical service provider. It may include IP addresses, contact requests, meta and communication data, contract data, contact details, names, website accesses, and other data generated via a website. The use of external service providers is in the interests of the secure, fast and efficient provision of our website by a professional provider. The external service providers will only process your data to the extent that this is necessary to fulfill their service obligations and to follow our instructions with regard to the data processed for those purposes. We have concluded a contract processing agreement with each of the service providers we use in accordance with Art. 28 GDPR.

We reserve the right to disclose information about you in the event of a legal obligation, if we are required to do so by lawfully acting authorities or law enforcement agencies. The legal basis is Art. 6(1) point c) GDPR (legal obligation).

1.3 Storage period

The personal data processed by us will be deleted in accordance with the legal requirements as soon as the consents permitting the processing are revoked or other permissions cease to apply (e.g. if the purpose of processing that personal data no longer applies or the data is not required for that purpose).

If the personal data is not deleted because it is required for other and legally permissible purposes, its processing will be limited to those purposes. This means that the personal data will be blocked for the purposes that no longer apply and will no longer be processed for those purposes. This applies, for example, to personal data that must be stored for reasons under commercial or tax law, or whose storage is necessary for the assertion, exercise or defense of legal claims or to protect the rights of another natural or legal person.

In our privacy policy we also inform you about the deletion and storage of personal data that apply specifically to the respective processing operations.

1.4 Rights of data subjects

As a data subject, you have the following rights with regard to the personal data concerning you in accordance with the statutory provisions:

• Right to information
• Right to rectification or erasure
• Right to restriction of processing
• Right to data portability

You also have the right to complain to a data protection supervisory authority about the processing of your personal data by us.

If you have given your consent to the processing of your personal data, you can revoke it at any time. The withdrawal of consent shall not affect the lawfulness of the processing carried out on the basis on the consent until its withdrawal.

**Objection

Insofar as we base the processing of your personal data on a balancing of interests, you may object to the processing. Our legitimate interests are presented in each case in the data processing description. If you submit such an objection, we ask you to explain the reasons why your personal data should not be processed as indicated. If you submit a legitimate objection, we will examine the situation and either discontinue or adapt the data processing or point out to you our compelling legitimate grounds for continuing the processing. You can object to the processing of your personal data for the purposes of direct advertising and associated profiling at any time without giving reasons. Your personal data will then no longer be processed for those purposes. You can inform us of your objection using the contact details above..**

1.5 Existence of automated decision-making

Automated decision-making, including profiling, does not take place.

Collection and processing of personal data when you visit the website

2.1 Automated data collection and processing by the browser

Processing/purpose

In principle, our website can be visited without registration. If you use the website for information purposes only, i.e. if you do not register or otherwise provide us with information, we collect the personal data that your browser transmits to our server which is technically necessary for us to display our website and ensure stability and security. That data is temporarily stored in so-called server log files. The following information, which is technically necessary for us, is collected and stored until automatic deletion:

• Name of the website or file accessed
• Date and time of retrieval
• Description of the type of web browser used
• IP address

An evaluation of the server log files in relation to specific persons does not take place. We cannot ascribe that data to a specific person at any time. That data is not combined with other data sources.

Legal basis
Art. 6(1) point f) GDPR (legitimate interest)

Our legitimate interest lies in ensuring the provision of the website, combating misuse and troubleshooting.

Unser berechtigtes Interesse besteht darin, die Auslieferung der Website zu gewährleisten sowie zur Missbrauchsbekämpfung und Störungsbeseitigung.

Recipients
We pass on the data collected to external service providers, in particular contract processors (e.g. hosting, content management system) for processing in accordance with the required purposes (to display the website and to create the content).

Storage period
The log files are deleted as soon as they are no longer required for the stated purposes, at the latest after 10 days.

2.2 Contact forms

Processing/purpose
When you communicate and/or cooperate with us, e.g. by e-mail or via a contact form on our website, the data you provide (your e-mail address, your name and telephone number, if applicable, or the personal data provided in the communication) will be stored by us, for example in order to answer your questions or to carry out the communication required for our business purposes.

Legal basis
Art. 6(1) point b) GDPR (with regard to processing in connection with a contract)
Art. 6(1) f) GDPR (with regard to processing in accordance with the legitimate interest stated below)
When processing the data that arises in the course of communication, we have a legitimate interest in processing the data in accordance with the legal requirements, for internal review or according to the respective communication request.

Necessity of the provision of personal data
If you wish to contact us via the contact form, we need all the information requested in the mandatory fields in order to be able to respond to your request. The information in the contact form is neither necessary to enter into a contract with us nor legally required. If you do not fill in the mandatory fields, you will not be able to send the contact form to us. However, you may contact us by e-mail (info@straiv.io) if you do not wish to provide the information requested.

2.3 Use of Cookies

2.3.1 Technically Necessary Functions and Storage

Processing/Purpose

We use functions on our website that are required for the technically error-free operation and security of the site. Instead of conventional cookies, we use, among other things, the so-called LocalStorage (also known as "local data") of your browser. In this process, information is stored locally on your terminal device. This storage serves the following purposes:

• Consent Management: To store the selection you made in the cookie banner (consent or rejection) and to take it into account when you return to the site or change pages. This way, you do not have to make your selection again with every click.
• Session Management: The CMS Kirby uses technically necessary identifiers to correctly assign requests during your visit (e.g., to prevent Cross-Site Request Forgery attacks).

Since this information is stored in LocalStorage, it does not reach the outside world and is not transferred to our server or third parties.

Legal Basis

Art. 6 Para. 1 lit. f GDPR (Legitimate Interest): Our legitimate interest consists in providing a technically flawless, secure, and user-friendly website.

Art. 6 Para. 1 lit. c GDPR (Legal Obligation): We are legally obliged to provide proof of your consent for services requiring consent (such as Google Analytics or Vimeo). The storage of your choice in LocalStorage serves as this proof.

Storage Duration The information in LocalStorage remains permanently on your terminal device until you clear your browser cache or we technically limit the storage duration (usually, automatic cleanup occurs after 1 year). You can delete this data yourself at any time via your browser settings.

2.3.2 Cookies Requiring Consent

Processing/Purpose In addition, we use cookies on our website that enable an analysis of the user's surfing behavior. When accessing our website, the user is informed about the use of cookies for analysis purposes and their consent to the processing of the personal data used in this context is obtained. In this context, reference is also made to this privacy policy. The use of analysis cookies is for the purpose of improving the quality of our website and its content. Through the analysis cookies, we learn how the website is used and can thus constantly optimize our offer.   Legal Basis Art. 6 Para. 1 lit. a GDPR (Consent) You can revoke this consent to the cookies at any time with effect for the future in the cookie settings.

Recipients We pass on the collected data to external service providers, in particular processors (e.g., hosting, content management system) for processing according to the required purposes (to display the website and create the content). If you give your consent for the use of cookies requiring consent, these are predominantly third-party tools. Please refer to the consent banner for the respective recipients. You can find this at any time in the bottom left corner of this website.

Storage Duration Please refer to the consent banner for the storage duration of cookies requiring consent. You can find this at any time in the bottom left corner of this website.

2.4 Google Analytics  

Processing/Purpose
We use Google Analytics, a web analysis service, on our website. Google Analytics uses technologies on our behalf that enable the recognition of the user for the purpose of analyzing your pseudonymous use of the website (e.g., cookies or device fingerprinting). We receive various usage data about your website visit, such as page views, duration of stay, and interaction with the website. In addition, your approximate location (region), your IP address (shortened), technical information of your browser, and the referrer URL are recorded.

In addition, we integrate data from our HubSpot forms and marketing campaigns into Google Analytics. This allows us to analyze through which marketing channels or newsletter content users arrived at our website and how they interact with our forms. This link serves the statistical evaluation and optimization of our marketing measures.

Google will use this information on our behalf to evaluate your use of our website, to compile reports on activities within the website, and to provide us with further services associated with the use of the website. In this process, pseudonymous usage profiles of the users can be created from the processed data. We use Google Signals. This records additional information in Google Analytics regarding users who have activated personalized ads (interests and demographic data), and ads can be delivered to these users in cross-device remarketing campaigns.

With Google Analytics, the anonymization of IP addresses is activated by default. This means that the IP address is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. The IP address transmitted by the user's browser is not merged with other Google data. We use Google Analytics to analyze the use of our website, to compile reports on the website activities of our users, and to receive further statistical evaluations related to website use. Through the statistics obtained, we can improve our offer and make it more interesting for you as a user of our website. Furthermore, we receive information about the functionality of our website (for example, to detect navigation problems).

Legal Basis(es)  Art. 6 Para. 1 lit. a GDPR (Consent). You can revoke this consent to the cookies at any time with effect for the future in the cookie settings. Furthermore, you can prevent the collection of the data generated by the cookie and related to your use of the website (incl. your IP address) to Google as well as the processing of this data by Google by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=en.

Recipients Recipients of the data are/can be:

• Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (as a processor according to Art. 28 GDPR)
• Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA
• Alphabet Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA
• HubSpot, Inc. (as the source of the linked marketing data)

It cannot be ruled out that US authorities may access the data stored at Google. The transfer is secured by the EU-U.S. Data Privacy Framework.

Storage Duration

The deletion of analytics data is set to 2 months for event data and 14 months for user data. Set cookies remain stored for up to 2 years.

2.5 Newsletter

Processing/Purpose

By registering for the newsletter via our website forms, we receive the email address you entered as well as any other contact data provided voluntarily. The data provided in the registration form will be used by us exclusively for sending and analyzing our newsletter. The newsletter contains information about our product range, promotions, competitions, and our company. We use the double opt-in procedure: after registering, you will receive a confirmation email with an activation link. We store the IP addresses used as well as the content and times of registration and confirmation in order to be able to prove legally compliant registration and, if necessary, to clarify misuse.

To measure success, we evaluate opening and click rates. These analyses help us to constantly improve the content of our newsletter. The evaluation of user interaction takes place in connection with Google Analytics, provided you have given your consent for this via our cookie banner. In this process, data on user behavior on our website is linked to the newsletter dispatch to enable an optimized user experience.

Legal Basis

• Art. 6 Para. 1 lit. a GDPR (Consent): Granted by separately accepting the data processing in the form and, if applicable, via the cookie banner for tracking.
• Art. 6 Para. 1 lit. c GDPR (Legal Obligation): To fulfill our obligation to provide proof for the double opt-in procedure.

Recipients
We use the HubSpot service to send the newsletters and provide the forms. The provider is HubSpot, Inc., 25 First Street, 2nd Floor, Cambridge, MA 02141, USA. We have concluded a contract for order processing with HubSpot in accordance with Art. 28 GDPR. For the analysis of user behavior, data is transferred to Google Analytics (Google Ireland Limited) if you have consented to this. Since HubSpot and Google are US providers, the data transfer is secured by the EU-U.S. Data Privacy Framework or standard contractual clauses.

Necessity of Provision
The provision of your data is voluntary. However, without the fields marked as mandatory, we cannot provide you with the newsletter.

2.6 Third-Party Content

2.6.1 Vimeo Videos

Processing/Purpose For the provision of videos, we use the video platform "Vimeo" from Vimeo.com, Inc., 555 West 18th Street, New York, New York 10011, USA (hereinafter "Vimeo"). Due to the integration of Vimeo, according to information from Vimeo, your IP address is transmitted to Vimeo and cookies may be set by Vimeo. We integrate Vimeo videos in such a way that only technically necessary cookies are set as long as you do not perform any further interaction with the player. If you are logged into your Vimeo account at the same time, this enables Vimeo to assign your surfing behavior directly to your personal profile. If you do not wish this, please log out of your Vimeo account before using our website. Details on the processing of personal data by Vimeo can be found in Vimeo's privacy policy: https://vimeo.com/privacy.

Legal Basis(es)
The integration of Vimeo is in the interest of an appealing presentation of our online offers. The legal basis for the processing of your data by Vimeo is your consent pursuant to Art. 6 Para. 1 lit. a GDPR. You can revoke this consent at any time. Please note that the revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation. You can revoke this consent at any time with effect for the future in the cookie settings.

Recipients
Vimeo.com, Inc., 555 West 18th Street, New York, New York 10011, USA. Note: Since Vimeo is a US provider, the data transfer takes place to a third country. Protection is usually provided via the EU-U.S. Data Privacy Framework or standard contractual clauses.

2.7 Applications/career portal

Processing/purpose
If you apply to us via our career portal or by e-mail, we will process all personal data that you submit for that purpose for the application process.

Legal basis
Art. 6(1) point b) GDPR (implementation of pre-contractual measures at the request of the data subject)

Recipients
For applicant management, we use the solution recruitee from the provider Recruitee B.V., Keizersgracht 313, 1016 EE Amsterdam, Netherlands. We have concluded a contract processing agreement with that provider in accordance with Art. 28 GDPR.

Storage period
If you are hired after completing an application process, we will inform you separately about the processing of the personal data collected in the course of the application. If you are not hired, the personal data collected in the course of the application process will be deleted after six months.

Necessity of the provision of personal data
It is necessary to provide the personal data marked as mandatory fields in the career portal in order to participate in the online application process. If that data is not provided, the application form cannot be sent and an application cannot be effected.

Processing in the context of a customer relationship and when using the Straiv backend

3.1 Customer relationship—use of the Straiv backend

Processing/purpose
When you enter into a contractual relationship with us as a customer, we collect the following personal data from you and use it to create a profile in our Straiv backend:

• Master and communication data of the customer’s contact person(s) (e.g. first/last name, e-mail address, telephone number)
• Usage data (e.g. duration of use, feature used)
• Image data (e.g. profile picture) The company’s master data, such as business name, contact details, number of rooms, contract, invoice and payment data, are also processed.   We process the data in order to provide the Straiv backend and to render our contractual performances.   Legal basis Art. 6(1) point b) GDPR (with regard to processing in connection with a contract)   Necessity of the provision The provision of personal data is necessary for the provision of the controller’s contractual service. Without the provision of the data, the controller is generally unable to provide its contractual service.

3.2 Customer login

Processing/purpose
If you are already a customer, you can log in to our website with your e-mail address and a password. We store the date and time of your accessing of the customer account. Once you have successfully logged in, your personal customer area will be available in the Straiv backend. The login is for your protection, to ensure that unauthorized third parties do not gain access to the data stored in your customer account.

Legal basis
Art. 6(1) point b) GDPR (fulfillment of a contract)

Storage period
We store the date and time of your last access to the customer account for as long as you remain with us as our customer.

Necessity of the provision of personal data
The e-mail address and password are required to access the personal area in the Straiv backend. We cannot provide our contractual service without that information.

3.3 Cookies in the Straiv backend

Our website uses its own cookies to increase user-friendliness (cookies are data records which are sent from the web server to the user’s browser and stored there for later retrieval). You can generally prevent the use of cookies by prohibiting the storage of cookies in your browser.

Processing/purpose
When you log in to the Straiv backend, the following cookies are also installed to verify your session:

• session_id, storage of active session,
• navigation, storage of navigation view
• user_Straiv_2fa, Google 2FA,
• code2ordernotify ( = Hotel ID), memory task counter,
• Mod, storage module

These cookies store a unique session ID with which the server requests can be correctly assigned during your visit to the website.

Legal basis
Art. 6(1) point f) GDPR (legitimate interest)
Art. 6(1) point c) GDPR (legal obligation) for proof of the selection in the consent banner.

Our legitimate interest in the use of technically necessary cookies is to ensure the security of the website. Some functions of our website cannot be provided without the use of cookies. They require that the browser be recognized even after a page change.

Storage period
Technically necessary cookies are usually stored for one year.

Presences in social networks and events

4.1 Linkedin

Processing/purpose
We maintain a publicly accessible profile (so-called “fan page”) in the social network “Linkedin”. The provider of Linkedin is LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland (hereinafter “Linkedin“)   When you visit our fan pages, Linkedin generally analyzes your user behavior. Linkedin also collects your device information. Linkedin provides us with so-called “page insights” through which we receive an evaluation of the analysis of interactions with our fan page. You can find further information in Linkedin’s privacy policy: https://www.linkedin.com/legal/privacy-policy?trk=content_footer-privacy-policy/.   We are jointly responsible with Linkedin the for data processing. For this purpose, we have concluded a joint data processing agreement with Linkedin. It specifies who is responsible for which data processing operations when you visit our fan page. You can view that agreement between us and Facebook here: https://legal.linkedin.com/pages-joint-controller-addendum.   We provide the fan page in order to provide you with an appealing, contemporary online presence.

Legal basis
Art. 6(1) point f) (legitimate interest)

Our legitimate interest is to provide our customers and interested parties with up-to-date information and to interact with our customers and interested parties in a contemporary manner.   Please note that Linkedin may base its data processing operations on a different legal basis. You can find further information in the privacy policy and the agreement on joint processing.

Assertion of your rights
We delete the data arising in this context after storage is no longer required, unless statutory retention obligations exist or limitation periods must be observed.

Assertion of your rights
As we are jointly responsible for the data processing with Linkedin, you can assert your rights with respect to both us and Linkedin. Please note, however, that depending on the processing procedure we do not exercise full control over the data processing, as it is mainly carried out by Linkedin.

4.2 Instagram/Facebook

Processing/purpose
We maintain a publicly accessible profile (so-called “fan page”) in the social network “Instagram” and in the social network “Facebook”. The provider of Instagram and Facebook is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland (hereinafter “Meta”). When you visit our fan pages, Meta generally analyzes your user behavior. Meta also records your device information. This happens regardless of whether you are logged in to Instagram or Facebook. Meta provides us with so-called “page insights”, through which we receive the evaluation of the analysis of interactions with our fan page. You can find further information in Meta’s privacy policy: https://www.facebook.com/about/privacy/.  We are jointly responsible for data processing with Meta. We have concluded a joint data processing agreement with Meta for that purpose. It specifies who is responsible for which data processing operations when you visit our fan pages. You can view the agreement between us and Facebook here: https://www.facebook.com/legal/terms/page_controller_addendum.

Legal basis
Art. 6(1) point f) (legitimate interest)

Our legitimate interest is to provide our customers and interested parties with up-to-date information and to interact with our customers and interested parties in a contemporary manner.

Storage period
We delete the data arising in this context after storage is no longer required, unless statutory retention obligations exist or limitation periods must be observed.

Assertion of your rights
As we are jointly responsible for the data processing with Meta, you can assert your rights with respect to both us and Meta. Please note, however, that depending on the processing procedure we do not exercise full control over the data processing, as it is mainly carried out by Meta.

4.3 YouTube

Processing/purpose
We maintain a publicly accessible channel on the social network YouTube. The provider of YouTube is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter “Google“).   When you visit our channel, Google generally analyzes your user behavior and collects your device information. This takes place regardless of whether you are logged in with your member account. Google provides us with so-called “YouTube Analytics”, through which we receive the evaluation of the analysis of interactions with our channel. The information provided to us does not enable us to draw any inferences about your identity.   We process your personal data when you interact with our posts or otherwise contact us via YouTube. The information we have access to depends on your account settings. You can find further information in Google’s privacy policy: https://policies.google.com/privacy?hl=de.    We assume that we are jointly responsible with YouTube for the processing. However, we have no knowledge of how Google processes personal data.

Legal basis
Art. 6(1) point f) (legitimate interest)

Our legitimate interest is to provide our customers and interested parties with up-to-date information and to interact with our customers and interested parties in a contemporary manner.   Please note that Google may base its data processing operations on a different legal basis.

Storage period
We delete the data arising in this context after storage is no longer required, unless statutory retention obligations exist or limitation periods must be observed.

Assertion of your rights
As we are jointly responsible for the processing with Google, you can assert your rights with respect to both us and Google. Please note, however, that depending on the processing procedure we do not exercise any control over the data processing by Google.   You can contact Google’s data protection officer at: https://support.google.com/policies/contact/general_privacy_form

4.4 Events

Processing/purpose
If you register for an event offered by Straiv, we process your name and contact details for the purpose of holding the event.

Legal basis
Art. 6(1) point b) GDPR (fulfillment of a contract)

Necessity of the provision of personal data
Necessity of providing personal data: It is necessary to provide the personal data marked as mandatory fields in the registration form in order to be able to register for an event via the registration form. If that data is not provided, the registration form cannot be sent and registration cannot take place. If you object to this, please contact info@straiv.io.

Current validity of this privacy policy and amendments

This privacy policy is currently valid and was last updated in November 2024. It may be necessary to adjust this privacy policy from time to time due to further development of the website or due to changed legal or official requirements. Our privacy policy can be viewed at any time at https://straiv.io/en/legal/privacy/ and can be saved and printed out.

Version 1.2

As at: 06.02.2026

Download: straiv-privacy-policy-06.02.2026-version-1.2.pdf