Privacy Policy

As of: February 26, 2026

Table of Contents

Responsible Party

Stephan Weh Köberlinstr. 3 87730 Bad Grönenbach Germany

Email: info@weh-destination-advisory.com

Overview of Processing Activities

The following overview summarizes the types of data processed and the purposes of their processing, and refers to the individuals affected.

Applicable Legal Bases

Legal bases under the GDPR: Below you will find an overview of the legal bases of the GDPR on which we process personal data. Please note that in addition to the provisions of the GDPR, national data protection regulations may apply in your or our country of residence or establishment. Where more specific legal bases are relevant in individual cases, we will inform you of these in the privacy policy.

National data protection regulations in Germany: In addition to the data protection regulations of the GDPR, national data protection laws apply in Germany. These include in particular the Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG), which contains special provisions on the right to information, the right to erasure, the right to object, the processing of special categories of personal data, processing for other purposes, transmission, and automated decision-making in individual cases including profiling. Furthermore, the data protection laws of the individual German federal states may also apply.

Security Measures

In accordance with legal requirements and taking into account the state of the art, implementation costs, and the nature, scope, circumstances, and purposes of processing, as well as the varying likelihood and severity of risks to the rights and freedoms of natural persons, we implement appropriate technical and organizational measures to ensure a level of protection appropriate to the risk.

These measures include in particular securing the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data, as well as access, input, disclosure, ensuring availability, and separation of data. We have also established procedures to ensure the exercise of data subjects‘ rights, the deletion of data, and responses to data security threats. Furthermore, we take the protection of personal data into account from the outset when developing or selecting hardware, software, and processes, in accordance with the principle of privacy by design and privacy by default.

Securing online connections through TLS/SSL encryption technology (HTTPS): To protect the data of users transmitted via our online services from unauthorized access, we use TLS/SSL encryption technology. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are the cornerstones of secure data transmission on the internet. These technologies encrypt the information transmitted between the website or app and the user’s browser (or between two servers), thereby protecting the data from unauthorized access. TLS, as the more advanced and secure version of SSL, ensures that all data transmissions meet the highest security standards. When a website is secured by an SSL/TLS certificate, this is indicated by the display of HTTPS in the URL, serving as an indicator to users that their data is being transmitted securely and in encrypted form.