Dataprotection Policy - Hotellistat GmbH

As of September 2025

Hotellistat takes the protection of your data very seriously. We process all transmitted data in accordance with the legal provisions of the General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG), and other relevant data protection regulations.

1. Person responsible

Hotellistat GmbH
Eggentalerstr. 9
85778 Haimhausen, Germany
Tel: +49 89 54197299
E-Mail: info@hotellistat.de
Web: www.hotellistat.de

Managing Directors: Philip Kuchelmeister, Tobias Haase, Sina Niedermaier
Register Court: Munich District Court, HRB 229132
VAT ID No.: DE309921270

2. Data processed and their purpose

Hotellistat processes various types of data as part of its services, in particular:

Hotel statistics and reservation data provided via interfaces from third-party systems. These are used exclusively to optimize room rates (revenue management). Personal guest data is not stored. Transmitted personal information (e.g., from reservation systems) is immediately anonymized.
User data, such as name, business email address, hotel affiliation, and logins (e.g., login time, pages viewed). This data is used for authentication, secure operation, and to improve our platform.

This data processing is based on the fulfillment of the contract (Art. 6 (1) (b) GDPR) and on the customer's legitimate economic interests pursuant to Art. 6 (1) (f) GDPR. Hotellistat GmbH's customer has a legitimate interest in obtaining the best possible information about booking trends and reservation needs through market research, price, and trend analyses.

3. Data security

To protect your data, Hotellistat uses technical and organizational measures in accordance with the current state of the art:

Encryption of data transmission using SSL/TLS
Encrypted and unreadable storage of passwords Passwords are stored exclusively in hashed form using secure hash algorithms.
2-factor authentication (optionally activated by user)
Access controls, VPN-protected administrative access
No productive data access by developers
Self-contained server and service environment within the data center (e.g., no external access to databases)
Regular internal security training and audits

Our data centers are located exclusively in the European Union, specifically in Germany and Finland. No data processing or mirroring takes place outside the EU.

4. Data transfer to third parties

Hotel or user data is never shared with third parties. Processing is carried out exclusively internally and by Hotellistat itself. We do not commission external service providers with access to productive data.

5. Duration of storage

Data is generally stored indefinitely, unless legally required to do so. Customers have the right to request the deletion of their data at any time after the contract has ended. Please contact us in writing or by email.

According to Articles 13–77 GDPR, you have the following rights in particular:

Information about the data stored about you
Correction of incorrect data
Deletion(unless there is a legal obligation to retain data)
Restriction of processing
Objection to processing
Right to lodge a complaint with the supervisory authority
Data portability

Please contact us by email at info@hotellistat.de if you wish to exercise any of these rights.

7. Cookies and web analysis

We use cookies on our website to improve your experience. These are primarily "session cookies," which are automatically deleted after your visit. We also use:

Google Analytics with activated IP anonymization ("_anonymizeIp"). The IP address is shortened before storage. Further information and deactivation options can be found at: https://tools.google.com/dlpage/gaoptout?hl=de

Cookies are used on the basis of your consent in accordance with Art. 6 (1) (a) GDPR in conjunction with Section 25 TTDSG.

Hotellistat also processes publicly available data, e.g., from social networks (e.g., Facebook, Instagram, YouTube, Twitter) for statistical analysis. This data does not contain any personal data. Detailed analyses of Facebook pages require explicit authentication by the page owner.

9. Data provided by the customer / additional customer data

Data that customers actively feed into our systems (e.g., benchmark data, social media content, or business data) is used only for analysis and display in the user account and is not shared with third parties. These third parties are subject to the same data protection standards as all other data in our system.

10. Use of Artificial Intelligence (AI)

Hotellistat uses proprietary AI applications to improve service quality, data analysis, and service delivery:

ARIS AI for creating performance forecasts and price recommendations
Sentiment analysis for evaluating reviews
Athena: a multi-agent language assistant for answering user queries and interpreting data

The AI models used for this purpose are trained and operated exclusively in our own data center in Frankfurt am Main, Germany. Data processing outside the EU does not take place.

Athena: Hotellistat uses the services of Groq (https://groq.com/) to interpret user text input (multi-agent Athena), processing only necessary and anonymized requests. The anonymization is so high that no conclusions can be drawn about customers. These text inputs are not permanently stored.

Processing is carried out strictly in accordance with the GDPR and current security standards. Personal data is never used to train AI models.

The Multi-Agent Athena can be deactivated at the customer's request.