Privacy Policy

The controller responsible for the processing of personal data on this website within the meaning of Art. 4(7) GDPR is:

Michael Krause
Hornemannweg 91
70439 Stuttgart, Germany
Email: contact@krausehospitality.com

Krause Hospitality Advisory is a brand of Michael Krause (sole proprietor).

This website is built as a public-record information surface. We do not run analytics tracking, behavioural cookies, advertising trackers, or third-party social embeds on this site. The categories of personal data we do process are limited to the following:

• Server access logs. When a page on krausehospitality.com is requested, our hosting provider Vercel automatically logs the request: IP address, timestamp, requested URL, HTTP status, user agent, and referring URL. Purpose: technical operation of the site, abuse prevention, capacity planning. Lawful basis: Art. 6(1)(f) GDPR (legitimate interest in operating a secure website).
• DNS resolution metadata. Cloudflare resolves DNS for krausehospitality.com and may briefly process IP addresses as part of standard DNS service. Purpose: routing requests to the correct server. Lawful basis: Art. 6(1)(f) GDPR.
• Email correspondence. If you contact us via email or the briefing-request form, we process the contents of your message, your name, and your email address. Purpose: replying to your inquiry. Lawful basis: Art. 6(1)(b) GDPR (steps prior to entering into a contract) or Art. 6(1)(f) GDPR (legitimate interest in answering inbound inquiries).

This website uses no cookies for tracking, analytics, advertising, or behavioural profiling. Strictly necessary technical state (e.g. routing, deployment metadata) is handled at the hosting layer by Vercel and does not constitute a cookie under the German Telecommunications-Telemedia Data Protection Act (TTDSG / DDG). No consent banner is required and none is shown.

The following processors act on our behalf under written data-processing agreements (Art. 28 GDPR):

• Vercel Inc. 440 N Barranca Ave #4133, Covina, CA 91723, USA. Hosting and content delivery for this website. Vercel is certified under the EU-U.S. Data Privacy Framework (DPF) and offers EU Standard Contractual Clauses for transfers outside its DPF scope.
• Cloudflare, Inc. 101 Townsend Street, San Francisco, CA 94107, USA. DNS resolution and edge network. Cloudflare is certified under the EU-U.S. Data Privacy Framework and offers EU Standard Contractual Clauses.

We do not sell, rent, or share personal data with any other third parties. We do not transmit data to advertisers or data brokers.

Our processors (Vercel, Cloudflare) are based in the United States and may store or process data there. Transfers are based on adequacy decisions under the EU-U.S. Data Privacy Framework (Art. 45 GDPR) and, supplementary, on EU Standard Contractual Clauses (Art. 46(2)(c) GDPR). Both providers operate EU edge regions; your request is in most cases served from infrastructure located within the EEA.

We retain personal data only for as long as the purpose requires:

• Server access logs: typically 14 to 30 days at the hosting layer, then automatically rotated.
• Email correspondence: for the duration required to handle the inquiry and any resulting engagement, plus statutory retention periods under German tax and commercial law (§ 257 HGB, § 147 AO — typically 6 to 10 years for documents bearing tax-relevant content).

You have the following rights under the GDPR:

• Right of access (Art. 15 GDPR) — to obtain confirmation as to whether personal data concerning you is being processed, and a copy of that data.
• Right to rectification (Art. 16 GDPR) — to have inaccurate data corrected.
• Right to erasure (Art. 17 GDPR) — to have your data deleted where one of the grounds in Art. 17 applies.
• Right to restriction of processing (Art. 18 GDPR).
• Right to data portability (Art. 20 GDPR).
• Right to object (Art. 21 GDPR) — particularly to processing based on Art. 6(1)(f) GDPR.
• Right to withdraw consent (Art. 7(3) GDPR), where processing is based on consent. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.

Requests should be sent to contact@krausehospitality.com.

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority (Art. 77 GDPR). The competent authority for this controller is the State Commissioner for Data Protection of Baden-Württemberg (Landesbeauftragter für den Datenschutz und die Informationsfreiheit Baden-Württemberg), Königstraße 10a, 70173 Stuttgart, Germany.

We may update this policy when our processing or our processors change, or when legislation requires. The current version is always available at krausehospitality.com/legal/privacy. The version above is dated 25 April 2026.