Privacy Policy

Version: June 2025

At Where to know Insights GmbH (“Where to know”, “we”, “our”), we are committed to protecting your personal data and ensuring transparency in how we handle it. This Privacy Policy explains how we collect, use, and protect your data when you interact with our website and services, in accordance with the General Data Protection Regulation (GDPR).

1. Controller Information

Where to know Insights GmbH
Quartier Potsdamer Platz, 5. OG, Haus 2
Potsdamer Platz 10
10785 Berlin, Germany

Email: info@wheretoknow.com
Managing Director: Zishuo Wang
For legal information, please see our [Impressum].

2. Contacting Our Data Protection Officer

If you have any questions about how we process your personal data or would like to exercise your rights under the GDPR, you can contact us at:

Email: info@wheretoknow.com
(Please add “Attn: Data Protection” in the subject line.)

3. Categories of Data Processed

Depending on your interaction with us, we may process the following categories of personal data:

• Contact details (e.g. name, email address)
• Company information (e.g. hotel name, location)
• Technical and browser data (e.g. IP address, device type, OS, browser version)
• Usage data (e.g. page views, session length)
• Any content submitted through forms or registration

4. Legal Bases for Processing

We process your personal data based on the following legal grounds:

• Art. 6(1)(a) GDPR – Consent (e.g. for marketing or analytics cookies)
• Art. 6(1)(b) GDPR – Performance of a contract or pre-contractual steps
• Art. 6(1)(f) GDPR – Legitimate interest (e.g. secure and optimized platform usage)

5. Data Collection When Visiting Our Website
6. a) Server Log Files

When you visit our website, we automatically collect and temporarily store certain data transmitted by your browser to ensure website stability and security. These include:

• IP address
• Date and time of access
• Requested URL and referring URL
• Browser type and version
• Operating system
• Language settings

Legal basis: Art. 6(1)(f) GDPR

1. b) Cookies and Tracking Technologies

We use cookies to enhance user experience and to analyze website traffic. Cookies are small text files that are stored on your device.

Types of cookies:

• Essential cookies: Ensure core functionality.
• Performance/Analytics cookies: Help us understand how users interact with the site.

You can control the use of cookies via your browser settings. Some functions of the site may not work properly without cookies.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest); Art. 6(1)(a) GDPR (consent, where required)

You will be informed about the use of cookies and tracking technologies via a cookie banner upon your first visit, where you can manage your preferences.

6. Use of Google Analytics

We use Google Analytics to analyze website usage and improve user experience. This involves the use of cookies and anonymized tracking data.

Provider: Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland
Google may transfer data to the U.S. under Standard Contractual Clauses (SCCs). IP anonymization is enabled.

You can opt out via this plugin: https://tools.google.com/dlpage/gaoptout

Legal basis: Art. 6(1)(a) GDPR (consent), Art. 6(1)(f) GDPR (legitimate interest)

7. Contacting Us

If you contact us by email or via a contact form, we process the personal data you provide in order to respond to your inquiry.

Legal basis:

• Art. 6(1)(b) GDPR – for pre-contractual or service-related requests
• Art. 6(1)(f) GDPR – for general inquiries

8. Platform Usage and User Accounts

When you register for and use our platform, we process:

• Your name, email, company name
• Login credentials (securely encrypted)
• Usage and interaction data
  This is necessary to provide our services, maintain your account, and improve the platform.

Legal basis: Art. 6(1)(b) GDPR

9. Review Aggregation and Analysis

Where to know may aggregate and analyze publicly available hotel reviews (e.g. from OTAs and other platforms). The analysis may include non-personal metadata such as review scores, dates, themes, and sentiment.

Legal basis: Art. 6(1)(f) GDPR – legitimate interest in benchmarking and guest experience optimization

10. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected or to comply with legal obligations.

Examples:

• Tax records: up to 10 years (§147 AO)
• Commercial records: up to 6 years (§257 HGB)

After these periods, data will be deleted or anonymized.

11. Data Transfers to Third Countries

Some of our technical service providers may be located outside the EU. We ensure that such transfers only occur where:

• An adequacy decision exists
• SCCs are in place
• You have provided consent

12. Your Rights Under the GDPR

You have the following rights:

• Access to your data (Art. 15)
• Rectification of incorrect data (Art. 16)
• Erasure (“right to be forgotten”, Art. 17)
• Restriction of processing (Art. 18)
• Data portability (Art. 20)
• Objection to processing (Art. 21)
• Withdraw consent at any time (Art. 7(3))
• Lodge a complaint with a supervisory authority (Art. 77)

Supervisory authority example:
Berliner Beauftragte für Datenschutz und Informationsfreiheit
Alt-Moabit 59-61, 10555 Berlin
https://www.datenschutz-berlin.de

13. Updates to This Privacy Policy

We may update this Privacy Policy in line with legal or technical changes. The latest version will always be available on our website. Material changes will be clearly communicated.

This Privacy Policy is provided in English for clarity and international accessibility. If a German version is provided in the future, both versions will be kept consistent. In case of discrepancies, the English version shall prevail.