top of page

Privacy Policy – Alaris

Last updated: November 2025 

 

1. Data Controller

​

Kölbl Korbinian and Medicus Theresa Pia GbR – Alaris 
Trivastraße 9, 80638 Munich, Germany 
Email: hello@alarisbyluxhw.com 
Phone: +49 176 28810117 
Website: www.alarisbyluxhw.com 

 

2. General Information

​

We take the protection of your personal data very seriously. 
Your personal information is processed in compliance with the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG). 

This Privacy Policy explains which personal data we collect, how we use it, and what rights you have under data protection law. 

 

3. Collection and Purpose of Data Processing

​

We collect and process personal data that you provide to us voluntarily — for example via email, phone, WhatsApp, Microsoft Bookings, social media, or through our website. 

We process your data for the following purposes:

​

  • Travel planning, consultancy, and brokerage of travel services 

  • Communication with clients, partners, and service providers 

  • Processing bookings via partners such as Little Emperors or Myler 

  • Scheduling meetings via Microsoft Bookings 

  • Sending newsletters (via Wix) 

  • Managing enquiries through our website contact form 

  • Social media communication (e.g. Instagram DMs) 

  • Invoicing, accounting, and legal obligations

​

Legal basis: 
Art. 6 (1) (a) GDPR – consent 
Art. 6 (1) (b) GDPR – contract performance 
Art. 6 (1) (f) GDPR – legitimate interest 

 

4. Data Disclosure to Third Parties

​

Your data will only be shared with third parties where necessary for the performance of our contractual obligations, legal requirements, or if you have provided consent.

​

This includes:

​

  • Hotels, airlines, visa agents, and other service providers for bookings 

  • Hotel partner programmes (e.g. SLH Within, LHW Vita, Hyatt Privé, Marriott Stars) to provide exclusive benefits 

  • Payment processors such as Stripe (used by partners like Little Emperors or Myler) 

  • IT and software providers: 

  • Microsoft (Outlook, 365, Bookings) 

  • Wix (website hosting, newsletter) 

  • Notion (internal organisation and travel planning) 

  • Finom (banking services)

​

All partners are contractually bound to comply with GDPR requirements. 
Data transfers outside the EU occur only under appropriate safeguards in accordance with Art. 46 GDPR (e.g. EU Standard Contractual Clauses). 

 

5. Credit Card Data and Payment Processing

​

During travel arrangements, Alaris may enter clients’ credit card details into booking systems operated by partners (e.g. Myler or Little Emperors). 

Storage and processing of this data are handled exclusively by the relevant payment processor (e.g. Stripe). 
Stripe is a PCI DSS Level 1 certified payment provider. 
All card data is encrypted and tokenised directly by Stripe. 

Alaris does not store or retain full credit card numbers or security codes and has no access to such information once it has been entered. 
Stripe processes payment data solely for the purpose of payment handling, in compliance with European data protection standards under Art. 46 GDPR. 

For more details: https://stripe.com/privacy 

 

6. Microsoft Bookings

​

To arrange appointments, we use Microsoft Bookings, a service of Microsoft Ireland Operations Limited, 
One Microsoft Place, South County Business Park, Dublin, Ireland. 

Personal data entered into Microsoft Bookings (such as name, email address, or preferred time slot) is processed exclusively for the purpose of scheduling and managing appointments. 
Microsoft acts as a data processor under Art. 28 GDPR. 

More information: https://privacy.microsoft.com/en-gb/privacystatement 

 

7. WhatsApp Business

​

We use WhatsApp Business to communicate with clients. 
Provider: WhatsApp Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. 

By contacting us via WhatsApp, you voluntarily provide your phone number and any additional personal information shared in messages. 
The legal basis for processing is consent (Art. 6 (1) (a) GDPR) or contract fulfilment (Art. 6 (1) (b) GDPR). 

More information: https://www.whatsapp.com/legal/privacy-policy-eea 

 

8. Newsletter (via Wix)

​

We use Wix.com Ltd., 40 Namal Tel Aviv St., Tel Aviv, Israel, to send newsletters. 
Data is processed based on your consent (Art. 6 (1) (a) GDPR). 
You can unsubscribe at any time via the link in every email. 
Wix ensures compliance with GDPR through EU Standard Contractual Clauses (SCCs) under Art. 46 GDPR. 

More information: https://www.wix.com/about/privacy 

 

9. Website, Cookies, and Contact Form

​

Our website is hosted by Wix.com Ltd. (Tel Aviv, Israel). 
Wix processes data on servers located in the EU and Israel. 
Israel is recognised by the European Commission as a country with an adequate level of data protection. 

We use only technically necessary cookies, which are essential for the proper functioning of the website. 
These cookies do not collect personal information and do not require consent. 

When you contact us via the website’s contact form, the personal data you provide (such as name, email address, and message) is processed to handle your enquiry. 
Legal basis: Art. 6 (1) (b) GDPR. 

 

10. Social Media

​

We operate official Instagram profiles under @luxuryhotelsworld and @alarisbyluxhw

When you interact with our profiles (likes, comments, messages), personal data may be collected and processed jointly with 
Meta Platforms Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland, under Art. 26 GDPR (joint controllership). 

Further information on Meta’s privacy practices: 
https://www.facebook.com/privacy/policy 

 

11. Data Security

​

We employ appropriate technical and organisational security measures under Art. 32 GDPR to protect your data from unauthorised access, loss, or misuse. 
Our website uses SSL encryption for secure data transmission. 

 

12. Data Retention

​

We store personal data only as long as necessary for the respective purpose or for as long as legally required (e.g. tax retention obligations). 
Once the purpose ceases or statutory retention periods expire, data will be deleted or anonymised. 

 

13. Your Rights

​

Under the GDPR, you have the following rights:

​

  • Right of access (Art. 15 GDPR) 

  • Right to rectification (Art. 16 GDPR) 

  • Right to erasure (Art. 17 GDPR) 

  • Right to restriction of processing (Art. 18 GDPR) 

  • Right to data portability (Art. 20 GDPR) 

  • Right to object (Art. 21 GDPR)

​

If you believe that the processing of your data violates data protection law, you have the right to lodge a complaint with the competent supervisory authority:


Bavarian Data Protection Authority (BayLDA) 
Promenade 27, 91522 Ansbach, Germany 

 

14. Updates to this Privacy Policy

​

We may update this Privacy Policy from time to time to reflect changes in legal, technical, or organisational requirements. 
The current version is always available on our website.

 

Last updated: November 2025 

bottom of page