Privacy Policy

Haus of Visibility  ·  Last updated 9 June 2026

1. Who we are

Haus of Visibility™ provides AI visibility and marketing infrastructure for hotels. This Privacy Policy describes how we collect, use, and protect the personal data of visitors to hausofvisibility.com, subscribers to our newsletter, and clients of our services.

The data controller under Article 4(7) of the General Data Protection Regulation (GDPR) is:

 

Haus of Visibility

Albertine Visser, Einzelunternehmen

Agnes-Neuhaus-Str. 5

80797 Munich, Germany

Email: albertine@hausofvisibility.com

2. What personal data we collect

We collect only the personal data you choose to give us, or that is strictly necessary to operate our website and deliver our services. This typically includes:

 

—    Email address, when you subscribe to our newsletter, schedule a conversation, contact us, or become a client.

—    Name and professional role, when you provide it in a form, during a scheduled call, or in correspondence.

—    Property and company information, when you engage our services. This includes the hotel name, address, property facts, and the names and contact details of your designated points of contact (for example, the General Manager).

—    Scheduling data, when you book a call through our scheduling tool (Calendly). This includes your name, email address, and any information you provide in the booking form.

—    Message content, when you write to us directly.

—    Technical data (IP address, browser type, operating system, device information, referring website), collected automatically when you visit our site. Where technically possible, this data is pseudonymised.

 

We do not collect payment card data. Invoicing is handled through Lexware (see Section 6). Payments are made by bank transfer.

3. How we use your data

We process personal data only for the following purposes:

 

—    To send our newsletter. When you give consent, we use your email to send The Weekly Haus Letter. You may unsubscribe at any time.

—    To provide access to our briefing materials. When you access The AI Visibility Briefing, we may record that access for follow-up purposes only if you have given separate consent.

—    To schedule and conduct strategic conversations. When you book a call through Calendly, we use your scheduling data to prepare for and hold the meeting.

—    To respond to inquiries. When you contact us directly, we use your information to respond to your message.

—    To fulfil our contractual obligations. When you engage our services, we process client data as necessary to deliver the engagement. This includes accessing and auditing your property’s representation across AI tools and third-party platforms, creating and deploying content on your behalf, and producing diagnostic and measurement reports.

—    To maintain and improve our website. We use aggregated, anonymised data to understand how visitors interact with our site and to maintain site security.

4. Legal basis for processing

We process personal data under the following legal bases under Article 6 GDPR:

 

—    Consent — Art. 6(1)(a) GDPR. For newsletter subscriptions. You may withdraw consent at any time without affecting the lawfulness of prior processing.

—    Contract — Art. 6(1)(b) GDPR. When we process your data to fulfil a service agreement (including the AI Visibility Engine, Marketing Infrastructure, and related retainers), or to take steps at your request prior to entering into one (including strategic conversations and engagement proposals).

—    Legitimate interests — Art. 6(1)(f) GDPR. Where we have a legitimate interest in maintaining, securing, and improving our website and services, provided your fundamental rights and freedoms do not override this interest.

—    Legal obligation — Art. 6(1)(c) GDPR. Where we are required by law to retain or disclose certain data (for example, under German tax and commercial law).

5. How long we keep your data

We retain personal data only as long as necessary for the purposes for which it was collected:

 

—    Newsletter subscriptions — until you unsubscribe.

—    Scheduling data (Calendly) — retained per Calendly’s data retention terms and deleted on request. We retain our own notes from scheduled calls for up to 24 months, unless a client relationship is established.

—    Inquiries and correspondence — for up to 24 months, unless a client relationship is established.

—    Client data and engagement records — for the duration of our engagement and for up to 10 years thereafter where required by German tax and commercial law (§147 AO, §257 HGB).

 

Once the retention period expires, your data is deleted or fully anonymised.

6. Third-party services (processors)

To deliver our services and operate our website, we share limited personal data with trusted third-party processors.

Each is bound by a data processing agreement (Auftragsverarbeitungsvertrag) under Article 28 GDPR.

 

—    Framer — website hosting and form handling. Framer B.V., registered in the Netherlands. Processing is governed by GDPR-compliant terms.

—    Kit (formerly ConvertKit) — email delivery and subscriber management for The Weekly Haus Letter. Kit, based in the United States. Data transfers are safeguarded under the EU–US Data Privacy Framework and Standard Contractual Clauses.

—    Calendly — appointment scheduling for strategic conversations. Calendly LLC, based in the United States. When you book a call, Calendly processes your name, email address, and any information you enter in the booking form. Data transfers are safeguarded under the EU–US Data Privacy Framework and Standard Contractual Clauses.

—    Lexware — invoicing and accounting. Haufe-Lexware GmbH & Co. KG, Freiburg, Germany. Lexware processes client names, addresses, and invoice data for the purpose of creating and managing invoices. Processing is governed by GDPR-compliant terms. All data remains within the EU.

 

We do not use analytics, marketing, or tracking tools. We do not use Google Analytics, Meta Pixel, Hotjar, or equivalent services. We do not collect behavioural or visitor data beyond what is strictly necessary for the site to function.

A current list of our subprocessors is available on request by email.

6a. AI tools used in service delivery

As part of our AI Visibility Engine and related services, we use the following AI tools as professional diagnostic and research instruments:

 

—    ChatGPT (OpenAI, Inc.) — United States

—    Claude (Anthropic, PBC) — United States

—    Perplexity AI (Perplexity AI, Inc.) — United States

—    Google AI / Gemini (Google LLC / Alphabet Inc.) — United States

 

These tools are used to test, audit, and measure how AI systems describe and recommend our clients’ hotel properties. We query these tools with prompts about publicly known property information (hotel names, locations, amenities, and similar facts that are already available on the open web).

We do not enter the personal data of website visitors, newsletter subscribers, or any individuals into these tools. The information we process through AI tools is limited to publicly available property-related business information and the AI-generated responses themselves.

These AI tools are not processors under Article 28 GDPR. They are professional instruments used in the course of delivering our services, comparable to a consultant using a search engine or industry database. Our use of AI tools in client engagements is governed by the client service agreement and, where applicable, by the Auftragsverarbeitung (AVV) Annex.

6b. Third-party platforms accessed on client behalf

During AI Visibility and Marketing Infrastructure engagements, we access the following third-party platforms to audit, correct, and optimise our clients’ property listings:

 

—    Booking.com (Booking Holdings Inc.)

—    TripAdvisor (Tripadvisor, Inc.)

—    Expedia (Expedia Group, Inc.)

—    HRS (HRS Group)

—    Google Business Profile (Google LLC)

 

Access to these platforms is granted by the client as part of the engagement agreement. We access them solely to review and correct property information, ensure entity alignment across platforms, and maintain listing accuracy.


We do not share the personal data of website visitors or newsletter subscribers with these platforms. Any personal data processed on these platforms (for example, guest review data visible on the platform) is processed under the client’s controller responsibility. Our role in accessing these platforms is governed by the client service agreement.

7. International data transfers

Some of our processors and tools are based outside the European Economic Area, primarily in the United States. Where personal data is transferred internationally, we rely on the following safeguards under Articles 45 and 46 GDPR:

 

—    EU–US Data Privacy Framework, where the processor is certified (Kit, Calendly).

—    Standard Contractual Clauses approved by the European Commission, where applicable.

 

For AI tools used in service delivery (Section 6a), international data transfer concerns are minimal because we do not enter personal data into these tools. The prompts we submit contain only publicly available property information.

A copy of the relevant safeguards is available on request.

8. Your rights under GDPR

You have the following rights regarding your personal data:

 

—    Right of access (Art. 15) — the right to know what personal data we hold about you and to receive a copy.

—    Right to rectification (Art. 16) — the right to have inaccurate or incomplete data corrected.

—    Right to erasure (Art. 17) — the right to request deletion of your personal data (“right to be forgotten”), subject to legal retention obligations.

—    Right to restriction of processing (Art. 18) — the right to limit how we use your data.

—    Right to data portability (Art. 20) — the right to receive your data in a structured, commonly used, machine-readable format.

—    Right to object (Art. 21) — the right to object to processing based on legitimate interests.

—    Right to withdraw consent (Art. 7(3)) — where processing is based on consent, you may withdraw it at any time.

—    Right not to be subject to automated decision-making (Art. 22) — we do not use your data for automated decision-making or profiling that produces legal or similarly significant effects.

 

To exercise any of these rights, please contact us at albertine@hausofvisibility.com. We will respond within one month, as required by Article 12(3) GDPR. For complex or numerous requests, this period may be extended by two further months, in which case we will inform you.

9. Right to lodge a complaint

If you believe we have handled your personal data unlawfully, you have the right to lodge a complaint with a supervisory authority. The competent authority for Haus of Visibility is:

 

Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)

Promenade 18

91522 Ansbach, Germany

Website: www.lda.bayern.de

Email: poststelle@lda.bayern.de

 

You may also lodge a complaint with the supervisory authority in the member state of your habitual residence.

10. Cookies and tracking

Our website uses only strictly necessary cookies required for the basic operation of the site. We do not use analytics cookies, marketing pixels, or any third-party tracking technologies.

No consent is required for strictly necessary cookies under Article 6(1)(f) GDPR and §25(2) TTDSG, as they are essential for providing the service you have requested.

When you click a link to schedule a call via Calendly, you are directed to calendly.com, which operates under its own cookie and privacy policies. We recommend reviewing Calendly’s privacy policy before booking.

You can manage or delete cookies at any time through your browser settings.

11. Security

We take appropriate technical and organisational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. These measures include encrypted data transmission (TLS/SSL), secure storage with reputable processors, access controls, and regular review of our security practices.

No online system is entirely secure, but we maintain the safeguards required by Article 32 GDPR and align with current industry standards.

12. Children’s data

Our services are directed at hotel businesses and their decision-makers. We do not knowingly collect personal data from anyone under the age of 16. If you believe that we have inadvertently collected data from a child, please contact us and we will delete it promptly.

13. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal requirements. The “Last updated” date at the top of this page will always indicate the most recent version.

If we make material changes, we will notify you by email (if you are a subscriber or client) or through a prominent notice on our website before the changes take effect.

14. Contact

For any questions about this Privacy Policy, or to exercise your rights, please contact:

 

Haus of Visibility

Albertine Visser, Einzelunternehmen

Agnes-Neuhaus-Str. 5

80797 Munich, Germany

Email: albertine@hausofvisibility.com

——————————————————————————-

Haus of Visibility

AI visibility & marketing for hotels.

© 2026 Haus of Visibility™.

All rights reserved.

· Munich, Germany