Data protection & Cookies
DATA PROTECTION STATEMENT
AS AT 23/5/2018
We strive to deliver services of outstanding quality. So that we can guarantee this objective for the future and to be able to offer you the best possible service and flawless performance, we capture and process data and activities from enquiries, reservations, voucher purchases or website visits. We process your data exclusively on the basis of the statutory regulations (GDPR, German Telecommunications Act (TKG) 2003). This data protection statement contains information about the most important aspects of data processing within our website, our Facebook and Instagram accounts and our newsletter system. If you make a booking or purchase with us, send us an enquiry, request information or sales literature, we process your personal data in accordance with Article 6 Section 1 b and f of the EU's General Data Protection Regulation (GDPR).
Which data do we capture?
Website: If you use this website, we capture data that is required for technical purposes, which is transmitted automatically to our server, including the IP address, date and time of the session, type of end-device, access status/HTTP status code, browser type, language and version of the browser software, and the operating system.
This is a technical requirement for us to be able to display our website to you. We also use the data to be able to improve the website in accordance with your expectations and to guarantee the security and stability of the website. The legal basis for the data capture is point (f) of Article 6(1) GDPR.
Forms: If you contact us on our website using a form or get in touch with us by email, make an enquiry or a booking, you give us the personal data (e.g. your name, postal address, email address, telephone number, interests etc.) that we need to be able to process your enquiry. We store and process this data. We do not pass it on to third parties. Excepted from this are companies that work on our behalf as processors and with which we have made an agreement that they will handle your data with the same legally prescribed duty of care as we do. The companies are named below in this data protection statement.
We need cookies to make our offer user-friendly. Some cookies remain stored on your end-device until you delete them. These enable us to recognise your browser again the next time you visit our website.
If you do not wish this to happen, you can set your browser to notify you about cookie placement and allow them individually.
If you do not permit cookies, under certain circumstances not all functions of our website will be available.
Web analysis – Google Analytics
We use Google Analytics on our website to be able to analyse and improve the use of our website.
Accordingly, we have entered into an agreement for processing with the provider.
You can prevent this by setting your browser so that cookies are not stored. We would point out, however, that in this instance not all functions of our website will be available in full. In addition, you can prevent data generated by cookies and data related to the use of the website (including your IP address) being sent to Google, as well as the processing of this data by Google, by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de
We use Google Analytics with the extension „_anonymizeIp()“. This shortens IP addresses (IP masking). Reference to particular persons can therefore be excluded. Google participates in the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework. This means that even in the exceptional cases when data is transferred to the US, this data has a reasonable level of protection.
Information about Google: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001
More detailed information on data protection by Google:
Google Adwords conversion tracking
We use Google Adwords to show you advertising by Google and other third parties. With conversion tracking, we ascertain the effectiveness of individual advertising measures with the purpose of showing you advertising that is of interest to you and to make our website more interesting for you. The legal basis for processing your data is point (f) of Article 6(1) GDPR.
These cookies enable Google to recognise your web browser again. Provided that a user visits certain pages on the website of an AdWords customer and the cookie is still running, Google and the customer can recognise that the user has clicked on the advert and was forwarded to this page. Every Adwords customer is allocated a different cookie. So cookies cannot be tracked via the websites of AdWords customers. We ourselves do not collect or process any personal data through the advertising measures mentioned. Google provides us with statistical analyses only. With the help of these analyses, we can recognise which of the advertising measures implemented are particularly effective. We do not receive further data from the implementation of the advertising method, and in particular, we cannot identify users with the help of this information.
Your browser automatically makes a direct connection to Google's servers based on the marketing tools implemented. We have no influence over the scope and further use of the data collected by Google and can only give you information on what we know: Through the integration of AdWords conversion tracking, Google receives the information that you have accessed the particular part of our website or have clicked on one of our adverts. Provided that you are registered for a Google service, Google can associate the visit with your account. Even if you are not registered with Google or are not logged in, it is possible that the provider can find out your IP address and store it.
You can prevent the storage of cookies by selecting the appropriate setting in your browser software; however, we would point out that in this event you may not be able to use all the functions of this website. In addition, you can prevent data generated by cookies and data related to the use of the website (including your IP address) being sent to Google, as well as the processing of this data by Google, by downloading and installing the browser plugin available at the following link: http://www.google.com/settings/ads/plugin
You can find further information on data protection with Google here:
Google Adwords Remarketing
We use Google Adwords Remarketing. This application enables our advertising to be displayed to you on other websites after you have visited our website. This is carried out with the help of cookies stored in your browser through which your user behaviour when visiting different websites is captured and analysed by Google. In this way, Google can establish your previous visit to our website. Google states that data collected with remarketing is not brought together with any personal data that might have been stored by Google. In particular, according to Google, pseudonymising is implemented during remarketing.
This website accesses Google Maps. This enables us to display interactive maps to you directly on our website and facilitate your use of the map function. Through the use of Google Maps, data is transmitted to Google in the US, including your IP address.
The legal basis for processing your data is point (f) of Article 6(1) GDPR. Google participates in the EU-US Privacy Shield:www.privacyshield.gov/EU-US-Framework
Information about Google:
Google Inc., 1600 Amphitheater Parkway, Mountainview, California 94043, US
More detailed information on data protection by Google:
We use Google Fonts on our website. This allows us to integrate certain fonts into our website. These fonts are provided by Google via servers in the US. When our website is accessed, the visitor’s web browser builds a direct connection to these servers. Amongst other things, the IP address of the visitor is transmitted to Google and stored there. Google participates in the EU-US Privacy Shield: www.privacyshield.gov/EU-US-Framework
Social Media Plugins
We deploy the following social media plugins on our website: Facebook, Instagram. You can recognise these through the special icons or terms for social media channels, such as “Like” etc. Personal data is transmitted to the particular plugin provider and stored there.
The particular plugin provider stores the data it collects as user profiles, and uses these for the purpose of advertising, market research and/or the needs-based design of its website. Such an analysis takes place, in particular, (even for users who are not logged in) to display needs-based advertising and to inform other users of the social network about your activities on our website. You have a right to object to the creation of this user profile, which you have to exercise by contacting the plugin provider concerned. Through plugins, we offer you the opportunity of interacting with social networks and other users so that we can improve our offer and design our website to be more interesting for you. The legal basis for using plugins is point (f) of Article 6(1) GDPR.
Data is passed on regardless of whether you possess an account with the plugin provider and are logged into it. If you are logged into the plugin provider, the data collected by us is associated directly with your existing account with the plugin provider. With US providers, transmission takes place in the US; these are subject to the EU-US Privacy Shield:
Further information on the purpose and scope of data collection and its processing by the plugin provider can be obtained from the data protection statements of this provider. There you will also find further information on your rights and options for changing your privacy settings:
Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, US
To process your voucher purchases, we use the services of Incert. Based on a special agreement for processing personal data, your data is collected and processed by the company, vioma GmbH, Industriestraße 27, 77656 Offenburg as part of data processing pursuant to Article 28 GDPR in accordance with the relevant statutory regulations in our contract. As processor, in the event of support measures, the company, vioma also has access to your data, which, however, may only be used for the purpose of support measures and not for the company’s own purpose.
Duration of storage
We process and store your data only as long as it is required to do so for processing or to comply with statutory obligations. Once the purpose of processing has ended, your data is blocked or erased. Provided there are additional statutory obligations for storage, we block or erase your data upon expiry of the statutory retention periods.
Our measures for protecting your personal rights
As mentioned at the beginning, we take the protection of your personal data very seriously and use this data exclusively to remain in contact with you, to optimise our service and to adapt to your wishes and requirements.
We take appropriate measures to prevent access for the misuse, theft, sharing, changing or destruction of the stored data.
Our staff are suitably trained and are obliged to use your data confidentially and in compliance with the law.
To safeguard the confidentiality of your personal data, we have entered into processing agreements with service providers to whom we send personal data for communications purposes (newsletters, mailings etc.) or for business purposes (bookkeeping, invoicing, bookings routing, data management systems etc.)
Our website contains links to the websites of third parties. We are not responsible for the compliance of these providers with the regulations of the GDPR. We therefore recommend that you enquire about the data protection statement of these companies.
In particular, the GDPR gives you the right of access to your personal data (if we store your data and which data we store, the processing purpose and the duration of storage), the right to rectification and completion, the right to erasure, the right to the restriction of processing, the right to data portability, the right to object and the right to withdrawal of consent.
You have the right to request confirmation from us about whether we process your personal data. If you would like to exercise this right to confirmation, you can contact our Data Protection Officer at any time with regard to this.
You have the right to receive from us information at any time about the personal data of yours that we store. Furthermore, the European regulator has given you the right to information about the personal data that concerns you which we process, the purposes of the processing, the categories of personal data concerned, the recipients or categories of recipient to whom the personal data has been or will be disclosed, in particular recipients in third countries or international organisations, if possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period, about the existence of automated decision-making, including profiling, pursuant to Article 22 (1) and (4) GDPR and – at least in these instances – meaningful information about the logic involved as well as the consequences and effects aspired to by processing of this kind. If the personal data was not collected from you, you have the right to information about all available information about the origin of the data.
Furthermore, you have the right to information about whether personal data was transmitted to a third country or to an international organisation. Provided that this is the case, you have, besides, the right to receive information about suitable guarantees in connection with the transmission.
You have the right to request rectification without undue delay of inaccurate personal data.
You have the right to request that we erase the personal data without undue delay, provided that one of the following reasons applies and insofar as the processing is not required:
• The personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed;
• The data subject withdraws consent on which the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2), GDPR and where there is no other legal ground for the processing;
• The data subject objects to the processing pursuant to Article 21(1) GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) GDPR;
• The personal data has been unlawfully processed;
• The personal data has to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
• The personal data has been collected in relation to the offer of information society services referred to in Article 8(1) GDPR.
Provided that one of the above-mentioned reasons applies and you would like the erasure of personal data that is stored by us, you can contact our Data Protection Officers at any time. Our Data Protection Officer or other member of staff working on his/her behalf will see to it that the erasure request is complied with without undue delay.
Where we have made the personal data public and our company, as the controller, is obliged pursuant to Article 17(1) GDPR to erase the personal data, we, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you have requested the erasure by such controllers of any links to, or copy or replication of, those personal data. Our Data Protection Officer or other member of staff working on his/her behalf will see to the necessary actions being taken in individual cases.
You have the right to request that we restrict processing if one of the following prerequisites is given:
• The accuracy of the personal data is contested by you for a period enabling the controller to verify the accuracy of the personal data;
• The processing is unlawful and you oppose the erasure of the personal data and request the restriction of its use instead;
• We, as the controller, no longer need the personal data for the purposes of processing, but it is required by you, as the data subject for the establishment, exercise or defence of legal claims;
• You have objected to processing pursuant to Article 21(1) GDPR pending verification of whether the legitimate grounds of the controller override those of the data subject.
Provided that one of the above-mentioned reasons applies and you would like the restriction of personal data that is stored by us, you can contact our Data Protection Officers at any time. Our Data Protection Officer or other member of staff working on his/her behalf will see to the restriction being carried out.
You have the right to receive the personal data that concerns you, which you have provided to us, in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another controller without hindrance from the controller to which the personal data has been provided, where the processing is based on consent pursuant to point (a) of Article 6(1) GDPR or point (a) of Article 9(2) GDPR or on a contract pursuant to point (b) Article 6(1) GDPR, and the processing is carried out by automated means, provided that the processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Furthermore, in exercising your right to data portability pursuant to Article 20(1) GDPR, you have the right to have the personal data transmitted directly from one controller to another, where technically feasible and provided that it shall not adversely affect the rights and freedoms of others.
For the establishment of the right to data portability, you can contact our Data Protection Officers at any time.
You have the right for reasons resulting from your special situation to object to the processing of personal data that concern you, pursuant to point (e) or (f) of Article 6(1) GDPR. This also applies to profiling based on these provisions.
If you have any questions about this statement or the processing of your personal data by our company, please contact us by email at firstname.lastname@example.org