Data protection
Privacy policy
Thank you for visiting our website and for your interest in our company. The protection of your personal data is important to us. Personal data is individual information about the personal or factual circumstances of an identified or identifiable natural person. This includes information such as civil name, address, telephone number and date of birth.
As this data enjoys special protection, we only collect it to the extent that is technically necessary. Below, we will explain what information we collect during your visit to our website and how it is used - naturally in compliance with the applicable German legislation and the GDPR, which will come into force on May 25, 2018.
1. Definitions of terms
This data protection declaration is based on the terms used by the European legislator for the adoption of the General Data Protection Regulation (GDPR). Our privacy policy should be easy to read and understand for the public as well as for our customers and business partners. To ensure this, we would like to explain the terms used in advance.
We use the following terms, among others, in this privacy policy:
a) personal data
Personal data means any information relating to an identified or identifiable natural person (hereinafter referred to as "data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person
b) Person concerned
Data subject is any identified or identifiable natural person whose personal data is processed by the controller responsible for the processing
c) Processing
Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction
d) Restriction of processing
Restriction of processing is the marking of stored personal data with the aim of restricting its future processing
e) Profiling
Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.
f) Pseudonymization
Pseudonymization is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
g) Controller or controller responsible for the processing
Controller or controller responsible for the processing is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
h) Processor
Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
i) Recipient
Recipient is a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.
j) Third party
Third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.
k) Consent
Consent is any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
2. Name and address of the controller
The controller within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is
Der Achtermann aZIS Hotel Betriebs GmbH
Rosentorstr. 20
38640 Goslar
Germany
Phone: 05321/ 70000
E-mail: info (at) der-achtermann.de
Website: https://www.der-achtermann.de
3. Name and address of the data protection officer
Mihaela Susak
Eugensplatz 5
70184 Stuttgart
Germany
Phone: (0711) 933423-40
E-mail: datenschutz (at) azis-hotels.de
4. General information on data processing
a. Scope of the processing of personal data
We collect and use our users' personal data only to the extent necessary to provide a functional website and our content and services. The collection and use of our users' personal data only takes place regularly with the user's consent. An exception applies in cases where prior consent cannot be obtained for factual reasons and the processing of the data is permitted by law.
b. Legal basis for the processing of personal data
Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 para. 1 lit. a EU General Data Protection Regulation (GDPR) serves as the legal basis.
When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 para. 1 lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures.
Insofar as the processing of personal data is necessary to fulfill a legal obligation to which our company is subject, Art. 6 para. 1 lit. c GDPR serves as the legal basis.
In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d GDPR serves as the legal basis.
If the processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest, Art. 6 para. 1 lit. f GDPR serves as the legal basis for the processing.
c. Data erasure and storage duration
The personal data of the data subject will be erased or blocked as soon as the purpose of storage no longer applies. Data may also be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the controller is subject. The data will also be blocked or erased if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfillment of a contract.
5. Provision of the website and creation of log files
a. Description and scope of data processing
Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer.
The following data is collected:
Information about the browser type and version used
The user's operating system
The user's internet service provider
The anonymized IP address of the user
Date and time of access
Websites from which the user's system accesses our website
Websites that are accessed by the user's system via our website
Search terms entered
Information about the type of device used
Language settings
Frequency of page views
The data is also stored in the log files of our system. This data is not stored together with other personal data of the user.
b. Legal basis for data processing
The legal basis for the temporary storage of data and log files is Art. 6 para. 1 lit. f GDPR.
c. Purpose of the data processing
Temporary storage of the IP address by the system is necessary to enable delivery of the website to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the session.
Data is stored in log files to ensure the functionality of the website. In addition, we use the data to optimize the website and to ensure the security of our information technology systems. The data is not analyzed for advertising purposes in this context.
These purposes also constitute our legitimate interest in data processing in accordance with Art. 6 para. 1 lit. f GDPR.
d. Duration of storage
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.
If the data is stored in log files, this is the case after seven days at the latest. Storage beyond this period is possible. In this case, the IP addresses of the users are deleted or anonymized so that it is no longer possible to identify the accessing client.
e. Possibility of objection and removal
The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility for the user to object.
6. Use of cookies
We use cookies on various pages to make your visit to our website more attractive and to enable the use of certain functions. Cookies are small text files that your browser can store on your computer. The process of storing a cookie file is also called 'setting a cookie'. You can set your browser yourself according to your wishes so that you are informed about the setting of cookies, decide on a case-by-case basis whether to accept them or generally accept or generally exclude the acceptance of cookies. Cookies can be used for different purposes, e.g. to recognize that your PC has already had a connection to a website (persistent cookies) or to save recently viewed offers (session cookies). We use cookies to offer you an enhanced user experience. However, our partner companies are not permitted or it is technically impossible for them to obtain, process or use personal data via our website using cookies. Most of the cookies we use are deleted from your hard disk at the end of the browser session (session cookies). Other cookies remain on your computer and enable us to recognize your computer on your next visit (persistent cookies). The way in which we use cookies does not result in any disadvantages or risks for you. In order to use our convenience functions, we recommend that you allow the acceptance of cookies for our website.
The user data collected in this way is pseudonymized by technical precautions. It is therefore no longer possible to assign the data to the accessing user. The data is not stored together with other personal data of the user.
Legal basis for data processing
The legal basis for the processing of personal data using technically necessary cookies is Art. 6 para. 1 lit. f GDPR.
The legal basis for the processing of personal data using cookies for analysis purposes is Art. 6 para. 1 lit. a GDPR if the user has given consent to this.
Purpose of data processing
Analysis cookies are used for the purpose of improving the quality of our website and its content. Through the analysis cookies, we learn how the website is used and can thus constantly optimize our offer.
These purposes also constitute our legitimate interest in the processing of personal data in accordance with Art. 6 para. 1 lit. f GDPR.
Some functions of our website cannot be offered without the use of cookies. For these it is necessary that the browser is recognized even after a page change.
We need cookies for the following applications:
Shopping cart
Language settings
Session cookie (for the duration of the browser session) to temporarily store filter selections made or information on completed forms
The user data collected by technically necessary cookies is not used to create user profiles.
Duration of storage, objection and removal options
Cookies are stored on the user's computer and transmitted by it to our website. As a user, you therefore have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all functions of the website to their full extent.
The transmission of Flash cookies cannot be prevented via the browser settings, but by changing the Flash Player settings.
Zur Verwaltung der eingesetzten Cookies und ähnlichen Technologien (Tracking-Pixel, Web-Beacons etc.) und diesbezüglicher Einwilligungen setzen wir das Consent Tool „Real Cookie Banner“ ein. Details zur Funktionsweise von „Real Cookie Banner“ findest du unter <a href=“https://devowl.io/de/rcb/datenverarbeitung/“ rel=“noreferrer“ target=“_blank“>https://devowl.io/de/rcb/datenverarbeitung/</a>.
The legal basis for the processing of personal data in this context is Art. 6 para. 1 lit. c GDPR and Art. 6 para. 1 lit. f GDPR. Our legitimate interest is the management of the cookies and similar technologies used and the related consents.
The provision of personal data is neither contractually required nor necessary for the conclusion of a contract. You are not obliged to provide the personal data. If you do not provide the personal data, we will not be able to manage your consent.
7. Newsletter
a. Description and scope of data processing
You can subscribe to a free newsletter on our website. When you register for the newsletter, the data from the input screen is transmitted to us. The following data is also collected during registration IP address of the accessing computer, date and time of registration
The data entered in the registration form for our newsletter will be used by us exclusively for sending our newsletter, in which we provide information about all our services. After registration, we will send you a confirmation e-mail containing a link that you must click on to complete your registration for our newsletter (double opt-in). You can unsubscribe from the newsletter at any time by clicking on the unsubscribe link. You can object to the use of your e-mail address for the newsletter at any time without incurring any costs other than the transmission costs according to the basic rates. Your data will be deleted by us within six months of unsubscribing. Please also refer to this privacy policy.
In the case of data collection in paper form, we would like to point out that a double opt-in procedure is not possible. With your consent, you give us permission to send you advertising e-mails. You also have the option of revoking this consent at any time. You can do this by contacting us directly by telephone or via an opt-out link in the newsletter. You can object to the use of your e-mail address for the newsletter at any time without incurring any costs other than the transmission costs according to the basic rates.
If you purchase goods or services on our website and enter your e-mail address, we may subsequently use it to send you a newsletter. In such a case, only direct advertising for our own similar goods or services will be sent via the newsletter.
No data is passed on to third parties in connection with the data processing for sending newsletters. The data is used exclusively for sending the newsletter.
The newsletter is sent via the web-based software Revinate Marketing, a platform of the provider Revinate, Inc, One Letterman Drive, Bldg. C, Suite CM100, San Francisco, CA 94129, USA. The email addresses of our newsletter recipients, as well as their other data described in this notice, are stored on the servers of Revinate Inc. in the Netherlands.
Revinate uses this information to send and evaluate the newsletter on our behalf. Furthermore, Revinate may, according to its own information, use this data to optimize or improve its own services, e.g. for the technical optimization of the dispatch and presentation of the newsletter. However, Revinate GmbH does not use the data of our newsletter recipients to write to them itself or to pass it on to third parties.
Furthermore, we have concluded an "order processing agreement" with Revinate. This is a contract in which Revinate undertakes to protect the data of our users, to process it on our behalf in accordance with its data protection provisions and, in particular, not to pass it on to third parties. According to the provisions of Revinate, the data will not be passed on outside the EU.
b. Legal basis for data processing
The legal basis for the processing of data after registration for the newsletter by the user is Art. 6 para. 1 lit. a GDPR if the user has given consent.
The legal basis for sending the newsletter as a result of the sale of goods or services is Section 7 (3) UWG.
c. Purpose of data processing
The purpose of collecting the user's e-mail address is to deliver the newsletter.
The collection of other personal data as part of the registration process serves to prevent misuse of the services or the e-mail address used.
d. Duration of storage
The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. The user's e-mail address is therefore stored for as long as the subscription to the newsletter is active.
The other personal data collected during the registration process is generally deleted after a period of seven days.
e. Right of objection and removal
The subscription to the newsletter can be canceled by the user concerned at any time. For this purpose, there is a corresponding link in every newsletter.
This also makes it possible to withdraw consent to the storage of personal data collected during the registration process.
f. Statistical collection and analysis
The newsletters contain a so-called "web-beacon", i.e. a pixel-sized file that is retrieved from the Revinate server when the newsletter is opened. As part of this retrieval, technical information, such as information about the browser and your system, as well as your IP address and time of retrieval, is initially collected. This information is used for the technical improvement of the services based on the technical data or the target groups and their reading behavior based on their retrieval locations (which can be determined with the help of the IP address) or the access times.
The statistical surveys also include determining whether the newsletters are opened, when they are opened and which links are clicked. For technical reasons, this information can be assigned to individual newsletter recipients. However, it is neither our intention nor that of Revinate to observe individual users. The evaluations serve us much more to recognize the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.
Consent to the sending of email addresses is given on the basis of Art. 6 para. 1 (a), Art. 7 GDPR and Section 7 para. 2 no. 3 and para. 3 UWG. The use of the mailing service provider Revinate, the performance of statistical surveys and analyses and the logging of the registration process are based on our legitimate interests in accordance with Art. 6 para. 1 (f) GDPR. We are interested in using a user-friendly and secure newsletter system that serves both our business interests, such as direct advertising, and meets the expectations of users.
If we use your personal data for direct advertising, you can object to this at any time by notifying us in accordance with Art. 21 GDPR.
8. Registration and booking
a. Description and scope of data processing
There is a booking engine on our website that enables our users to make online bookings at our hotel. If a user makes use of this option, the data entered in the input mask will be transmitted to us and to our software partner Xotels Ltd, Zandvoortselaan 10, 2042 XA Zandvoort, The Netherlands and stored.
The usual data required for the conclusion of the contract is collected.
These data are:
Salutation of the user
First name and surname of the user
E-mail address of the user
Telephone number of the user
Booking data of the user
Full postal address of the user
Country of the user
Title of the booked guest
First name and surname of the booked guest
Purpose of the stay (business or private)
Further information/messages to the hotel - if completed
Payment method of the user
Credit card details of the user
On our website, we offer users the opportunity to manage, cancel or change reservations by providing personal data. The data is entered into an input mask and transmitted to us and stored. Data processing is carried out by the software provider of our booking engine:
Software partner Xotels Ltd, Zandvoortselaan 10, 2042 XA Zandvoort, The Netherlands
b. Legal basis for data processing
The legal basis for the processing of the data is Art. 6 para. 1 lit. a GDPR if the user has given consent.
c. Purpose of data processing
The purpose of data processing is to enable the user to make an independent booking and manage the reservation already made and to process the stay at the hotel. In the case of an online booking via our website, this also constitutes the necessary legitimate interest in the processing of the data. The other personal data processed during the sending process serve to prevent misuse of the online booking and to ensure the security of our information technology systems.
Furthermore, we have concluded an "order processing agreement" with Xotels Ltd. This is a contract in which Xotels Ltd. undertakes to protect the data of our users, to process it on our behalf in accordance with its data protection provisions and, in particular, not to pass it on to third parties.
d. Duration of storage
The data is stored for the duration of the session and then deleted unless the user completes a booking. In the case of an online booking, all data entered by the user is stored and transmitted to the hotel for the reservation and invoicing.
In general, personal data is only stored for the period of time required to achieve the purpose of storage or if this has been provided for by the European legislator or another legislator in laws or regulations to which the controller is subject.
If the storage purpose no longer applies or if a storage period prescribed by the European legislator or another competent legislator expires, the personal data will be routinely blocked or erased in accordance with the statutory provisions.
e. Right of objection and removal
The user has the option to revoke their consent to the processing of personal data at any time. If the user contacts us by e-mail, they can object to the storage of their personal data at any time. In such a case, it is not possible to make an online booking via the website.
If you wish to object to the processing of your personal data by us, please send an e-mail to datenschutz@azis-hotels.de
All personal data stored in the course of the online booking will be deleted in this case.
9. Contact form and e-mail contact
a. Description and scope of data processing
There is a contact form on our website that can be used to contact us electronically. If a user makes use of this option, the data entered in the input mask will be transmitted to us and stored. The mandatory information to be entered there is
First and last name of the inquirer, telephone number, e-mail address. Other voluntary information is also stored.
We will only use the data collected via our contact form to process inquiries received via the contact form.
The following data is also stored at the time the message is sent:
The IP address of the user
Date and time of registration
Your consent is obtained for the processing of the data as part of the sending process and reference is made to this privacy policy.
Alternatively, it is possible to contact us via the e-mail address provided. In this case, the user's personal data transmitted with the e-mail will be stored.
No data will be passed on to third parties in this context. The data is used exclusively for processing the conversation.
b. Legal basis for data processing
The legal basis for the processing of the data is Art. 6 para. 1 lit. a GDPR if the user has given consent.
The legal basis for the processing of data transmitted in the course of sending an email is Art. 6 para. 1 lit. f GDPR. If the e-mail contact is aimed at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR.
c. Purpose of the data processing
The processing of the personal data from the input mask serves us solely to process the contact. If you contact us by email, this also constitutes the necessary legitimate interest in processing the data.
The other personal data processed during the sending process is used to prevent misuse of the contact form and to ensure the security of our information technology systems.
d. Duration of storage
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data from the input screen of the contact form and those sent by email, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified.
The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.
e. Possibility of objection and removal
The user has the option to revoke their consent to the processing of personal data at any time. If the user contacts us by email, they can object to the storage of their personal data at any time. In such a case, the conversation cannot be continued.
All personal data stored in the course of contacting us will be deleted in this case.
Data security and data protection, communication by e-mail
All technical and organizational measures are taken to ensure that your personal data is stored in such a way that it cannot be accessed by third parties. We cannot guarantee complete data security when communicating by e-mail, so we recommend that you send information requiring a high level of confidentiality by post.
11 Statistical evaluations and plugins
We collect additional data for individual services provided by our company, for example for statistical purposes. In order to create a basis for our media data, we determine, for example, how often pages are accessed or which of our online offers are particularly in demand. Plugins/add-ons such as Facebook are also integrated on some of our websites.
Google Analytics Universal
This website uses Google Analytics Universal, a web analytics service provided by Google Inc ("Google"). Google Analytics also uses "cookies", which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. We expressly point out that this website uses Google Analytics with the extension "anonymizeIp" and therefore IP addresses are only processed in abbreviated form in order to exclude a direct personal reference. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. Google will use this information on behalf of the operator of this website for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available under the following link. As an alternative to the browser add-on or within browsers on mobile devices, please click this link to prevent Google Analytics from collecting data within this website in the future (the opt-out only works in the respective browser and only for this domain). An opt-out cookie will be stored on your device. If you delete cookies in the respective browser, you must click this link again.
By default, sessions are ended after 30 minutes without activity and campaigns after six months. The time limit for campaigns can be a maximum of two years. You can find more information on terms of use and data protection at: https://www.google.com/analytics/terms/de.html
4 Google Maps
We use maps from Google Maps on the website to make it easier for you to find your way around. Google Maps is a service provided by Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). When you access the contact pages, your web browser is instructed to load the necessary functions and map data directly from the Google server. These servers may be located in the USA or other countries around the world. We have no control over this and receive no information from Google as to whether you have exchanged corresponding map information when visiting our site. We do not know whether Google only provides you with the technically necessary information or stores and evaluates further data about you or your system, such as IP addresses, information about your browser or similar. Google publishes a privacy policy that also applies to Google Maps. In particular, we would like to point out that Google processes the following categories of data: device-related information, IP address, hardware settings, browser type, browser language, date and time of your request and referral URL, cookies (can be blocked by you in the browser settings, see also above), location-related information. Google may link the data with other data from you and uses the data collected as part of the services to provide, maintain, protect and improve Google services, to develop new services and to protect Google and its users. Google also uses this data to offer you customized content - for example, to provide you with more relevant search results and advertising. Google uses data collected via cookies and other technologies such as pixel tags to improve your user experience and the overall quality of Google services. For example, Google allows you to save your preferred language settings in order to display services in your preferred language. Before Google uses information for purposes other than those listed in Google's privacy policy, Google will ask for your consent. With your consent, for commissioned data processing operations and for legal reasons, Google also passes on data to third parties. You can also change data protection-related settings at Google when you log in there. Google also complies with several self-regulatory obligations, including the EU-US Privacy Shield Agreement and handles complaints.
5 Google AdWords
As part of the use of the Google AdWords ("AdWords") advertising program of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"), conversion tracking is used to analyze campaign performance on this website. The information collected using the conversion cookie is used to generate conversion statistics for AdWords customers who have opted for conversion tracking. This tells customers the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, they do not receive any information that can be used to personally identify users.
When you click on an ad placed by Google, a cookie is stored on your computer. The information collected by the AdWords cookie is used to generate conversion statistics. The cookies used for conversion tracking lose their validity after 30 days, do not contain any personal data and are therefore not used for personal identification. If our website is accessed before this period expires, we and Google can use the cookie to track that the user clicked on the ad and was redirected to this page. Each Google AdWords customer receives a different cookie. It is therefore not possible for cookies to be tracked via the websites of AdWords customers.
If you do not wish to participate in the tracking process, you can also reject the setting of a cookie required for this - for example, by using a browser setting that generally deactivates the automatic setting of cookies.
You can permanently deactivate the use of cookies by Google by following the link below and changing the settings for managing cookies accordingly:
http://www.google.com/policies/technologies/managing/
http://www.google.com/policies/technologies/ads/
7 Facebook
Die Webseite verwendet Social-Plugins (nachfolgend „Plugins“ genannt) des sozialen Netzwerkes facebook.com, welches von der Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA, betrieben wird (nachfolgend „Facebook“ genannt). Die Plugins sind an einem der Facebook-Logos erkennbar (weißes „f“ auf blauer Kachel oder ein „Daumen hoch“-Zeichen) oder sind mit dem Zusatz „Facebook-Social-Plugin“ gekennzeichnet. Die Liste und das Aussehen der Facebook-Social-Plugins kann hier eingesehen werden.
When a user accesses a page on this website that contains such a plugin, their browser establishes a direct connection with the Facebook servers. The content of the plugin is transmitted by Facebook directly to the user's browser, which integrates it into the website. The provider therefore has no influence on the scope of the data that Facebook collects using this plugin. According to the provider's current knowledge, Facebook proceeds as follows:
By integrating the plugins, Facebook receives the information that a user has accessed the corresponding page of the provider's website. If the user is logged in to Facebook, Facebook can assign the visit to their Facebook account. If users interact with the plugins, e.g. by clicking the Like button or leaving a comment, the corresponding information is transmitted directly from the user's browser to Facebook and stored there. If a user is not a member of Facebook, it is still possible for Facebook to find out their IP address and store it. According to Facebook, only an anonymized IP address is stored in Germany.
The purpose and scope of the data collection and the further processing and use of the data by Facebook as well as the relevant rights and setting options to protect the privacy of users can be found in Facebook's data protection information.
If a user is a Facebook member and does not want Facebook to collect data about them via the provider's website and link it to their membership data stored on Facebook, they must log out of Facebook before visiting the website. It is also possible to block Facebook social plugins with add-ons for the user's browser, e.g. with the "Facebook blocker".
9 YouTube
Our website uses the provider YouTube LLC, 901 Cherry Avenue, San Bruno, CA 94066, USA, represented by Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, to embed videos.
Normally, when you access a page with embedded videos, your IP address is sent to YouTube and cookies are installed on your computer. However, we have integrated our YouTube videos with the extended data protection mode. In this case, YouTube still contacts Google's Double Click service, but according to Google's privacy policy, personal data is not analyzed.
According to YouTube, in "- extended data protection mode -" only data is transmitted to the YouTube server, in particular which of our Internet pages you have visited when you watch the video. When you click on the video, your IP address is transmitted to YouTube and YouTube learns that you have watched the video. If you are logged in to YouTube at the same time, this information will be assigned to your YouTube member account. You can prevent this by logging out of your member account before visiting our website.
We have no knowledge of and no influence on the possible collection and use of your data by YouTube. Further information can be found in YouTube's privacy policy. We also refer you to our general description in this privacy policy for the general handling and deactivation of cookies.
10 Twitter
This website uses Twitter buttons. The buttons are offered by Twitter Inc, 795 Folsom St., Suite 600, San Francisco, CA 94107, USA (hereinafter referred to as "Twitter"). They are recognizable by terms such as "Twitter" or "Follow", combined with a stylized blue bird. Using the Twitter buttons, it is possible to share a post or a page of this website on Twitter or to follow the provider on Twitter.
When a user accesses a page of this website that contains such a Twitter button, their browser establishes a direct connection with the Twitter servers. The content of the Twitter buttons is transmitted by Twitter directly to the user's browser. The provider therefore has no influence on the scope of the data that Twitter collects using this plugin. According to Twitter, only the user's IP address and the URL of the respective website are transmitted when the Twitter button is accessed; this data is only used to display the Twitter button.
Further information on the Twitter service and the Twitter buttons can be found in Twitter's privacy policy.
11 Google Plus
The website uses the "+1" button of the social network Google Plus, which is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter referred to as "Google"). The button can be recognized by the "+1" symbol on a white or coloured background.
When a user accesses a page on this website that contains such a button, the browser establishes a direct connection with Google's servers. The content of the "+1" button is transmitted by Google directly to the user's browser, which then integrates it into the website. The provider therefore has no influence on the scope of the data that Google collects with the button. According to Google's statement, no personal data is collected without a click on the "+1" button; only for logged-in members of Google+ is personal data such as the IP address collected and processed by Google.
Users can find out about the purpose and scope of the data collection and the further processing and use of the data by Google as well as the setting options for protecting privacy in Google's data protection information on the "+1" button here.
Java-Script
We use active JavaScript content from external providers on our website. By accessing our website, these external providers may receive personal information about your visit to our website. You can prevent this by installing a JavaScript blocker such as the browser plug-in 'NoScript' (www.noscript.net) or deactivating JavaScript in your browser. This can lead to functional restrictions on websites that you visit.
Transfer of personal data outside the European Union (third countries)
The transfer of personal data to bodies in third countries takes place in each case if
it is necessary to carry out the booking of the website user and to process the hotel stay
it is required by law
or consent has been given by the user
As already mentioned in the course of this data protection declaration, our company works together with service providers for certain tasks whose registered office is in third countries, whose parent company is in third countries or who themselves work together with companies based in third countries. Such cooperation is permitted if the European Commission has decided that an adequate level of protection exists in the third countries concerned (Section 45 GDPR) We have also concluded an "order processing agreement" with the service providers. This is a contract in which the service providers undertake to protect the data of our users, to process it on our behalf in accordance with their data protection regulations and, in particular, not to pass it on to third parties. In the event of suitable guarantees, legal remedies and the possibility of effectively enforcing rights, we may also transfer personal data to companies based in third countries, provided that no such decision has been taken by the European Commission (Section 46 (1) GDPR). We do not transfer personal data beyond the type of cooperation described above.
Personal data will only be stored for the period of time necessary to achieve the purpose of storage or if this has been provided for by the European legislator or another legislator in laws or regulations to which the controller is subject.
If the storage purpose no longer applies or if a storage period prescribed by the European legislator or another competent legislator expires, the personal data will be routinely blocked or deleted in accordance with the statutory provisions.
External service providers, such as postal services or mailing houses, who process personal data on our behalf are subject to the statutory data protection regulations and may only process the data provided for specific purposes.
External links
For your optimal information, you will find links on our pages that refer to third-party websites. Where such links are not obviously recognizable, we point out that these are external links. We have no influence whatsoever on the content or design of these websites or on the data protection practices of third parties. We cannot accept any responsibility for this. The information in our privacy policy therefore does not apply there.
Declaration of consent of the user
By using our websites and online offers, you agree that the data voluntarily provided and transmitted by you will be stored by us and used and processed in accordance with this privacy policy.
12. Rights of the data subjects
If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller:
a. Right to information
You can request confirmation from the controller as to whether personal data concerning you is being processed by us.
If such processing has taken place, you can request the following information from the controller:
(1) the purposes for which the personal data are processed;
(2) the categories of personal data that are processed;
(3) the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed;
(4) the planned duration of storage of the personal data concerning you or, if specific information on this is not possible, criteria for determining the duration of storage;
(5) the existence of a right to rectification or erasure of personal data concerning you, a right to restriction of processing by the controller or a right to object to such processing;
(6) the existence of a right of appeal to a supervisory authority;
(7) all available information on the origin of the data if the personal data are not collected from the data subject;
(8) the existence of automated decision-making including profiling in accordance with Art. 22 (1) and (4) GDPR and - at least in these cases - meaningful information on the logic involved and the scope and intended effects of such processing for the data subject.
You have the right to request information as to whether the personal data concerning you is transferred to a third country or to an international organization. In this context, you may request to be informed of the appropriate safeguards pursuant to Art. 46 GDPR in connection with the transfer.
b. Right to rectification
You have a right to rectification and/or completion vis-à-vis the controller if the processed personal data concerning you is incorrect or incomplete. The controller must carry out the rectification without undue delay.
c. Right to restriction of processing
Under the following conditions, you may request the restriction of the processing of your personal data:
(1) if you contest the accuracy of the personal data concerning you for a period enabling the controller to verify the accuracy of the personal data;
(2) the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
(3) the controller no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defense of legal claims, or
(4) if you have objected to the processing pursuant to Art. 21 (1) GDPR and it is not yet certain whether the legitimate reasons of the controller outweigh your reasons.
If the processing of personal data concerning you has been restricted, this data - apart from its storage - may only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
If the restriction of processing has been restricted in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.
d. Right to erasure
i. Obligation to erase
You have the right to obtain from the controller the erasure of personal data concerning you without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
(1) The personal data concerning you are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
(2) You revoke your consent on which the processing was based pursuant to Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a GDPR and there is no other legal basis for the processing.
(3) You object to the processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 (2) GDPR.
(4) The personal data concerning you has been processed unlawfully.
(5) The deletion of personal data concerning you is necessary to fulfill a legal obligation under Union law or the law of the Member States to which the controller is subject.
(6) The personal data concerning you were collected in relation to information society services offered in accordance with Art. 8 para. 1 GDPR.
ii. Information to third parties
Where the controller has made the personal data concerning you public and is obliged pursuant to Art. 17 (1) GDPR to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you as the data subject have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
iii. Exceptions
The right to erasure does not apply if the processing is necessary
(1) to exercise the right to freedom of expression and information;
(2) for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
(3) for reasons of public interest in the area of public health in accordance with Art. 9 para. 2 lit. h and i and Art. 9 para. 3 GDPR;
(4) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Art. 89 para. 1 GDPR, insofar as the right referred to in section a) is likely to render impossible or seriously impair the achievement of the objectives of that processing, or
(5) for the assertion, exercise or defense of legal claims.
e. Right to information
If you have asserted the right to rectification, erasure or restriction of processing against the controller, the controller is obliged to notify all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort.
You have the right to be informed about these recipients by the controller.
f. Right to data portability
You have the right to receive the personal data concerning you, which you have provided to the controller, in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another controller without hindrance from the controller to which the personal data has been provided, where
(1) the processing is based on consent pursuant to Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR or on a contract pursuant to Art. 6 para. 1 lit. b GDPR and
(2) the processing is carried out by automated means.
In exercising this right, you also have the right to have the personal data concerning you transmitted directly from one controller to another, where technically feasible. The freedoms and rights of other persons must not be impaired by this.
The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
g. Right to object
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions.
The controller will no longer process the personal data concerning you unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.
If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing.
If you object to processing for direct marketing purposes, your personal data will no longer be processed for these purposes.
Notwithstanding Directive 2002/58/EC, you have the option of exercising your right to object in connection with the use of information society services by means of automated procedures using technical specifications.
h. Right to revoke the declaration of consent under data protection law
You have the right to withdraw your declaration of consent under data protection law at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
i. Automated decision-making in individual cases, including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision
(1) is necessary for the conclusion or performance of a contract between you and the controller,
(2) is authorized by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
(3) with your express consent.
However, these decisions may not be based on special categories of personal data pursuant to Art. 9 para. 1 GDPR, unless Art. 9 para. 2 lit. a or g GDPR applies and appropriate measures have been taken to protect the rights and freedoms as well as your legitimate interests.
In the cases referred to in (1) and (3), the data controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express your point of view and to contest the decision.
j. Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.
13. Video surveillance in the hotel
We reserve the right to make video recordings in public areas of the hotel. Name and contact details can be found in the imprint of this website. The contact details of the data protection officer can be found in this privacy policy. Data processing is carried out on the basis of § 4 BDSG or Art. 6 para. 1 lit. f GDPR for the following purposes and interests: Exercise of domiciliary rights, protection of property, prevention and investigation of criminal offenses (in particular theft and vandalism).
In the case of recording, the data is stored for a maximum of 72 hours. Data will only be stored for longer if this is necessary for the enforcement of legal claims or the prosecution of criminal offenses in specific individual cases. Data will only be transferred to third parties (e.g. the police) if this is necessary to investigate criminal offenses.
14. Data security
We take data protection within the company very seriously. To this end, we use modern data storage and security technology to provide optimum protection for your data. It goes without saying that our security measures are continuously improved in line with technological developments. Our employees and the processors (service companies) commissioned by us have been contractually obliged to maintain confidentiality and to comply with the IT/security provisions and the applicable data protection regulations.
We and our contractual partners protect your personal data from unauthorized access, loss, use or disclosure and ensure that your personal information is kept in a legally required, controlled and secure environment in which unauthorized access, loss or disclosure is prevented.
Technical and organizational measures have been taken in our company to ensure that our company complies with the legal requirements of the BDSG and the GDPR and to protect your data against damage, destruction, falsification, manipulation and unauthorized access. Your data is transmitted in encrypted form and then stored in a database. All systems in which your personal data is stored are protected against access and are only accessible to a specific group of persons responsible for personnel.
In order to avoid unnecessary data volumes, we collect, process and use your personal data only to the extent that this is necessary within the scope of our range of services.
15. Changes to the privacy policy
Please note that data protection regulations and data protection practices may change on an ongoing basis and the contents of this privacy policy may need to be adapted. Should this be the case, we will present changes in a transparent form for you. It is also advisable to inform yourself about changes to the legal provisions and the practices of our company.
Status May 24, 2018