This privacy statement explains the nature, scope and purpose of the processing of personal data (hereinafter referred to as "data") within our online offering and the related websites, functions and content, as well as external online presence, such as our Social Media Profile. (collectively referred to as "online offer"). With regard to the terms used, such as "processing" or "responsible", we refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR).

Controller

Seehotel GmbH & Co. KG
Idle way
63843 Niedernberg
Germany
Phone: +49 6028 999-0
mail@seehotel-niedernberg.de
Responsible for content (according to § 55 Abs. 2 RStV):
John Weitz
Seehotel Niedernberg GmbH & Co. KG
Idle way
63843 Niedernberg
mail@seehotel-niedernberg.de
Link to the imprint.

Types of processed data:

• Contact details (company, salutation, title, first name, last name, street / no., Zip code / city, country, telephone, fax, email, website)
• Content data (eg, text input, photographs, videos).
• Usage data (eg, visited websites, interest in content, access times).
• Meta / communication data (eg, device information, IP addresses).
• Inventory data (eg, names, addresses).

Categories of affected persons

Visitors and users of the online offering (Hereinafter, we also collectively refer to these affected individuals as 'users').

Purpose of processing

• Provision of the online offer, its functions and content
• Answering contact inquiries and communicating with users
• Safety measures
• Audience measurement / Marketing

Used terms

"Personal data" refers to any information relating to an identified or identifiable natural person (hereinafter referred to as the 'data subject'); an identifiable natural person is one who can be identified, directly or indirectly, particularly by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g., cookie), or one or more specific factors expressing the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

"Processing" means any process performed with or without the aid of automated procedures or any such process associated with personal data. The term goes far and includes virtually every handling of data.

The "controller" refers to the natural or legal person, authority, agency, or other body which alone or jointly with others determines the purposes and means of the processing of personal data.

Relevant legal basics

In accordance with Art. 13 DSGVO we inform you about the legal basis of our data processing. Unless the legal basis in the data protection declaration is mentioned, the following applies: The legal basis for obtaining consent is Art. 6 para. 1 lit. a and Art. 7 DSGVO, the legal basis for the processing for the performance of our services and the execution of contractual measures as well as the response to inquiries is Art. 6 para. 1 lit. b DSGVO, the legal basis for processing in order to fulfill our legal obligations is Art. 6 para. 1 lit. c DSGVO, and the legal basis for processing for the protection of our legitimate interests is Art. 6 para. 1 lit. f DSGVO. In the event that vital interests of the data subject or any other natural person require the processing of personal data, Art. 6 para. 1 lit. d DSGVO as legal basis.

Collaboration with processors and third parties

If, in the context of our processing, we disclose data to other persons and companies (contract processors or third parties), transmit them to them or otherwise grant access to the data, this will only be done on the basis of a legal permission (eg if a transmission of the data to third parties, as to payment service providers, in accordance with Art. 6 para. 1 lit. b DSGVO is required to fulfill the contract), you have consented to a legal obligation or on the basis of our legitimate interests (eg the use of agents, webhosters, etc.).

If we commission third parties to process data on the basis of a so-called "order processing contract", this is done on the basis of Art. 28 DSGVO.

Transfers to third countries

If we process data in a third country (ie outside the European Union (EU) or the European Economic Area (EEA)) or in the context of the use of third party services or disclosure or transmission of data to third parties, this will only be done if it is to fulfill our (pre) contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we process or have the data processed in a third country only in the presence of the special conditions of Art. 44 et seq. DSGVO. This means, for example, that the processing takes place on the basis of special guarantees, such as the officially recognized level of data protection (eg for the USA through the "Privacy Shield") or compliance with officially recognized special contractual obligations (so-called "standard contractual clauses").

Rights of data subjects

You have the right to request a confirmation as to whether the data in question are being processed and to provide information about this data as well as further information and a copy of the data in accordance with Art. 15 DSGVO.

You have accordingly. Art. 16 DSGVO the right to demand the completion of the data concerning you or the correction of the incorrect data concerning you.

In accordance with Art. 17 DSGVO, they have the right to demand that the relevant data be deleted immediately, or, alternatively, to require a restriction of the processing of data in accordance with Art. 18 DSGVO.

You have the right to demand that the data relating to you provided to us be obtained in accordance with Art. 20 DSGVO and to be transmitted to other persons responsible.

You have gem. Art. 77 DSGVO the right to file a complaint with the competent supervisory authority.

Right to cancel


You have the right to grant consent in accordance with. Art. 7 para. 3 DSGVO with effect for the future

Right of objection

You may at any time object to the future processing of your data in accordance with Art. 21 GDPR. The objection may in particular be made against processing for direct marketing purposes.

Cookies and right of objection for direct advertising

"Cookies" are small files that are stored on users' computers. Different information can be stored within the cookies. A cookie is primarily used to store information about a user (or the device on which the cookie is stored) during or after their visit within an online offer. Temporary cookies, or “session cookies” or “transient cookies”, are cookies that are deleted after a user leaves an online offer and closes his browser. Such a cookie can be used, for example, to store the contents of a shopping cart in an online shop or a login status. Cookies are referred to as "permanent" or "persistent" and remain saved even after the browser is closed. For example, the login status can be saved if users visit it after several days. Such a cookie can also be used to store the interests of users who are used for range measurement or marketing purposes. As a "third-party cookie", cookies will be offered by providers other than the person responsible for operating the online offer (otherwise, if they are only their cookies, we speak of "first-party cookies").

We may use both temporary and permanent cookies and provide information about this in our privacy policy.

If users do not want cookies to be stored on their computer, they are advised to deactivate the corresponding option in their browser's system settings. Stored cookies can be deleted in the browser's system settings. However, disabling cookies may result in functional limitations within this online service.

A general contradiction against the use of the cookies used for the purpose of online marketing can in a variety of services, especially in the case of tracking, on the US side http://www.aboutads.info/choices/ or the EU side http://www.youronlinechoices.com/ be explained. Furthermore, the storage of cookies can be achieved by switching them off in the browser settings. Please note that in this case not all functions of this online offer can be used.

Deletion of data

The data processed by us are deleted or restricted in accordance with Art. 17 and 18 DSGVO. Unless explicitly stated in this privacy policy, the data stored by us are deleted as soon as they are no longer required for their purpose and the deletion does not conflict with any statutory storage requirements. Unless the data is deleted because it is required for other and legitimate purposes, its processing will be restricted. This means that the data is blocked and not processed for other purposes. This applies, for example, to data that must be kept for commercial or tax reasons.

According to legal regulations in Germany, the storage takes place in particular for 6 years according to § 257 paragraph 1 HGB (trading books, inventories, opening balance sheets, annual accounts, trade letters, accounting documents, etc.) as well as 10 years according to § 147 para. 1 AO (books, records , Management reports, accounting documents, trade and business letters, documents relevant to taxation, etc.).

According to legal requirements in Austria, storage is carried out especially for 7 years in accordance with Section 132 (1) BAO (accounting documents, receipts / invoices, accounts, receipts, business papers, statement of income and expenses, etc.) for 22 years in connection with land and for 10 years for documents in connection with electronically provided services, telecommunication, radio and television services, which are provided to non-entrepreneurs in EU member states and for which the Mini-One-Stop-Shop (MOSS) is used.

Hosting

The hosting services we use serve to provide the following services: infrastructure and platform services, computing capacity, storage space and database services, security services and technical maintenance services that we use for the purpose of operating this online offer.

In doing so, we or our hosting provider process inventory data, contact details, content data, contract data, usage data, meta and communication data of customers, interested parties, and visitors to this online offering based on our legitimate interests in an efficient and secure provision of this online service pursuant to Art. 6(1)(f) GDPR in conjunction with Art. 28 GDPR (conclusion of a data processing agreement).

Collection of access data and log files

We, or our hosting provider, collects based on our legitimate interests within the meaning of Art. 6 para. 1 lit. f. DSGVO Data on every access to the server on which this service is located (so-called server log files). The access data includes name of the retrieved web page, file, date and time of retrieval, amount of data transferred, message about successful retrieval, browser type and version, the user's operating system, referrer URL (the previously visited page), IP address and the requesting provider ,

Logfile information is stored for security reasons (eg to investigate abusive or fraudulent activities) for a maximum of 7 days and then deleted. Data whose further retention is required for evidential purposes shall be exempted from the cancellation until final clarification of the incident.

Provision of contractual services

We process stock data (eg, names and addresses as well as contact data of users), contract data (eg, used services, names of contact persons, payment information) for the purpose of fulfilling our contractual obligations and services in accordance with Art. Art. 6 para. 1 lit b. DSGVO. The entries marked as obligatory in online forms are required for the conclusion of the contract.

When using our online services, we save the IP address and the time of the respective user action. The storage takes place on the basis of our legitimate interests, as well as the user's protection against misuse and other unauthorized use. This data is not passed on to third parties, unless it is necessary to pursue our claims or there is a legal obligation to do so in accordance with. Art. 6 para. 1 lit. c GDPR.

We process usage data (e.g., the websites of our online offer visited, interest in our products) and content data (e.g., entries in the contact form or user profile) for advertising purposes in a user profile in order to display the user, for example, product information based on their previously used services.

The deletion of the data takes place after expiration of legal warranty and comparable obligations, the necessity of the storage of the data is checked every three years; in the case of legal archiving obligations, the deletion takes place after its expiration. Information in the customer's account remains until it is deleted.

Amazon Affiliate Program

On the basis of our legitimate interests (ie interest in the economic operation of our online offer within the meaning of Article 6 (1) (f) GDPR), we are participants in the Amazon EU partner program, which was designed to provide a medium for websites, by means of: the placement of advertisements and links to Amazon.de advertising reimbursement can be earned (so-called affiliate system). Amazon uses cookies to be able to trace the origin of the orders. Among other things, Amazon can recognize that you clicked the partner link on this website and then purchased a product from Amazon.

For more information about Amazon's data usage and opt-out options, please read the company's privacy policy: http://www.amazon.de/gp/help/customer/display.html/ref=footer_privacy?ie=UTF8&nodeId=3312401.

Contacting us

When contacting us (eg via contact form, e-mail, telephone or via social media), the information provided by the user to process the contact request and its processing acc. Art. 6 para. 1 lit. b) DSGVO processed. User information can be stored in a Customer Relationship Management System ("CRM System") or comparable request organization.

We delete the requests if they are no longer required. We review the necessity every two years; the statutory archiving obligations also apply.

Newsletter

With the following information, we inform you about the content of our newsletter, as well as the registration, dispatch, and statistical analysis procedures, along with your right to object. By subscribing to our newsletter, you agree to receive it and accept the described procedures.
Newsletter Content: We send newsletters, emails, and other electronic notifications containing promotional information (hereinafter referred to as "newsletter") only with the recipients' consent or legal permission. If the contents of the newsletter are specifically described during the registration, they are decisive for users' consent. Otherwise, our newsletters contain information about our services and us.
Double Opt-In and Logging: Registration for our newsletter occurs via a double opt-in procedure. That means after registration, you'll receive an email asking you to confirm your subscription. This confirmation is necessary to prevent someone from registering with other people's email addresses. Newsletter subscriptions are logged to meet legal requirements. This includes storing the registration and confirmation times, as well as the IP address. Changes to your data stored by the shipping service provider are also logged.

Registration Data: To sign up for the newsletter, providing your email address is sufficient. Optionally, we ask for your name for personal addressing in the newsletter.

Germany: The dispatch of the newsletter and the related performance measurement is based on the consent of the recipient gem. Art. 6 para. 1 lit. a, Art. 7 DSGVO in conjunction with § 7 para. 2 No. 3 UWG or on the basis of the statutory permission pursuant to Art. § 7 para. 3 UWG.

Logging the registration procedure is based on our legitimate interests according to Art. 6(1)(f) GDPR. Our interest lies in employing a user-friendly and secure newsletter system that serves both our business interests and meets user expectations, while also allowing us to provide evidence of consent.

Cancellation / revocation - You can cancel the receipt of our newsletter at any time, ie revoke your consent. You will find a link to cancel the newsletter at the end of each newsletter. We can save the unsubscribed email addresses for up to three years based on our legitimate interests before we delete them for the purpose of sending the newsletter in order to be able to prove a previously given consent. The processing of this data is limited to the purpose of a possible defense against claims. An individual request for deletion is possible at any time, provided that the previous consent is confirmed.

Newsletter - Success Measurement

The newsletters contain a so-called "web beacon", ie a pixel-sized file that is retrieved from the server when the newsletter is opened by our server or, if we use a shipping service provider. This call will initially collect technical information, such as information about the browser and your system, as well as your IP address and time of retrieval.

This information is used to improve the technical performance of services based on their specifications or audience and their reading habits, based on their locations (which can be determined using the IP address) or access times. Statistical surveys also include determining if the newsletters will be opened, when they will be opened and which links will be clicked. For technical reasons, this information can be assigned to the individual newsletter recipients. However, it is neither our goal nor, if used, that of the shipping service provider to observe individual users. The evaluations serve us much more to recognize the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.

Google Analytics

We use Google Analytics, a web analytics service provided by Google LLC ('Google'), based on our legitimate interests (i.e., interest in analyzing, optimizing, and economically operating our online offering within the meaning of Art. 6(1)(f) GDPR). Google employs cookies. The information generated by the cookie regarding the use of the online service by users is typically transmitted to and stored on a Google server in the United States.

Google is certified under the Privacy Shield Agreement, which provides a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

Google will use this information on our behalf to evaluate the use of our online service by users, compile reports on activities within this online service, and provide us with further services related to the use of this online service and internet usage. This can also involve the creation of pseudonymous user profiles based on processed data.

We use Google Analytics with IP anonymization enabled. This means that the IP address of users within member states of the European Union or in other contracting states of the Agreement on the European Economic Area is shortened by Google. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.

The IP address submitted by the user's browser will not be merged with other data provided by Google. Users can prevent the storage of cookies by setting their browser software accordingly; Users may also prevent the collection by Google of the data generated by the cookie and related to their use of the online offer and the processing of such data by Google by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=de.

You can find further information on the use of data by Google, setting and objection options on the Google website: https://www.google.com/intl/de/policies/privacy/partners ( "How Google uses data when you use websites or apps of our partners"), http://www.google.com/policies/technologies/ads ( "Use of data for advertising purposes"), http://www.google.de/settings/ads ("Managing information that Google uses to show you advertising").

Online presence in social media

We maintain online presence within social networks and platforms in order to communicate with customers, prospects and users active there and to inform them about our services. When calling the respective networks and platforms, the terms and conditions and the data processing guidelines apply to their respective operators.

Unless otherwise stated in our privacy policy, users' data will be processed provided they communicate with us within social networks and platforms, e.g. write posts on our online presence or send us messages.

Integration of services and content of third parties

Based on our legitimate interests (ie interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 para. 1 lit.f DSGVO), we make use of content or services offered by third-party providers in order to provide their content and services Integrate services such as videos or fonts (collectively referred to as "content").

This always presupposes that the third-party providers of this content perceive the IP address of the user, since without the IP address they could not send the content to their browser. The IP address is therefore required to display this content. We strive to only use content whose respective providers only use the IP address to deliver the content. Third-party providers can also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. The "pixel tags" can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information can also be stored in cookies on the user's device and contain, among other things, technical information about the browser and operating system, referring websites, time of visit and other information on the use of our online offer, as well as being linked to such information from other sources.

Youtube

We embed the videos of the platform "YouTube" of the provider Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. Data protection: https://www.google.com/policies/privacy/, Opt-out: https://adssettings.google.com/authenticated.

Google Maps

We integrate the maps of the service “Google Maps” from Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. Data protection: https://www.google.com/policies/privacy/, Opt-out: https://adssettings.google.com/authenticated.

Google Fonts

We embed the fonts ("Google Fonts") of the provider Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. Data protection: https://www.google.com/policies/privacy/, Opt-out: https://adssettings.google.com/authenticated.

Google ReCaptcha

We incorporate the Bots Detection feature, for example when entering into online forms ("ReCaptcha") owned by Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. Data protection: https://www.google.com/policies/privacy/, Opt-out: https://adssettings.google.com/authenticated.

Use of Facebook Social Plugins

Based on our legitimate interests (ie interest in the analysis, optimization and economical operation of our online offer within the meaning of Art. 6 para. 1 lit. f. DSGVO) we use social plugins ("plugins") of the social network facebook.com, which operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland ("Facebook"). The plugins can represent interaction elements or content (eg videos, graphics or text contributions) and can be recognized by one of the Facebook logos (white "f" on blue tile, the terms "Like", "Like" or a "thumbs up" sign ) or are marked with the addition "Facebook Social Plugin". The list and appearance of Facebook social plugins can be viewed here: https://developers.facebook.com/docs/plugins/.

Facebook is certified under the Privacy Shield Agreement, which provides a guarantee to comply with European data protection lawhttps://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).

If a user accesses a function of this online offering that contains such a plugin, their device establishes a direct connection to Facebook's servers. The content of the plugin is transmitted directly from Facebook to the user's device and integrated into the online offering. User profiles can be created from the processed data. Therefore, we have no influence on the scope of data that Facebook collects using this plugin and inform users to the best of our knowledge.

By integrating the plugins, Facebook receives information that a user has accessed the respective page of the online offering. If the user is logged into Facebook, Facebook can assign the visit to their Facebook account. When users interact with the plugins, such as clicking the Like button or leaving a comment, the corresponding information is transmitted directly from their device to Facebook and stored there. If a user is not a member of Facebook, there is still the possibility that Facebook will obtain and store their IP address. According to Facebook, only an anonymized IP address is stored in Germany.

The purpose and scope of the data collection and the further processing and use of the data by Facebook as well as the related rights and setting options to protect the privacy of users, these can be found in the privacy policy of Facebook: https://www.facebook.com/about/privacy/.

If a user is a Facebook member and does not want Facebook to collect data about him through this online offer and associate it with his member data stored on Facebook, he must log out of Facebook and delete his cookies before using our online offer. Other settings and inconsistencies regarding the use of data for promotional purposes are possible within the Facebook profile settings: https://www.facebook.com/settings?tab=ads  or via the US side http://www.aboutads.info/choices/  or the EU side http://www.youronlinechoices.com/, The settings are platform-independent, ie they are adopted for all devices, such as desktop computers or mobile devices.

Twitter

Functions and contents of the service Twitter can be integrated into our online offer, offered by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. This may include, for example, content such as images, videos or texts and buttons with which users can express their liking for the content, subscribe to the authors of the content or subscribe to our contributions. If the users are members of the Twitter platform, Twitter can assign the access to the above-mentioned content and functions to the user profiles there. Instgram Privacy Statement: https://twitter.com/de/privacy. Twitter is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active). Data protection declaration: https://twitter.com/de/privacy, opt-out: https://twitter.com/personalization.

Instagram

Functions and content of the Instagram service can be integrated into our online offer, offered by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. This may include, for example, content such as images, videos or texts and buttons with which users can express their liking for the content, subscribe to the authors of the content or subscribe to our contributions. If the users are members of the Instagram platform, Instagram can assign the access to the above content and functions to the user profiles there. Instgram Privacy Statement: http://instagram.com/about/legal/privacy/.

Pinterest

Functions and contents of the Pinterest service may be integrated into our online offer, offered by PPinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA. This may include, for example, content such as images, videos or texts and buttons with which users can express their liking for the content, subscribe to the authors of the content or subscribe to our contributions. If the users are members of the Pinterest platform, Pinterest can assign the access to the above content and functions to the user profiles there. Instgram Privacy Statement: https://about.pinterest.com/de/privacy-policy.

Xing

Functions and contents of the Xing service may be integrated into our online offer, offered by XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany. This may include, for example, content such as images, videos or texts and buttons with which users can express their liking for the content, subscribe to the authors of the content or subscribe to our contributions. If the users are members of the Xing platform, Xing can assign the access to the above-mentioned content and functions to the user profiles there. Xing Privacy Statement: https://www.xing.com/app/share?op=data_protection..

LinkedIn

Functions and content of the LinkedIn service can be integrated into our online offer, offered by LinkedIn AG, Dammtorstraße 29-32, 20354 Hamburg, Germany. This may include, for example, content such as images, videos or texts and buttons with which users can express their liking for the content, subscribe to the authors of the content or subscribe to our contributions. If the users are members of the LinkedIn platform, LinkedIn can assign the access to the above-mentioned content and functions to the user profiles there. LinkedIn privacy policy: https://www.linkedin.com/legal/privacy-policy., LinkedIn is certified under the Privacy Shield Agreement, which provides a guarantee to comply with European privacy legislation (https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active). Data protection declaration: https://twitter.com/de/privacy, opt-out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

Created with Datenschutz-Generator.de by RA Dr. med. Thomas Schwenke

 

• Hotel accommodation contract
• Additional agreements for banquet events
• Additional agreements for events