Privacy Policy
The protection of personal data is a matter of great importance to us. Therefore, we process personal data in accordance with applicable European and national laws.
You may, of course, revoke your consent at any time with future effect. To do so, please contact the data controller.
The following statement provides an overview of the types of data collected, how this data is used and shared, the security measures we take to protect your data, and how you can obtain information about the data provided to us.
Legal Basis for the Processing of Personal Data
To the extent that we obtain the data subject’s consent for the processing of personal data, Article 6(1)(a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis.
When processing personal data necessary for the performance of a contract to which the data subject is a party, Article 6(1)(b) of the GDPR serves as the legal basis. This also applies to processing operations necessary for the implementation of pre-contractual measures.
To the extent that the processing of personal data is necessary to comply with a legal obligation to which we are subject, Article 6(1)(c) of the GDPR serves as the legal basis.
If the processing is necessary to safeguard a legitimate interest of our company or a third party, and the interests, fundamental rights, and freedoms of the data subject do not override the aforementioned interest, Article 6(1)(f) of the GDPR serves as the legal basis for the processing.
Data Deletion and Retention Period
The data subject’s personal data will be deleted or blocked as soon as the purpose for which it was stored no longer applies. Data may also be stored if this is provided for by European or national legislation in EU regulations, laws, or other provisions to which we are subject. Data will also be blocked or deleted when a retention period prescribed by the aforementioned standards expires, unless there is a need to continue storing the data for the conclusion or performance of a contract.
Hosting
External Hosting
This website is hosted by an external service provider (host). Personal data collected on this website is stored on the host’s servers. This may include, in particular, IP addresses, contact requests, metadata and communication data, contractual data, contact details, names, website visits, and other data generated via a website.
The use of the host is for the purpose of fulfilling our contractual obligations to our potential and existing customers (Art. 6(1)(b) GDPR) and in the interest of providing our online services securely, quickly, and efficiently through a professional provider (Art. 6(1)(f) GDPR).
Our hosting provider will process your data only to the extent necessary to fulfill its service obligations and will follow our instructions regarding this data.
The Data Controller and the Data Protection Officer
Name and Address of the Data Controller
The data controller within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws of the member states, as well as other data protection regulations, is:
Seezeitlodge Hotel GmbH
Am Bostalsee 1
66625 Gonnesweiler
Germany
Phone: +49 6852 80 98 0
Email: mail@seezeitlodge.de
Website: www.seezeitlodge-bostalsee.de
Name and address of the Data Protection Officer
The data protection officer of the controller is:
Dieter Grohmann
Data Protection & Privacy
Beethovenstraße 23
87435 Kempten
Germany
Phone: +49 (0) 831 5209 8680
Email: info@datenschutzprivacy.de
Website: www.datenschutzprivacy.de
Definitions
This Privacy Policy is based on the terminology used by the European legislator when enacting the EU General Data Protection Regulation (hereinafter referred to as the “GDPR”). This Privacy Policy is intended to be easy to read and understand. To ensure this, the most important terms are explained below:
- Personal data refers to any information relating to an identified or identifiable natural person (hereinafter referred to as the “data subject”). A natural person is considered identifiable if they can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
- A data subject is any identified or identifiable natural person whose personal data is processed by the controller.
- Processing means any operation or set of operations performed on personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or any other form of making available, alignment or combination, restriction, erasure, or destruction.
- Profiling means any form of automated processing of personal data consisting of the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.
- Pseudonymization is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.
- The controller is the natural or legal person, public authority, agency, or other body that, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
- A processor is a natural or legal person, public authority, agency, or other body that processes personal data on behalf of the controller.
- A recipient is a natural or legal person, public authority, agency, or other body to whom personal data is disclosed, regardless of whether or not that entity is a third party. However, public authorities that may receive personal data in the course of a specific investigative mandate under Union law or the law of the Member States are not considered recipients.
- A third party is a natural or legal person, public authority, agency, or other body other than the data subject, the controller, the processor, and the persons who, under the direct authority of the controller or the processor, are authorized to process the personal data.
- Consent means any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
Provision of the Website and Creation of Log Files
When you use the website for informational purposes only—that is, if you do not register or otherwise provide us with information—we automatically collect the following data and information from the computer system of the accessing device each time the website is visited:
a) The user’s IP address
b) Information about the browser type and version used
c) The user’s operating system
d) The user’s Internet service provider
e) Date and time of access
f) Websites accessed from the user’s system via our website
g) Content of the visits (specific pages)
h) Amount of data transferred in each instance
i) Language and version of the browser software
The data is also stored in our system’s log files. This data is not stored together with other personal data of the user.
The legal basis for the temporary storage of log files is Article 6(1)(f) of the GDPR.
The system’s temporary storage of the IP address is necessary to
a) enable the website to be delivered to the user’s computer. To do this, the user’s IP address must be stored for the duration of the session.
b) optimize the content of our website and the advertising displayed on it
c) ensure the functionality of our IT systems and the technology of our website
d) provide law enforcement authorities with the information necessary for criminal prosecution in the event of a cyberattack
Data is stored in log files to ensure the functionality of the website. In addition, the data helps us optimize the website and ensure the security of our IT systems. The data is not analyzed for marketing purposes in this context.
These purposes also constitute our legitimate interest in data processing pursuant to Art. 6(1)(f) of the GDPR.
The data is deleted as soon as it is no longer necessary to achieve the purpose for which it was collected—in this case, at the end of the usage session.
If the data is stored in log files, this occurs no later than seven days after collection. Further storage is possible. In this case, the IP addresses are deleted or anonymized so that the requesting client can no longer be identified.
The collection of data for the provision of the website and the storage of data in log files is strictly necessary for the operation of the website, which is why there is no option to object.
Use of Cookies
This website uses cookies. Below is a list of the cookies used, along with descriptions.
Cookies are small text files that are sent from a web server to your browser when you visit a website, stored locally on your device (PC, laptop, tablet, smartphone, etc.), and provide the user (i.e., us) with certain information. Cookies serve to make the website more user-friendly and secure, in particular to collect usage-related information, such as the frequency of use, the number of users, and user behavior on the site. Cookies do not cause any damage to your computer and do not contain viruses. This cookie contains a unique string of characters (known as a cookie ID) that enables the browser to be uniquely identified when the website is visited again.
You can view the cookies we use at any time in our cookie banner.
Cookies remain stored even after the browser session ends and can be accessed again when you visit the site. However, cookies are stored on your computer and transmitted from there to our site. Therefore, you have full control over the use of cookies. If you do not wish to have data collected via cookies, you can configure your browser via the “Settings” menu so that you are notified when cookies are set, or to generally block the setting of cookies, or to delete cookies individually. Please note, however, that disabling cookies may limit the functionality of this website. In the case of session cookies, these will be automatically deleted anyway once you leave the website.
Newsletter
If you purchase goods or services from us and provide your email address in the process, we may subsequently use this address to send you a newsletter. In such cases, the newsletter will contain only direct marketing for our own similar goods or services. The legal basis for sending the newsletter is Section 7(3) of the Unfair Competition Act (UWG).
To prevent misuse or incorrect email addresses, we use the so-called double opt-in procedure. This means that we will send an email to the address you provided, asking you to confirm that the email address is correct. If you do not confirm your details within 24 hours, your information will be blocked and automatically deleted after one month. In addition, we store the IP addresses you use and the times of registration and confirmation.
The collection of the user’s email address serves to deliver the newsletter.
The collection of other personal data as part of the confirmation process pursuant to paragraph 2 serves to prevent misuse of the services or the email address used.
The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. The user’s email address will therefore be stored for as long as you do not unsubscribe from the newsletter.
You can unsubscribe from our emails at any time by clicking the “Unsubscribe from newsletter” link in our newsletter footer or by sending us a message (email, letter, or fax) to the contact information provided in the legal notice, indicating that you no longer wish to receive our promotional emails.
E-Commerce
If you wish to place an order in our online store, you must provide your personal information, which we need to process your order, in order to conclude the contract. Required information necessary for processing the contract is marked separately; additional information is optional. The data is entered into a form, transmitted to us, and stored.
The following data is collected through the online store:
• Name
• Address (including a separate billing address, if applicable)
• Email address
• Phone number
• Bank details
• IP address
• Date and time of the order
Data will only be disclosed to third parties if such disclosure is necessary for the purpose of contract fulfillment, billing, or payment collection, or if you have expressly consented to it. In this regard, we only disclose the data that is strictly necessary.
The recipients of the data are
• Collection agencies, if payment needs to be collected (disclosure of name, address, order details)
• The bank for the collection of payment, if payment is made via direct debit
• Accounting
The legal basis is Article 6(1)(b) of the GDPR. With regard to voluntary data, the legal basis for processing the data is Article 6(1)(a) of the GDPR.
The mandatory information collected is necessary for the performance of the contract with the user (for the purpose of shipping the goods and confirming the contract details). We therefore use the data to respond to your inquiries, to process your order, if necessary to check creditworthiness or collect a debt, and for the technical administration of the websites. Voluntary information is provided to prevent misuse and, if necessary, to investigate criminal offenses. We may also process the data you provide to inform you about other interesting products in our portfolio or to send you emails containing technical information.
The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. We are required by commercial and tax law to store your address, payment, and order data for a period of ten years following the fulfillment of the contract. However, after two years, we restrict the processing of this data, meaning it will be used solely to comply with legal obligations. If a continuing contractual relationship exists between us and the user, we store the data for the entire duration of the contract and for a period of ten years thereafter (see above). With regard to voluntarily provided data, we will delete the data two years after the contract has been fulfilled, provided that no further contract is concluded with the user during this time; in which case the data will be deleted two years after the performance of the last contract. Statutory retention periods remain unaffected and take precedence.
If the data is necessary for the performance of a contract or for the implementation of pre-contractual measures, early deletion of the data is only possible to the extent that no contractual or statutory obligations preclude such deletion.
Otherwise, you are free to request that the personal data provided during registration be completely deleted from the data controller’s database. The data controller will provide you with information at any time, upon request, regarding which personal data about you is stored. Furthermore, the data controller will correct or delete personal data at the request or upon notification by the data subject, provided that no legal retention obligations prevent this. You may contact the controller or the data protection officer at any time via email or mail in accordance with Section 1 and request the deletion or modification of your data.
Online Booking << One Page Booking >>
On our website, you have the option to book rooms and other services directly through our integrated booking system.
For this purpose, we use the “One Page Booking” system provided by HotelNetSolutions GmbH, Genthiner Straße 8, 10785 Berlin, Germany (“HNS”).
The booking system is fully integrated into our website.
The following personal data is collected and processed as part of the booking process:
Required information:
• Title, first name, and last name
• Contact information (email address, phone number)
• Address (street, house number, ZIP code, city, country)
• Booking details (check-in and check-out dates, room category, traveling companions)
• Names of traveling guests
• Payment details (e.g., credit card information)
Optional information:
• Company details
• Additional contact information (e.g., mobile number, email addresses of other guests)
This data is processed for the purpose of taking pre-contractual measures and for the performance of a contract in accordance with Article 6(1)(b) of the GDPR.
The technical provision of the booking process is carried out by HNS as a data processor on the basis of a contract pursuant to Art. 28 GDPR.
To the extent necessary for the execution of the booking, personal data will be disclosed to third parties. This applies in particular to payment service providers for the processing of the payment.
The processing of payment data is generally carried out directly by the respective payment provider.
Tracking and analytics technologies are used throughout the booking process.
We use Google Tag Manager to integrate various services.
Google Tag Manager itself does not process any personal data, but it enables the control of tracking tags. Depending on your consent, these tags can be used to load additional services, such as analytics tools (e.g., Google Analytics).
The use of these technologies is based exclusively on your consent in accordance with Article 6(1)(a) of the GDPR.
No corresponding tracking takes place without your consent.
Your personal data is stored only for as long as necessary to fulfill the stated purposes or as required by statutory retention periods.
Further information on data processing by HNS can be found at:
https://hotelnetsolutions.de/Datenschutz/
Use of the MYSPA Wellness Planner
For our wellness facility, we use the MYSPA Wellness Planner from the provider based on IT GmbH (Hammermühle (Entrance N)), Bernhard-May-Str. 58, 65203 Wiesbaden, as our reservation planning tool.
MYSPA is web-based and can be accessed by authorized employees at any time via a browser. Your personal data is used exclusively for reservation planning. The retention period is based on the statutory retention period, and therefore this data is deleted once the purpose for which it was collected no longer applies. The legal basis for the processing of your personal data is Article 6(1)(b) of the GDPR. Further information can be found in the privacy policy at www.based-on-it.de/start/kontakt/datenschutz.
Voucher Tool
On our website, we use the voucher tool “Voucher App,” formerly known as “Getavo.” The Voucher App is provided by Brandnamic and is used to offer our users vouchers and discounts. When using the Voucher App, certain personal data is processed in order to provide and optimize the tool’s functionalities. For more information on the collection and processing of your data by the Voucher App, please refer to Brandnamic’s privacy policy at https://www.brandnamic.com/privacy
Inquiry Management
On our website, we offer you the option to submit non-binding inquiries and reservations and to send the corresponding inquiry forms directly to us.
Our LUMI inquiry form collects the following data:
• Salutation
• Title
• Last name
• Phone number
• Number of adults / children
• Occasion
• Preferred date / time
• Allergens / intolerances
• Message
Our SPA inquiry form collects the following data:
• Desired treatment
• Salutation
• Title
• Last name
• Phone number
• Number of people
• Desired date / time
• Message
Our EVENTS inquiry form collects the following data:
• Salutation
• Title
• Last name
• Company name, including contact information
• Phone number
• Number of people
• Preferred date / time
• Message
These forms also support the hotel’s reservations department with a series of (semi-)automated messages. These include emails regarding reminders, deposits, waitlists, arrival, and departure.
For this purpose, we store the data from the inquiry and the reservation.
To keep the number of service emails to a minimum, we track whether a message has been read.
As soon as a reservation is made, your data is transferred to the hotel software so that the hotel can make all necessary arrangements for your stay.
You may revoke your consent to the storage of your data and email address, as well as their use for responding to inquiries and sending service emails, at any time free of charge.
You may revoke your consent by sending us an informal email directly.
The legal basis is Article 6(1)(b) of the GDPR.
Privacy Policy for Collecting Feedback
We are delighted that you attended our event! To help us further improve our events, we would like to ask you to take part in a short survey. Your participation is voluntary.
Data Controller:
Seezeitlodge Hotel GmbH
Am Bostalsee 1, 66625 Gonnesweiler
mail@seezeitlodge.de
Purpose of Data Processing:
The information you provide will be used to collect your feedback on the event and to improve future events. Your information will be used exclusively for this purpose.
Data collected:
We collect the following personal data:
Name (optional)
Email address (optional)
Feedback on various aspects of the event
Legal basis for processing:
Your data is processed based on your voluntary consent (Art. 6(1)(a) GDPR).
Data sharing:
We use Google Forms as an external service provider to conduct the survey. Google processes the data you provide in accordance with its Privacy Policy (https://policies.google.com/privacy?hl=de).
Retention period:
Your data will be stored for the duration of the event evaluation and subsequently deleted, provided there are no legal retention obligations.
Your Rights:
You have the right to request information about the personal data we process at any time, as well as to have it corrected or deleted. You may also object to the processing of your data at any time. For more information about your rights, please visit: [Link to the full privacy policy or contact information].
Security Measures:
We take appropriate technical and organizational measures to protect your personal data. Google ensures that the data is processed in accordance with legal requirements.
iiQcheck
This page embeds an iiQcheck widget to display reviews. The provider is ConsultiiQ GmbH, Managing Director Ralf Hummel, Spitalstraße 1, 38640 Goslar. To use the functions of the iiQcheck widget, it is necessary to store your IP address, browser information (name, version), website, user’s operating system, user’s screen resolution, and language settings of the browser or the user’s operating system. When you enter and submit a review there, this data is generally transmitted to an iiQcheck server and stored there. The provider of this site has no influence over this data transfer. The iiQcheck widget is used to display reviews of our hotel submitted to iiQcheck and to offer the option of submitting a review on iiQcheck. This constitutes a legitimate interest within the meaning of Art. 6(1)(f) GDPR. For more information on how iiQcheck handles user data, please refer to the privacy policy at https://www.iiq-check.de/datenschutz.
Disclosure of Personal Data to Third Parties
Notice Regarding the Transfer of Data to Non-Safe Third Countries Under Data Protection Law and the Transfer to U.S. Companies Certified Under the DPF
We use, among other things, tools from companies based in non-safe third countries under data protection law, as well as U.S. tools whose providers are certified under the EU-U.S. Data Privacy Framework (DPF).
When these tools are active, your personal data may be transferred to these countries and processed there. We note that the United States, as a safe third country, generally maintains a level of data protection comparable to that of the EU. Data transfers to the United States are therefore permitted if the recipient holds certification under the “EU-US Data Privacy Framework” (DPF) or has appropriate additional safeguards in place.
Through the European Commission’s Adequacy Decision (Art. 45(3) GDPR), the EU-US Data Privacy Framework (https://www. dataprivacyframework.gov/list), and through standard contractual clauses, the provider of these tools commits to complying with the European level of data protection in accordance with the GDPR when processing your personal data, even if the data is processed in the U.S.
Embedding YouTube Videos
We have embedded YouTube videos in our website that are stored on www.YouTube.com and can be played directly from our website. [These are all embedded in “enhanced privacy mode,” meaning that no data about you as a user is transmitted to YouTube unless you play the videos. Only when you play the videos is the data mentioned in paragraph 2 transmitted. We have no influence over this data transmission. By visiting the website, YouTube receives the information that you have accessed the corresponding subpage of our website.
The following data is transmitted in this process
• Device-specific information, such as the hardware used; the operating system version; a unique device identifier; and information about the mobile network, including your phone number.
• Log data in the form of server logs. These include, among other things, details about how the services were used, such as search queries; IP address; hardware settings; browser type; browser language; date and time of your request; referring page; cookies that can uniquely identify your browser or your Google Account
• Location-based information. Google may collect information about your actual location. This includes, for example, your IP address, your Wi-Fi access points, or cell towers
• For more information about the data collected by Google LLC, please visit the following link: https://policies.google.com/privacy?hl=de&gl=de
This occurs regardless of whether you are logged in to a YouTube account or do not have a YouTube account. If you are logged in to Google, your data will be directly associated with your account.
The legal basis for processing users’ personal data is Article 6(1)(f) of the GDPR.
The integration of the videos serves to make the website more visually appealing for the user and to improve the website’s search engine ranking on Google. YouTube stores your data as usage profiles and uses them for the purposes of advertising, market research, and/or the needs-based design of its website. Such analysis is carried out in particular (even for users who are not logged in) to provide targeted advertising and to inform other users of the social network about your activities on our website.
If you do not want your data to be associated with your YouTube profile, you must log out before clicking the button.
You have the right to object to the creation of these user profiles; to exercise this right, you must contact YouTube.
For more information on the purpose and scope of data collection and its processing by YouTube, please refer to the privacy policy. There you will also find further information about your rights and settings options for protecting your privacy: https://www.google.de/intl/de/policies/privacy.
Embedding Vimeo Videos
We have embedded videos from the provider Vimeo.com, Inc., 555 West 18th Street, New York, New York 10011, USA (hereinafter “Vimeo”) into our website; these videos are stored at www.vimeo.com and can be played directly from our website. These may be videos that we have uploaded to Vimeo ourselves or that third parties have uploaded to Vimeo. All videos are embedded in “enhanced privacy mode,” meaning that no data about you as a user is transmitted to Vimeo unless you play the videos. Only when you play the videos is the data mentioned in the following paragraph transmitted to Vimeo. We have no influence over this data transfer and data processing by Vimeo. The legal basis for embedding the videos on our website is Art. 6(1)(a) of the GDPR, meaning that data is transferred only with your consent.
When you visit our website where the video is embedded, Vimeo receives information that you have accessed the specific page of our website where the video is embedded. In addition, the following data is transmitted to Vimeo: IP address and timestamp. This occurs regardless of whether you are logged in to a Vimeo user account or do not have a user account. If you are logged in to Vimeo, your data will be directly associated with your account. If you do not wish for this association with your Vimeo profile, you must log out before activating the button. Vimeo stores your data as usage profiles and uses them for advertising, market research, and/or to tailor its website to your needs. Such analysis is carried out in particular (even for users who are not logged in) to deliver targeted advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, in which case you must contact Vimeo to exercise this right.
The information collected is stored on Vimeo’s servers, including those located in the United States. In such cases, the provider states that it has adopted standards equivalent to the former EU-U.S. Privacy Shield and has committed to complying with applicable data protection laws when transferring data internationally.
For more information on the purpose and scope of data collection and its processing by Vimeo, please refer to the Vimeo Privacy Policy at vimeo.com/privacy and the Vimeo Cookie Policy at vimeo.com/cookie_policy. There you will also find further information regarding your rights.
Embedding Wistia Videos
We use Wistia, among other providers, to embed videos.
Wistia is operated by Wistia, Inc., headquartered at 517 Tudor Street, Cambridge, Massachusetts, 02139, USA. On some of our web pages, we use plugins from the provider Wistia. When you visit the pages on our website that contain such a plugin, a connection is established with the Wistia servers, and the Wistia video is displayed. This transmits information to the Wistia server regarding which of our web pages you have visited. If you are logged in to Wistia as a member, Wistia assigns this information to your personal user account. When you use the plugin—for example, by clicking the play button on a video—this information is also assigned to your user account. You can prevent this assignment by logging out of your Wistia user account before using our website and deleting the corresponding Wistia cookies.
For more information on data processing and Wistia’s privacy policy, please visit: https://wistia.com/privacy.
Privacy Policy Regarding the Use of Google Ads
The website operator uses Google Ads. Google Ads is an online advertising program provided by Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Ads enables us to display advertisements in the Google search engine or on third-party websites when the user enters specific search terms into Google (keyword targeting). Furthermore, targeted advertisements can be displayed based on user data available to Google (e.g., location data and interests) (audience targeting). As the website operator, we can evaluate this data quantitatively, for example by analyzing which search terms led to the display of our advertisements and how many ads resulted in corresponding clicks.
The use of this service is based on your consent pursuant to Art. 6(1)(a) GDPR and § 25(1) TTDSG. Consent may be revoked at any time.
Data transfer to the United States is based on the EU Commission’s Standard Contractual Clauses. Details can be found here: policies.google.com/privacy/frameworks and https://privacy.google.com/businesses/controllerterms/mccs/.
Privacy Policy Regarding the Use of Google Analytics
We use a service provided by Google LLC (Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) on our website to analyze our users’ browsing behavior. The software places a cookie on your computer.
Data Processor
Google Ireland Ltd.
Gordon House, 4 Barrow Street, Dublin, Ireland
Fax: +353 (1) 436 1001
Questions regarding data protection
Purpose of data processing
On our behalf, Google will use this information to evaluate your use of the website and to compile reports on website activity. By analyzing the data collected, we are able to compile information about the use of the individual components of our website. This helps us to continuously improve our website and its user-friendliness.
Type of Data
When individual pages of our website are accessed, the following data is stored:
• Two bytes of the IP address of the user’s accessing system
• The webpage accessed
• Entry pages, exit pages,
• The duration of the visit to the website and the bounce rate
• The frequency of visits to the website
• Country of origin and region, language, browser, operating system, screen resolution, use of Flash or Java
• Search engines used and search terms entered
Data Transfer
The information generated by the cookie (regarding users’ use of this website) is generally transmitted to a Google server in the United States and stored there.
Processing Location
The cookies used are stored on your computer and transmitted from there to our website. If you do not consent to the collection and analysis of usage data, you can prevent this by adjusting your browser settings to disable or restrict the use of cookies. Cookies that have already been stored can be deleted at any time. However, in this case, you may not be able to use all functions of this website to their full extent. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) by Google, as well as the processing of this data by Google, by downloading and installing the browser plugin available at the following link. The current link is: tools.google.com/dlpage/gaoptout.
Adequacy Decision // Data Privacy Framework // SCC
Through the European Commission’s Adequacy Decision (Art. 45(3) GDPR), the EU-US Data Privacy Framework (https://www. dataprivacyframework.gov/list), and through Standard Contractual Clauses, the processing company undertakes to comply with the European level of data protection in accordance with the GDPR when processing your personal data, even if the data is processed in the United States.
Retention Period
We store your personal data only for as long as is necessary for the respective purpose or as required by statutory retention periods. Once the purpose of the processing no longer applies, the data will be deleted, unless there are statutory retention obligations.
The data will be deleted as soon as it is no longer needed for our record-keeping purposes. In our case, this occurs after 18 months.
Legal basis
Art. 6(1)(a) GDPR (Consent)
Terms of Use: marketingplatform.google.com/about/analytics/terms/de/
Privacy Policy: https://marketingplatform.google.com/about/
Your Rights
You have the right to request information about the personal data we have stored about you. In addition, you have the right to have your data corrected, deleted, or its processing restricted, as well as the right to data portability. You may withdraw your consent at any time.
Privacy Policy Regarding the Use of Google Fonts (local hosting)
This site uses so-called Google Fonts, provided by Google, to ensure consistent font display. The Google Fonts are installed locally. No connection to Google’s servers is established.
For more information about Google Fonts, visit developers.google.com/fonts/faq and Google’s Privacy Policy: https://policies.google.com/privacy?hl=de.
Privacy Policy Regarding the Use of Google Maps
This website uses Google Maps to display interactive maps and generate directions. Google Maps is a mapping service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, California 94043, USA. By using Google Maps, information regarding your use of this website—including your IP address and the (starting) address entered as part of the route planner function—may be transmitted to Google in the United States. When you visit a page on our website that contains Google Maps, your browser establishes a direct connection to Google’s servers. The map content is transmitted directly from Google to your browser and integrated into the website. Therefore, we have no influence over the scope of the data collected by Google in this manner. To the best of our knowledge, this includes at least
the following data:
• Date and time of the visit to the relevant webpage,
• Internet address or URL of the accessed webpage,
• IP address, (starting) address entered as part of route planning.
We have no influence over the further processing and use of the data by Google and therefore cannot assume any responsibility for this.
This analysis begins when the visitor clicks the “Activate Google reCAPTCHA” button after filling out a contact form.
For the analysis, reCAPTCHA evaluates various pieces of information (e.g., IP address, the length of time the visitor spends on the website, or the user’s mouse movements).
The data collected during the analysis is transmitted to Google.
The reCAPTCHA analyses run entirely in the background. Website visitors are not notified that an analysis is taking place.
Data processing is based on Article 6(1)(f) of the GDPR.
The website operator has a legitimate interest in protecting its web offerings from abusive automated scraping and from SPAM.
For more information about Google reCAPTCHA and Google’s privacy policy, please refer to the following links:
www.google.com/intl/de/policies/privacy and/or https://www.google.com/recaptcha/intro/android.html
Privacy Policy Regarding the Use of Google Tag Manager
We use Google Tag Manager.
The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Google Tag Manager is a tool that allows us to integrate tracking or statistics tools and other technologies into our website. Google Tag Manager itself does not create user profiles, store cookies, or perform independent analyses. It serves solely to manage and execute the tools integrated through it. However, Google Tag Manager records your IP address, which may also be transferred to Google’s parent company in the United States.
The use of Google Tag Manager is based on Article 6(1)(f) of the GDPR. The website operator has a legitimate interest in the quick and straightforward integration and management of various tools on its website. If consent has been obtained, processing is based exclusively on Article 6(1)(a) of the GDPR; consent may be revoked at any time.
Privacy Policy Regarding the Use of the META Pixel
(formerly Facebook Pixel)
This website uses Facebook/Meta’s visitor action pixels for conversion tracking. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.
According to Facebook, the collected data is also transferred to the United States and other third countries. This allows the behavior of website visitors to be tracked after they have been redirected to the provider’s website by clicking on a Facebook advertisement. This enables the effectiveness of Facebook advertisements to be evaluated for statistical and market research purposes and future advertising measures to be optimized.
The collected data is anonymous to us as the operator of this website; we cannot draw any conclusions about the identity of the users. However, the data is stored and processed by Facebook, allowing a connection to the respective user profile and enabling Facebook to use the data for its own advertising purposes in accordance with the Facebook Data Use Policy (https://de-de.facebook.com/about/privacy/). This enables Facebook to display advertisements on Facebook pages as well as outside of Facebook. As the site operator, we have no influence over this use of the data.
Use of this service is based on your consent pursuant to Article 6(1)(a) of the GDPR and Section 25(1) of the TDDDG. You may withdraw your consent at any time.
We use the enhanced matching feature within Meta Pixel.
Extended Matching allows us to transmit various types of data (such as your city, ZIP code, hashed email addresses, names, gender, date of birth, or phone number) about our customers and prospects, which we collect via our website, to Meta (Facebook). By enabling this feature, we can tailor our advertising campaigns on Facebook even more precisely to people who are interested in our offerings. In addition, extended matching improves the attribution of website conversions and expands Custom Audiences.
To the extent that personal data is collected on our website and transmitted to Facebook using the tool described here, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, are jointly responsible for this data processing (Art. 26 GDPR). This joint responsibility is limited exclusively to the collection of the data and its transfer to Facebook. The processing carried out by Facebook after the transfer is not part of the joint responsibility. The obligations incumbent upon us jointly have been set forth in a joint processing agreement.
The text of the agreement can be found at: www.facebook.com/legal/controller_addendum.
Under this agreement, we are responsible for providing privacy information regarding the use of the Facebook tool and for ensuring that the tool is implemented on our website in compliance with data protection laws. Facebook is responsible for the data security of Facebook products. You can exercise your data subject rights (e.g., requests for information) regarding the data processed by Facebook directly with Facebook. If you exercise your data subject rights with us, we are obligated to forward them to Facebook.
Data transfers to the U.S. are based on the EU Commission’s Standard Contractual Clauses. Details can be found here: www.facebook.com/legal/EU_data_transfer_addendum and de-de.facebook.com/help/566994660333381.
You can find further information on the protection of your privacy in Facebook’s privacy policy: de-de.facebook.com/about/privacy/.
You can also disable the “Custom Audiences” remarketing feature in the ad settings section at www.facebook.com/ads/preferences/;
To do this, you must be logged in to Facebook. If you do not have a Facebook account, you can disable usage-based advertising from Facebook on the European Interactive Digital Advertising Alliance website: http://www.youronlinechoices.com/de/praferenzmanagement/.
Data Transfer Upon Conclusion of a Contract for Services and Digital Content
We transfer personal data to third parties only if this is necessary for the fulfillment of the contract, such as to the financial institution responsible for processing payments.
No further transfer of data will take place, or only if you have expressly consented to such transfer. Your data will not be disclosed to third parties without your express consent, for example for advertising purposes.
The legal basis for data processing is Article 6(1)(b) of the GDPR, which permits the processing of data for the performance of a contract or pre-contractual measures.
Links to external websites
This website contains links to external sites. We are solely responsible for our own content. We have no influence over the content of external links and are therefore not responsible for it; in particular, we do not endorse their content. If you are redirected to an external site, the privacy policy provided there applies. If you notice any illegal activities or content on this site, please feel free to notify us. In this case, we will review the content and respond accordingly (notice-and-takedown procedure).
Contacting Us and Email Communication
Our website allows you to contact us directly via the email address provided. In this case, the personal data transmitted with the email will be stored.
If this involves information regarding communication channels (e.g., email address, phone number), you also consent to us contacting you via this communication channel, if necessary, to respond to your inquiry.
In this context, the data will not be disclosed to third parties. The data will be used exclusively for the purpose of handling the correspondence.
The legal basis for processing the data transmitted when sending an email is Article 6(1)(f) of the GDPR. If the email contact is aimed at concluding a contract, the additional legal basis for processing is Article 6(1)(b) of the GDPR.
We will, of course, use the data from your email inquiries exclusively for the purpose for which you provided it to us when contacting us. In the case of contact via email, the necessary legitimate interest in processing the data also lies in responding to the inquiry.
The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. For personal data sent via email, this is the case once the relevant conversation with the user has ended. The conversation is considered ended when it is clear from the circumstances that the matter in question has been conclusively resolved. Any additional personal data collected during the sending process will be deleted no later than seven days after the transaction.
You have the option to revoke your consent to the processing of your personal data at any time. If you contact us via email, you may object to the storage of your personal data at any time. In such a case, the conversation cannot be continued. Regarding the withdrawal of consent or objection to storage, please contact the aforementioned controller or the data protection officer via email or mail. In this case, all personal data stored in the course of the contact will be deleted.
Inquiries via Email, Phone, or Fax
If you contact us via email, phone, or fax, your inquiry—including all personal data contained therein (name, inquiry)—will be stored and processed by us for the purpose of handling your request. We will not disclose this data without your consent.
The processing of this data is based on Article 6(1)(b) of the GDPR, provided that your inquiry is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, processing is based on your consent (Article 6(1)(a) of the GDPR) and/or on our legitimate interests (Article 6(1)(f) of the GDPR), as we have a legitimate interest in the effective processing of inquiries directed to us.
The data you send to us via contact requests will remain with us until you request its deletion, revoke your consent to its storage, or the purpose for data storage no longer applies (e.g., after your request has been processed). Mandatory legal provisions—in particular statutory retention periods—remain unaffected.
SSL Encryption
This site uses SSL encryption for security purposes and to protect the transmission of confidential information, such as the requests you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser bar. When SSL encryption is activated, the data you transmit to us cannot be read by third parties.
Rights of the Data Subject
If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller:
Right of access
You may request confirmation from the controller as to whether personal data concerning you is being processed by us. If such processing is taking place, you may at any time request from the controller, free of charge, information regarding the personal data stored about you as well as the following details:
a) the purposes for which the personal data is processed;
b) the categories of personal data being processed;
c) the recipients or categories of recipients to whom the personal data concerning you has been or will be disclosed;
d) the planned duration of the storage of your personal data or, if specific details cannot be provided, the criteria used to determine the storage period;
e) the existence of a right to rectification or erasure of your personal data, a right to restrict processing by the controller, or a right to object to such processing;
f) the existence of a right to lodge a complaint with a supervisory authority;
g) any available information regarding the origin of the data, if the personal data is not collected from the data subject;
h) the existence of automated decision-making, including profiling, pursuant to Article 22(1) and (4) of the GDPR and—at least in such cases—meaningful information regarding the logic involved, as well as the significance and intended consequences of such processing for the data subject.
You have the right to request information regarding whether the personal data concerning you is transferred to a third country or to an international organization. In this context, you may request to be informed of the appropriate safeguards pursuant to Article 46 of the GDPR in connection with the transfer.
Right to Rectification
You have the right to request that the controller immediately rectify and/or complete your personal data if the personal data concerning you is inaccurate or incomplete.
Right to Restriction of Processing
Under the following conditions, you may request that the controller immediately restrict the processing of your personal data:
a) if you contest the accuracy of the personal data concerning you for a period enabling the controller to verify the accuracy of the personal data;
b) the processing is unlawful and you oppose the erasure of the personal data and instead request the restriction of the use of the personal data;
c) the controller no longer needs the personal data for the purposes of the processing, but you need it to establish, exercise, or defend legal claims, or
d) if you have objected to the processing pursuant to Article 21(1) of the GDPR and it has not yet been determined whether the legitimate grounds of the controller override your grounds.
If the processing of your personal data has been restricted, such data—apart from its storage—may be processed only with your consent or for the establishment, exercise, or defense of legal claims, or to protect the rights of another natural or legal person, or for reasons of an important public interest of the Union or a Member State. If the restriction of processing has been imposed in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.
Right to erasure
You may request that the controller erase your personal data without delay if one of the following grounds applies:
a) The personal data concerning you is no longer necessary for the purposes for which it was collected or otherwise processed.
b) You withdraw your consent on which the processing was based pursuant to Art. 6(1)(a) or Art. 9(2)(a) of the GDPR, and there is no other legal basis for the processing.
c) You object to the processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2) of the GDPR.
d) The personal data concerning you has been unlawfully processed.
e) The erasure of the personal data concerning you is necessary for compliance with a legal obligation under Union law or the law of the Member States to which the controller is subject.
f) The personal data concerning you was collected in relation to information society services offered pursuant to Article 8(1) of the GDPR.
If the controller has made the personal data concerning you public and is obliged to erase it pursuant to Article 17(1) of the GDPR, the controller shall, taking into account available technology and the cost of implementation, take reasonable measures, including technical measures, to inform controllers who process the personal data that you, as the data subject, have requested the erasure of all links to such personal data or of copies or replicas of such personal data.
The right to erasure does not apply where processing is necessary
a) for the exercise of the right to freedom of expression and information;
b) for compliance with a legal obligation which requires processing under Union or Member State law to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
c) for reasons of public interest in the area of public health pursuant to Art. 9(2)(h) and (i) and Art. 9(3) of the GDPR;
d) for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes pursuant to Article 89(1) of the GDPR, insofar as the right referred to in section a) is likely to render impossible or seriously impair the achievement of the objectives of such processing; or
e) for the establishment, exercise, or defense of legal claims.
Right to be Informed
If you have exercised your right to rectification, erasure, or restriction of processing with the controller, the controller is obligated to notify all recipients to whom your personal data has been disclosed of such rectification, erasure, or restriction of processing, unless this proves impossible or involves disproportionate effort. You have the right to be informed by the controller about these recipients.
Right to Data Portability
You have the right to receive the personal data concerning you that you have provided to the controller in a structured, commonly used, and machine-readable format. You also have the right to transmit this data to another controller without hindrance from the controller to whom the personal data was provided, provided that
a) the processing is based on consent pursuant to Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR or on a contract pursuant to Art. 6(1)(b) GDPR, and
b) the processing is carried out using automated means.
In exercising this right, you also have the right to have your personal data transmitted directly from one controller to another, provided this is technically feasible. This must not infringe upon the rights and freedoms of others.
The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
To exercise the right to data portability, the data subject may contact the controller at any time.
Right to Object
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you that is carried out pursuant to Article 6(1)(e) or (f) of the GDPR; this also applies to profiling based on these provisions.
The controller will no longer process your personal data unless it can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing is necessary for the establishment, exercise, or defense of legal claims.
If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing purposes; this also applies to profiling to the extent that it is related to such direct marketing. If you object to processing for direct marketing purposes, your personal data will no longer be processed for these purposes.
You have the option, in connection with the use of information society services—notwithstanding Directive 2002/58/EC—to exercise your right to object by means of automated procedures using technical specifications.
To exercise the right to object, the data subject may contact the controller directly.
Right to Withdraw Consent Under Data Protection Law
You have the right to withdraw your consent under data protection law at any time. Withdrawing your consent does not affect the lawfulness of processing carried out on the basis of your consent prior to its withdrawal. You may contact the data controller regarding this matter.
Automated decision-making in individual cases, including profiling
You have the right not to be subject to a decision based solely on automated processing—including profiling—that produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision
a) is necessary for the conclusion or performance of a contract between you and the controller,
b) is authorized by Union or Member State law to which the controller is subject, and that law provides for appropriate measures to safeguard your rights and freedoms as well as your legitimate interests, or
c) is based on your explicit consent.
However, these decisions may not be based on special categories of personal data as defined in Article 9(1) of the GDPR, unless Article 9(2)(a) or (g) of the GDPR applies and appropriate measures have been taken to protect your rights and freedoms as well as your legitimate interests.
With regard to the cases mentioned in (1) and (3), the controller shall take appropriate measures to safeguard your rights and freedoms as well as your legitimate interests, including at least the right to obtain human intervention on the part of the controller, to present your point of view, and to contest the decision.
If the data subject wishes to exercise rights relating to automated decisions, they may contact the controller at any time.
Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or the place where the alleged infringement occurred, if you consider that the processing of personal data concerning you infringes the GDPR. The supervisory authority to which the complaint was submitted shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Article 78 of the GDPR.
Changes to the Privacy Policy
We reserve the right to modify our privacy practices and this policy to adapt them to changes in relevant laws or regulations, or to better meet your needs. Any changes to our privacy practices will be announced here accordingly. Please note the current version date of the Privacy Policy.
Regulars Club (Guest Club)
This website uses KunLeiSys Guest Club software (Regulars Area). The provider is GASTROpoint GmbH, Pommernstraße 17, 83395 Freilassing, Germany. KunLeiSys Guest Club software is a service used to organize and manage the Guest Club, offers, loyalty points, event-related emails, and newsletter distribution.
You can register for the Guest Club on our website. We use the data you provide solely for the purpose of utilizing the respective offer or service. The required information requested during registration must be provided in full. Otherwise, we will reject the registration. The processing of the data entered during registration is based on your consent (Art. 6(1)(a) GDPR). You may revoke any consent you have given at any time free of charge. You can do this via the unsubscribe link in the email or by unsubscribing in the Guest Club.
The data you have provided to us for the purpose of the Guest Club will be stored by us until you unsubscribe and, after you unsubscribe and delete your Guest Club account, will be deleted from both our servers and the servers of GASTROpoint GmbH.
For important changes, such as those affecting the scope of our services or technically necessary modifications, we will use the email address you provided during registration or in your profile to notify you. Statutory retention periods remain unaffected. We have entered into a contract for commissioned data processing with GASTROpoint GmbH and fully comply with the strict requirements of data protection authorities when using KunLeiSys Guest Club software.
En cas de modifications importantes, par exemple concernant l'étendue de l'offre ou de modifications techniques nécessaires, nous utilisons l'adresse e-mail indiquée lors de votre inscription ou enregistrée dans votre profil pour vous en informer par ce biais. Les délais de conservation légaux ne sont pas affectés. Nous avons conclu un contrat de sous-traitance avec la société GASTROpoint GmbH et respectons pleinement les exigences strictes des autorités chargées de la protection des données lors de l'utilisation du logiciel KunLeiSys Gäste-Club.
