In the following, we would like to inform you about data protection on our websites and about the type, scope and purpose of the personal data we collect, use and process. Data protection has a high priority for us.
Personal data is all data with which you could be personally identified, e.g. name, IP address, telephone number, etc. Some of this data is processed automatically when you visit the website (e.g. IP address, browser type, operating system, etc.), or if you give us your consent to process it, or if you provide us with your data voluntarily, e.g. by entering your data in a form on our website.
We would also like to inform you about your rights under the GDPR.
You have the right to receive information free of charge at any time about the origin, recipient and purpose of your personal data processed by us, as well as the right to correct or delete this data.
You also have the right to request the restriction of the processing of your personal data under certain circumstances. If you have given us your consent to process your data, you can withdraw this consent at any time with effect for the future. You also have the right to lodge a complaint with the competent data protection supervisory authority.
The person responsible for data protection/processing is
Tel: +49 (0) 9942 – 94350
Fax: +49 (0) 9942 – 7246
Processing of your data in the context of the services we provide
Concerning personal data of our guests or business partners, or in the event that you are interested in our services, the type, scope and purpose of the processing of personal data is based on the contractual or pre-contractual relationships existing between us. We process personal data that we request from you or that you provide to us in order to answer your enquiry, prepare an offer for you or process your order. Data subjects are interested parties, guests, business and contractual partners. The purpose of processing is the processing of contractual services, communication, as well as responding to contact enquiries and office and organisational procedures.
The personal data concerned are
- Inventory data (e.g. names, addresses)
- Payment data (e.g. bank details, invoices)
- Contact data (e.g. email address, telephone number, postal address)
- Contract data (e.g. subject matter of the contract, duration of the contract)
The legal basis for data processing is Art. 6 I 1 lit. b GDPR, the fulfilment of the contract or the fulfilment of pre-contractual enquiries.
Data processing while accessing the website – type and purpose of use
When you access our website, you transmit data to our web server via your Internet browser (for technical reasons). The following data is processed in the server log files during an ongoing connection for communication between your internet browser and our web server:
- the page from which the file was requested – referrer URL
- the name of the file
- the date and time of the request
- a description of the type of web browser used / browser version and operating system
- IP address of the requesting computer
- Access status (file transferred, file not found, etc.)
- Amount of data transferred
This data is stored temporarily for technical reasons (accessing the website). It is not possible for us to draw conclusions about individual persons from this data. The IP addresses are deleted or anonymised after 7 days at the latest.
The data is analysed exclusively for internal purposes and does not allow us to draw any conclusions about your person. A comparison with other databases does not take place.
The aforementioned data is processed for the following purposes:
- Ensuring a proper and smooth connection to the website,
- Ensuring convenient use of the website,
- Analysing system security and stability
The legal basis for data processing is Art. 6 I S 1 lit. f GDPR. The legitimate interest follows from the data collection purposes listed above. Under no circumstances do we use the data collected for the purpose of drawing conclusions about your person. You can visit the website without providing any personal data.
We use technical cookies on our website. Cookies are small files that your browser automatically creates and that are stored on your end device (laptop, tablet, smartphone, etc.) when you visit our website. Cookies do not cause any damage to your end device and do not contain any viruses, Trojans or other malware.
Information is stored in the cookie that results in each case in connection with the specific end device used. However, this does not mean that we gain direct knowledge of your identity. Cookies do not contain any personal data and therefore cannot be directly assigned to a user.
Enquiries via e-mail, fax or phone
If you contact us by e-mail, fax or phone, we will store and process your enquiry including all personal data (e.g. name, enquiry) for the purpose of processing your request. The data will not be passed on without your consent. There is no legal or contractual obligation to provide your data, but it is not possible to process your request without providing your data.
This data is processed on the basis of Art. 6 I S 1 lit. b GDPR if your enquiry is related to the fulfilment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on your consent (Art. 6 I S 1 lit. a GDPR) and / or on our legitimate interest (Art. 6 I S 1 lit. f GDPR), as we have a legitimate interest in the effective processing of the enquiries addressed to us.
The data sent to us via contact requests (e-mail) will be stored by us until you request us to delete it, revoke your consent to storage or the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory statutory provisions – in particular statutory retention periods – remain unaffected.
Online-Booking – Toubiz
On our website we integrate services of the tourism data management toubiz (land in sicht AG, Wiesentalstr. 5, 79115 Freiburg, phone +49 (0) 761 887917-0, e-mail firstname.lastname@example.org, www.land-in-sicht.de – hereinafter referred to as Toubiz). Toubiz is a web-based tourism database solution for managing structured data such as POIs (points of interest), catering, events, tours and accommodation.
The data you enter in the booking form will only be used by us to process your booking as part of your enquiry to us. There is no legal or contractual obligation to provide your data, but it is not possible to process your request without providing your data.
The data processing is carried out either for the purpose of fulfilling a contract to which the data subject is a party or for the implementation of pre-contractual measures (Art. 6 I S 1 lit. b GDPR), or in accordance with Art. 6 I 1 lit. a GDPR on the basis of your voluntarily given consent and / or on our legitimate interests (Art. 6 I S 1 lit. f GDPR), as we have a legitimate interest in the effective processing of the enquiries addressed to us.
Your data will be deleted after final processing of your enquiry, provided that there are no legal obligations to retain the data.
Toubiz may use technically necessary cookies to temporarily store the data entered by users when searching for accommodation (cookie name: ROUTEID; tt). These cookies are deleted at the end of the session. The legal basis is Art 6 I S 1 lit f GDPR our legitimate interest in a proper presentation of the booking tool.
Data processing when using our contact forms – enquiries – reservations
If you send us a message via our contact forms, the mandatory fields are indicated on the respective form. Entering an e-mail address is necessary to enable us to contact you by e-mail. There is no legal or contractual obligation to provide your data, but it is not possible to process your request without providing your data.
The data you enter in the contact form will only be used by us to respond to your enquiry via the contact form. We do not pass on the data you enter in the contact form to third parties. The data processing is carried out either for the purpose of fulfilling a contract to which the data subject is a party or for the implementation of pre-contractual measures (Art. 6 I S 1 lit. b GDPR), or in accordance with Art. 6 I S. 1 lit. a GDPR on the basis of your voluntarily given consent and / or on our legitimate interests (Art. 6 I S 1 lit. f GDPR), as we have a legitimate interest in the effective processing of the enquiries addressed to us.
Your data will be deleted after final processing of your enquiry, provided that there are no statutory retention obligations to the contrary.
E-mail advertising and your right to object
If we have received your e-mail address in connection with a booking or service and you have not objected, we reserve the right to regularly send you our offers for similar services on the basis of § 7 III UWG. The legal basis arises from our legitimate interest in a promotional approach to our customers and the processing of the data is permitted in accordance with Art 6 I S1 lit f GDPR in the context of a balancing of interests.
You can object to the use of your e-mail address at any time by sending us a message or via the corresponding link in the advertising e-mail. After the legal basis for data processing for advertising e-mails no longer applies, your e-mail address will be deleted, unless statutory retention obligations (e.g. from tax or commercial law retention obligations) prevent this.
We would also like to point out that you can object to the future processing of your personal data in accordance with the legal requirements pursuant to Art. 21 GDPR at any time. In particular, you may object to processing for direct marketing purposes.
Postal advertising and your right to object
We reserve the right to use your first and last name as well as your postal address, which you have provided to us in the context of bookings, for our own advertising purposes, e.g. to send you interesting offers by post. This serves to safeguard our legitimate interests, which predominate in the context of a balancing of interests, in a promotional approach to our customers in accordance with Art. 6 I S 1 lit. f GDPR.
You can object to the storage and use of your data for these purposes at any time by sending us a message. The objection can be made in particular against processing for direct marketing purposes. After the legal basis for data processing for postal advertising has ceased to apply, your address data will be deleted, unless there are legal obligations to retain it.
Online reviews – HolidayCheck
We include reviews from HolidayCheck AG on our websites. The integration of HolidayCheck reviews on our website is done for reasons of advertising our services on the basis of Art 6 I S 1 lit f GDPR.
Data protection when sending application documents
If you send us your application documents, we will only use them to decide on your application and will not pass your data on to third parties. We would like to point out that we do not currently offer encryption of your data when sending application documents by e-mail. However, you can send your attachments to us by e-mail in encrypted form, e.g. using the 7ZIP programme http://www.7-zip.de/), and inform us of your password separately, e.g. by telephone. You will receive an e-mail message from us to your e-mail address when we receive your application. You can also send us your application by post at any time.
Application data is stored and managed separately from other data records.
If we conclude an employment contract with an applicant, the data transmitted will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If no employment contract is concluded with the applicant, the application documents will be automatically deleted no later than 6 months after notification of the rejection decision, provided that deletion does not conflict with any other legitimate interests of the controller or the applicant has expressly consented to longer storage and retention of their application, e.g. for possible subsequent contact in the event of vacancies. Other legitimate interest in this sense is, for example, a burden of proof in proceedings under the General Equal Treatment Act (AGG).
Data processing for the purpose of establishing contact and processing your application data is carried out in accordance with Art. 6 I S 1 lit. a,b GDPR on the basis of your voluntarily given consent, as well as for the implementation of pre-contractual measures.
Online activities in social networks
We operate online presences in social networks for advertising purposes.
We would like to point out that you use the social services and their functions on your own responsibility. This applies in particular to the use of interactive functions (e.g. sharing, rating).
If you visit our online presences in social media, personal data will be collected and processed by the respective provider for advertising and market research purposes. As a rule, user profiles are also created. This is particularly the case if you are a member of the respective platform and are logged in to it. The user profiles can be used by the providers to display interest-based advertising to you. To prevent social media operators from collecting information about you during your visit to our websites, you should log out of the respective social media before visiting our websites and delete any existing social media cookies from your browser.
Social network links
No social plugins from Facebook or other social networks are integrated on these websites. Therefore, no program code of a social network is active on our pages. The icons for Facebook etc. on our website are only linked images.
Data protection notice – Online presence on Facebook/Instagram (META)
Covered Products are all Facebook Products, Facebook Pages and Page Insights. Facebook products include Facebook itself (including the Facebook mobile app and the browser in the app), Messenger, Instagram (including apps such as Direct and Boomerang), Portal-branded devices, Bonfire, Facebook Mentions, Facebook Shops, Spark AR Studio, Audience Network, NPE Team apps and any other features, apps, technologies, software products, products or services offered by Facebook, Inc. or Facebook Ireland Limited. In addition, Facebook Business Tools are also Facebook products.
For the use of certain Facebook products (so-called “Facebook Business Tools”) and the associated data processing, the additional agreement between us and Facebook as joint controllers pursuant to Art. 26 GDPR applies, which you can view at https://www.facebook.com/legal/controller_addendum .
Furthermore, we have agreed that between the parties, Facebook is responsible for enabling the rights of data subjects under Articles 15-20 of the GDPR with respect to the personal data stored by Facebook after joint processing.
A possible data transfer of personal data to the USA is based on the adequacy decision of the EU Commission (EU-U.S. Data Privacy Framework). Based on adequacy decisions, personal data can flow unhindered and securely from the European Economic Area to the third country in question without the need for further conditions or authorisations. This means that data can be transferred to the third country in the same way as within the EU.
Data processing conditions at Facebook
We expressly draw your attention to the fact that the use of certain Facebook products may involve the transfer of personal information to Facebook. Depending on the circumstances, Facebook Ireland Limited may also transfer EU data to Facebook Inc. in the USA for storage and further processing. By using Facebook products, the user agrees to Facebook’s data processing conditions. These can be found at https://www.facebook.com/legal/terms/dataprocessing/update .
The Facebook EU Data Transfer Addendum can be found at https://www.facebook.com/legal/EU_data_transfer_addendum
Facebook’s data policy can be found at https://www.facebook.com/about/privacy/ – Instagram’s data policy can be found at https://privacycenter.instagram.com/policy/
Information on cookies and other storage technologies on Facebook can be found at https://www.facebook.com/policies/cookies/
You can view Facebook’s data security conditions at https://www.facebook.com/legal/terms/data_security_terms
You can contact Facebook’s data protection officer at https://www.facebook.com/help/contact/540977946302970
Further information on Page Insights data
Facebook continues to provide us with so-called Page Insights for the Facebook page. Insights data are summarised data that provides us with information on how users interact with the Facebook page. The legal basis for data processing is Art. 6 I S. 1 lit. f GDPR, the protection of our legitimate interests in an optimised presentation of the website and effective communication with users.
Data processing is carried out on the basis of an agreement between the joint controllers in accordance with Art. 26 GDPR, which you can view at https://www.facebook.com/legal/terms/page_controller_addendum .
Further information on Page Insights data on Facebook can be found at https://www.facebook.com/legal/terms/information_about_page_insights_data and at https://de-de.facebook.com/help/instagram/155833707900388
Data processing when contacting us via Facebook products
We collect personal data when you contact us, e.g. via the contact form or Messenger. This data is stored and used exclusively for the purpose of responding to your enquiry or for contacting you and the associated technical administration. The legal basis for processing the data is our legitimate interest in responding to your request in accordance with Art. 6 I S 1 lit. f GDPR. Your data will be deleted after final processing of your enquiry, provided that there are no statutory retention obligations to the contrary.
Facebook and we have agreed that the Irish Data Protection Commission is the lead authority for the supervision of processing under joint responsibility. You have the right to lodge a complaint with the Irish Data Protection Commission (see www.dataprotection.ie) or with your local supervisory authority.
Right to object to advertising
You can object to the processing of your data for advertising purposes on Facebook at any time by changing your settings for adverts in your Facebook user account at https://www.facebook.com/settings?tab=ads .
Legal basis for the operation of the Facebook page / Instagram and processing of personal data when accessed
We operate the Facebook page / Instagram page for advertising purposes for our services. The processing of personal data is based on Art 6 I S 1 lit f GDPR.
Data security – SSL encryption
We use the SSL (Secure Socket Layer) method on our website for encryption and to protect the transmission of confidential content. If SSL encryption is activated, the data you transmit to us cannot be read by third parties. You can recognise whether an individual page of our website is transmitted in encrypted form by the closed display of the key or lock symbol in the status bar of your browser – the address bar of your browser displays “https://” if SSL encryption is activated.
Processing/disclosure of data
Your personal data will not be transferred to third parties for purposes other than those listed above or below.
We only pass on your personal data to third parties if:
- You have given your express consent to this in accordance with Art. 6 I S1 lit. a GDPR,
- this is permitted by law and is necessary for the fulfilment of contractual relationships or for the implementation of pre-contractual measures with you in accordance with Art. 6 I S 1 lit. b GDPR
- in the event that there is a legal obligation for us to pass on data in accordance with Art. 6 I S 1 lit. c GDPR,
- processing is necessary for the purposes of the legitimate interests pursued by us or by a third party pursuant to Article 6 I S 1 lit f GDPR, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
Rights of data subjects
You have the right:
- to request information about your personal data processed by us in accordance with Art. 15 GDPR;
- in accordance with Art. 16 GDPR, to demand the immediate rectification of incorrect or incomplete personal data stored by us
- in accordance with Art. 17 GDPR, to request the erasure of your personal data stored by us, unless the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims
- to demand the restriction of the processing of your personal data in accordance with Art. 18 GDPR
- in accordance with Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request that it be transmitted to another controller
- in accordance with Art. 7 III 3 GDPR, to revoke your consent given to us at any time. As a result, we may no longer continue the data processing based on this consent in the future;
- in accordance with Art. 77 GDPR, to lodge a complaint with a supervisory authority if you believe that the processing of your personal data violates the GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our registered office. You can find a list of data protection officers in Germany and their contact details at the following link: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.
Right to object to the collection of data in special cases and to direct advertising (Art. 21 GDPR)
If we process your personal data in accordance with Art. 6 I S 1 lit. f GDPR in order to safeguard our legitimate interests, which predominate in the context of a balancing of interests, you have the right to object to the processing of your personal data with effect for the future in accordance with Art. 21 GDPR. If the processing is carried out for direct marketing purposes, you can exercise this right at any time. This also applies to profiling insofar as it is associated with such direct marketing. If the processing is carried out for other purposes, you only have the right to object if there are grounds relating to your particular situation.
If you wish to exercise your right to object, simply send us an e-mail.
After exercising your right to object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or if the processing serves the establishment, exercise or defence of legal claims.
If you object to the processing of your personal data for direct marketing purposes, the personal data will no longer be processed for these purposes.
No automated decision-making or profiling takes place on our websites.
Version: January 2024