This privacy statement explains the nature, scope and purpose of the processing of personal data (hereinafter referred to "data") within our reserves and of its related Web sites, features and content and external online presences, such as our social media profiles with below ( collectively referred to as "online offer"). With regard to the terminology used, such as "processing" or "controller" we refer to the definitions in Art. 4 to the Privacy Regulation (DSGVO).
|cbw hospitality GmbH|
|Mundenhofer Weg 10|
|Tel. +49 76 76 - 93 34 34||Director: C. Werer|
|firstname.lastname@example.org||USt.ID.Nr.: DE 297 128 221|
|www.auerhahn-feldberg.com||Amtsgericht Freiburg: HRB 711983|
Types of data processed:
• inventory data (eg, names, addresses)
• contact information (eg, email, telephone numbers)
• content data (eg, text entries, photos, videos)
• usage data (eg, web sites visited, interest in content, access times)
• Meta / communications data (eg, device information, IP addresses)
Categories of data subjects
(We refer to the following, the persons concerned collectively as "Users") visitors and users of the online offer.
Purpose of processing
• Provision of reserves, its features and content
• answering of contacts and communication with users
• Safety measures
• Audience measurement / Marketing
"Personal information" is any information relating to an identified or identifiable natural person (the "data subject"); as identifiable natural person is one who can be identified, directly or indirectly, in particular by means of assignment to an identifier such as a name, an identification number, location data, to an online identification (eg cookie) or one or more special features, the expression of the physical, physiological, genetic, mental, economic, cultural or social identity of that individual are.
"Processing" means any operation performed with or without the aid of automatic means or each such operation in the series connection with personal data. The term extends far and encompasses virtually any data handling.
"Pseudonyms" the processing of personal data in a way that personal data can no longer be assigned to a specific subject without the assistance of additional information, provided this additional information be kept separately and technical and organizational measures are in place to ensure that the personal data not an identified or identifiable natural person assigned.
"Profiling" any type of automated processing of personal data, which is that these personal data are used to evaluate certain personal aspects relating to a natural person, in particular aspects related to job performance, economic situation, health, personal analyze preferences, interests, reliability, performance, location or relocation of this natural person or predict.
As "controller" is the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data, referred.
processed "processor" means a natural or legal person, public authority, agency or other body which personal data on behalf of the person responsible.
Relevant statutory foundations
We meet in accordance with Art. 32 DSGVO in consideration of the prior art, the cost of implementation and the nature, scope, the circumstances and the purposes of the processing and the different probability of occurrence and severity of the risk to the rights and freedoms of natural persons, appropriate technical and organizational measures to ensure adequate risk protection.
Among the measures include protecting the confidentiality, integrity and availability of data by controlling physical access to the data, as well as the concern them access, input, transmission, ensuring the availability and their separation. Furthermore, we have established procedures to ensure the perception of affected rights, deletion of data and responding to hazard data. We also take into account the protection of personal data already in the development or selection of hardware, software and procedures in accordance with the principle of data protection by design and by design privacy-friendly default settings (art. 25 DSGVO).
Cooperation with order processors and third parties
Unless we (order processors or third parties) disclose as part of our processing data to other parties, they send to this or else give them access to the data, this is done only on the basis of a legal permit (for example, when a transfer of data to third parties, as is required of payment service, acc. Art. 6 para. 1 lit. b DSGVO to fulfill the contract), you have agreed to a legal obligation provides or based on our legitimate interests (eg when using Supervisor, web hosting, etc.).
Unless we in the processing of data so-called third parties on the basis of. Delegate "job processing contract", this is done on the basis of Art. 28 DSGVO.
Transfers to third countries
Unless we ((ie outside the European Union EU) or the European Economic Area (EEA)) data to a third country process or this happens in the context of use of services of third parties or disclosure, or transfer of data to third parties, only this occurs when it happens to fulfill our contractual (before) duties based on your consent, because of a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual licenses, process or we let the data in a third country only in the presence of the special requirements of Art. 44 ff. DSGVO process. That is, the processing is carried out, for example, on the basis of specific safeguards, as the officially recognized finding of the EU appropriate level of data protection (eg for the USA through the "Privacy Shield") or observance officially recognized special contractual obligations (so-called "standard contractual clauses").
You have to ask for confirmation as to whether data relating to processing and communication of such data as well as more information and a copy of the data in accordance with Art. 15 DSGVO the right.
They have accordingly. Art. 16 DSGVO the right to complete information concerning you or correction of erroneous data concerning you require.
You have the right to request in accordance with Art. 17 DSGVO that data relating to will be deleted immediately, or as an alternative to the kind of proviso. 18 DSGVO to demand a restriction of the processing of the data.
You have the right to demand that the data concerning you that you have provided to us to obtain in accordance with Art. 20 DSGVO and demand forwarded to any other person responsible.
They also gem. Art. 77 DSGVO the right to file a complaint with the competent authority.
You have the right, granted consent gem. to revoke Art. 7 para. 3 DSGVO with effect for the future
You can the future processing of data concerning you in accordance with Art. 21 DSGVO object at any time. The contradiction may take such to the processing for direct marketing purposes.
Cookies and objection on direct mail services
As "cookies" are called small files that are stored on computers of users. Within the cookies different data can be stored. A cookie is primarily used the information to a user (or the device on which the cookie is stored) to store, during or even after his visit in any reserves. As a temporary cookies or "session cookies" or "transient cookies" are called cookies that are deleted after a user leaves an online offer and closes his browser. In such a cookie, for example, the contents of a shopping cart in an online store or a login status can be saved. As a "permanent" or "persistent" cookies are called that are saved even after the browser is closed. For example, the login status can be saved if users visit this after several days. Likewise, the interests of users can be stored, used for audience measurement and marketing purposes in such a cookie. As "third-party cookie" are referred cookies that are offered by companies other than the person responsible, who runs the online offer (otherwise, if it is only the cookies we speak of "first-party cookies").
If users do not want cookies to be stored on your computer, they are asked to disable the corresponding option in the system settings of your browser. Saved cookies can be deleted in the system settings of the browser. The exclusion of cookies may lead to functional limitations of this website.
Deletion of data
After legal requirements in Germany, storage especially for 10 years 1 257 paragraph 1 in accordance with §§ 147 para. AO. Nos. 1 and 4, para. 4 HGB (books, records, management reports, accounting documents, accounting books, relevant for taxation documents, etc.) and 6 years under § 257 para. 1 no. 2 and 3, para. 4 HGB (business letters).
According to legal regulations in Austria storing particular 7 J done 132 per §. 1 BAO (accounting documents, receipts / invoices, accounts, vouchers, business documents, statement of revenue and expenditure, etc.), for 22 years in connection with land and for 10 years for documents relating to electronic services provided, telecommunications, radio and television services that are rendered to non-entrepreneurs in EU Member States and for the mini one-stop shop is claimed (MOSS).
In addition, we process
• contract data (eg, contract, term, client category)
• Payment data (eg, bank account, payment history)
from our customers, prospects and business partners for the provision of contractual services, service and customer care, marketing, advertising and market research.
We process the data of our contract partners and prospects, as well as other clients, customers, clients, clients or contractors (uniformly referred to as "contractor") in accordance with Art. 6 para. 1 lit. b. DSGVO to provide them to our contractual or pre-contractual services. The case processed data, the nature, the scope and the purpose and necessity of their processing, are determined by the underlying contractual relationship.
Among the processed data, the master data of our contract partners (eg, names and addresses), contact information (eg email addresses, and phone numbers) and contract data (eg, unused services, contractual terms, contractual communications, names of contact persons) and payment data belongs (eg, bank accounts, payment history).
Special categories of data, we generally do not process unless these ingredients are a representative or contractual processing.
We process data that is necessary to establish and fulfillment of contractual services and point to the necessity of their indication, provided it is not evident to the parties, out. A disclosure to external persons or companies takes place only when it is required under a contract. When processing the items supplied to us in the context of a job data, we act according to the instructions of the client and the legal requirements.
As part of the use of our online services, we can store the IP address and the time of each user action. The storage is done on the basis of our legitimate interests, and the interests of users on protection from abuse and other unauthorized use. The transfer of such data to third parties does not in principle, unless it is our claims according to the prosecution. Art. 6 para. 1 lit. f. DSGVO required or there is this gem a legal obligation. Art. 6 para. 1 lit. c. DSGVO.
The deletion of the data if the data to fulfill contractual or legal duty of care as well as for dealing with any warranty and similar obligations are no longer required, and the need for the retention of data is reviewed every three years; in addition, the statutory retention obligations.
External payment service
We use external payment service via their platforms can make the users and making payment transactions (eg, each with a link to the privacy statement, PayPal (https://www.paypal.com/de/webapps/mpp/ua/privacy-full) klarna (https://www.klarna.com/de/datenschutz/), Skrill (https://www.skrill.com/de/fusszeile/datenschutzrichtlinie/), direct (https://www.giropay.de/ legal / privacy-agb /), Visa (https://www.visa.de/datenschutz), MasterCard (https://www.mastercard.de/de-de/datenschutz.html), American Express (https: / /www.americanexpress.com/de/content/privacy-policy-statement.html)
As part of the fulfillment of contracts we set the payment service provider on the basis of Art. 6 para. 1 lit. b. DSGVO one. In addition, we put external payment service gem on the basis of our legitimate interests. Art. 6 para. 1 lit. b. DSGVO one to offer our users an effective and secure payment option.
Administration, financial accounting, office organization, contact management
We process data in the context of administrative tasks and organization of our operations, financial accounting and compliance with legal obligations, such as archiving. Here, we use the same data that we process for the provision of our contractual services. The processing bases are Art. 6 para. 1 lit. c. DSGVO, Art. 6 para. 1 lit. f. DSGVO. Customers, potential customers, business partners and website visitors from the processing are affected. The purpose and our interest in the processing is in the administration, financial accounting, office administration, archiving of data, so tasks used to maintain our operations, performance of our duties and perform our services. The deletion of the data in terms of contractual services and contracting communication complies with the information indicated in these processing activities.
We reveal here or transmit data to the tax authorities, consultants, eg, accountant or auditor and other charges offices and payment service providers.
We also provide on the basis of our business interests information about suppliers, operators and other business partners, eg for later contact. This mostly business-related information, we basically permanent.
Business Analysis and Market Research
In order to conduct our business economically, identify market trends, wishes of the parties and users, we analyze the data we have available to business transactions, contracts, inquiries, etc. We process this inventory data, communication data, contract data, payment data, usage data, metadata on the basis of Article . 6 para. 1 lit. f. DSGVO, which are among the persons concerned contractors, prospects, customers, visitors and users of our online offer.
The analyzes are carried out for the purpose of economic evaluations of marketing and market research. We can use the profiles of registered users with information about their services used, eg regard. The analyzes serve to increase the ease of use, the optimization of our range and the operating economy. The analyzes are alone and we are not disclosed externally, provided they are not anonymous analysis with combined values.
Provided that these analyzes or profiles are personal, they are deleted with cancellation of the user or anonymously, otherwise after two years from the contract. Moreover, the overall business analysis and general tendency provisions are made anonymously, if possible.
When contacting us (eg via the contact form, e-mail, telephone or via social media) are in accordance with the information of the user to edit the contact request and its run. Art. 6 para. 1 lit. b) DSGVO processed. The information the user may be stored in a customer relationship management system ( "CRM") or similar request organization.
We delete the requests if they are no longer required. We review the necessity every two years; Furthermore, the legal archiving obligations apply.
If you send us via the contact form requests your information from the inquiry form including you specify where contact details are stored for processing the request and in the case of follow-up questions with us. This data will not be disclosed without your consent on.
The processing of the data entered in the contact is thus solely based on your consent (Art. 6 para. 1 item a DSGVO). You can always revoke this consent. To an informal notification by e-mail reaches us. The legality of up to cancellation made data processing operations remain unaffected by the revocation.
The data you enter in the contact will remain with us until you ask us to delete, withdraw your consent to storage or the purpose for data storage is omitted (eg after completion of processing your request). Mandatory legal provisions - in particular retention periods - remain unaffected.
Hosting and e-mail delivery
Measurements taken from us to complete hosting services are the provision of the following services: infrastructure and platform services, computing power, storage and database services, e-mailing, security services and technical maintenance services that we use for the purpose of the operation of this website.
Here we process, or according to our hosting provider inventory data, contact information, content data, contract data, usage data, meta and communication data from customers, prospects and visitors of this website on the basis of our legitimate interests in an efficient and safe provision of this website. Art. 6 para. 1 lit. f DSGVO conjunction with Art. 28 DSGVO (final order processing Treaty).
Collection of access data and log files
We, or our hosting providers, stands on the basis of our legitimate interests within the meaning of Art. 6 para. 1 lit. f. DSGVO data on every access to the server on which this service is (so-called server log files). To access data includes name of the downloaded Web page, file, date and time of access, amount of data transferred, notification of successful retrieval, browser type along with version, the user's operating system, referrer URL (previously visited), IP address and the requesting provider.
Log-information is stored for safety reasons (for example, for elucidation of abuse or fraud) for a maximum period of 7 days and then deleted. Data, the more storage required for evidence purposes are, to a final solution of the respective incident excluded from the deletion.
Google has been certified under the Privacy Shield agreements and thus offers a guarantee to comply with European data protection law ( https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active ).
Google will use this information on our behalf, to evaluate the use of our reserves by users, to compile reports on the activities within this online offer and to provide other, related to the use of this website and internet services to us. Here pseudonymous user profiles of users can be created from the processed data.
We use Google Analytics only with activated IP anonymization. This means the IP address of the user is shortened by Google within the member states of the European Union or other parties to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address is transmitted to a Google server in the USA and shortened there.
The users' personal data will be deleted or made anonymous after 14 months.
Google Universal Analytics
We use Google Analytics in the design as a " Universal Analytics " one. "Universal Analytics" refers to a process by Google Analytics, in which the user analysis is based on a pseudonymous user ID and thus creates a user pseudonymous profile with information from the use of various devices (so-called. "Cross-device tracking").
Audience education with Google Analytics
We use Google Analytics to the certain characteristics (eg interests in certain topics or products that are visited by appearing over the course of advertising services Google and its partners ads show only to users who have shown an interest in our online offer or on the basis of be determined sites), which we submit to Google (so-called. "remarketing" or "Google Analytics Audiences"). With the help of Remarketing Audiences we also want to make sure that our ads correspond to the potential user interest.
Google AdWords and conversion measurement
We use based on our legitimate interests (ie, interest in the analysis, optimization and cost-effective operation of our reserves within the meaning of Art. 6 para. 1 lit. f. DSGVO) the services provided by Google, LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043 , USA ( "Google").
Google has been certified under the Privacy Shield agreements and thus offers a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
We use online marketing methods Google "AdWords" to place ads on the Google advertising network (eg, in search results, videos, websites, etc.) so that they are shown to users who have an alleged interest in the ads. This allows us to display and within our online offer display targeted, to present users with ads that match their interests potentially. If a user, for example, ads are displayed for products for which he has been interested in other online resources, it is called here the "Remarketing". For these purposes is called when you call our and other websites where the Google advertising network is active, run directly by Google a code from Google and it will. (Re) marketing tags (invisible images or code, also known as " Web beacons ") in the website involved. With their help is an individual cookie on the device the user, that is a small file stored (instead of cookies and similar technologies can be used). In this file further technical information about the browser and operating system, referring websites, visiting hours and other information about the use of the contents is noted, sought out which websites the user for the content he has clicked interested in and what offers the user.
We also get an individual "conversion cookie". serve the information gathered by the cookies information Google to create conversion statistics for us. However, we only know the anonymous total number of users who clicked on our ad and proceeded to a tagged with a conversion tracking tag page. However, we received no information with which users can identify you personally.
The user data is processed pseudonym within the Google network. Ie Google stores and processes eg not the name or email address of the user, but processes the relevant data cookie-based within pseudonymous user profiles. That is, from the perspective of Google's ads are not managed and displayed for a specific identified person, but for the cookie-owner, regardless of who is this cookie owners. This does not apply when a user Google has explicitly allowed to process the data without these pseudonyms. The information collected about users is transmitted to Google and stored on Google's servers in the US.
Integration of services and content of third parties
We set within our reserves based on our legitimate interests (ie, interest in the analysis, optimization and cost-effective operation of our reserves within the meaning of Art. 6 para. 1 lit. f. DSGVO) content or services provided by third parties in order their contents and integrate services, such as videos or fonts (hereinafter uniformly referred to as "content").
This always presupposes that the third party of this content, the IP address of users perceive because they could not send their browser the contents without the IP address. The IP address is now required to view this content. We just strive to use such content, respective providers which use the IP address only to the delivery of content. Third parties can also known as pixel tags (invisible images, also known as "web beacons") is for statistical use or marketing purposes. such as the visitor traffic on the pages of this site are evaluated by the "pixel tags" information. The pseudonymous information can be stored in cookies on the device the user and other technical information about the browser and operating system, referring websites, visiting hours and other details also include the use of our online offer, as are also associated with such information from other sources.
To our knowledge, the data of the users are used by OpenStreetMap solely for purposes of illustrating the card functions and intermediate storage of the selected settings. These data, in particular IP addresses and location data of users may include, but not without their consent (completed generally within the settings of their mobile devices) are collected.
Typekit fonts from Adobe
We rely on basis of our legitimate interests (ie, interest in the analysis, optimization and cost-effective operation of our reserves within the meaning of Art. 6 para. 1 lit. f. DSGVO) external "Typekit" Helv the provider Adobe Systems Software Ireland Limited, 4 -6 Riverwalk, Citywest Business Campus, Dublin 24, Republic of Ireland a. Adobe has been certified under the Privacy Shield agreements and thus offers a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000TNo9AAG&status=Active).