Art. 1 | Name and Address of the Person ResponsibleThe responsible within the meaning of the General Data Protection Regulation and further national data protection acts of the member states as well as other provisions in terms of data protection law is:
Hotel Regina Maris GmbH
In consequence of repeated false calls, the booking-hotline is: +49 4931 18930, and send booking requests via mail to rezeption(at)hotel-regina-maris.de
Art. 2 | Name and Address of the Commissioner for Data ProtectionThe commissioner for data protection of the responsible is:
akwiso Datenschutz & Audit
Phone: +49 - 831 - 5124 - 7030
Art. 3 | General Remarks to the Data Processing
- Extent of the Personal Data Processing: We principally process personal data of our users only if this is necessary to provide a functional website as well as our contents and services. The personal data processing of our users regularly takes place only on consent of the user. With the exception, in which a previous obtaining of consent for true reasons is impossible and legal provisions allow the processing of data. Certainly, you are able to cancel your declaration(s) of consent anytime with effect for the future. For this purpose, please contact the responsible person according to Art. 1.
- Legal Basis for the Processing of Personal Data: So far as we obtain consent of the affected person for processing operations of personal data, the article 6 section 1 a) EU-General Data Protection Regulation (GDPR) serves as legal basis. At the processing of personal data, are required to fulfil the contract, of which the affected person is a signatory party, the article 6 section 1 b) GDPR serves as legal basis. The same applies to processing operations, are required to implement pre-contractual measures. Insofar as the processing of personal data is required to fulfil a legal obligation, to which our company is subject, the article 6 section 1 c) GDPR serves as legal basis. In case that vital interests of the affected person or another natural person necessitate a processing of personal data, the article 6 section 1 d) GDPR serves as legal basis. If the processing is necessary for the adherence of legitimate interests of the company or by a third party and the interests, fundamental rights and freedoms of the affected person does not override the former interest, then the article 6 section 1 f) GDPR serves as legal basis for the processing.
- Data Erasure and Storage Period: The personal data of the affected person will be erased or blocked, as soon as the purpose of storing is no longer required. Beyond that, storage can happen if European or national legislature of Union law regulations, laws or other provisions provides for this, to which the responsible is subject. A blockage or erasure of data happens also if one of the mentioned norms of a mandatory storage period ends, unless a contract formation or a fulfilment of a contract requires an advanced storage of the data.
- Personal Data are all Information that refer to an identifiable or identifiable natural person (hereinafter referred to as „affected person“). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
- Affected Person is every identified or identifiable natural person, whose personal data is processed by the responsible.
- Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
- Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
- Pseudonymisation means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
- Person Responsible means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where Union or Member State law determines the purposes and means of such processing, the person responsible or the specific criteria for its nomination may be provided for by Union or Member State law.
- Processor means a natural or legal person, public authority, agency or other body, which processes personal data on behalf of the person responsible.
- Recipient means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities, which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law, shall not be regarded as recipients.
- Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
- Consent of the affected person means any freely given, specific, informed and unambiguous indication of the affected person’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
Art. 5 | SSL or TLS EncryptionThis website uses a SSL or TLS encryption, for security reasons and for the safety of the transmitted confidential contents, as orders or requests, which you send to us as website provider. An encrypted interface is recognisable due to the change in the address bar that switches from “http://” to “https://” and henceforth shows a lock symbol.
If SSL or TLS encryption is activated, data you transmit to us will be unreadable to any third party.
Art. 6 | Provision of the Website and Generation of Logfiles
- Description and Extent of the Data Processing: With every mere informative use of the website, if and when you did not transmit any other information, we gather – more precisely the website provider – with every call-up of the website automated merely following data and information of the computer system of the recursive computer:
- IP address of the user
- Information about browser type and used version
- The operating system of the user
- The internet service provider of the user
- Date and time of the access
- Websites, of these the system of the user get to the website
- Websites, which the System of the user via our website calls up
- Content of the call-ups (specific sites)
- Language and version of the browser software
- Used search engines
- Names of downloaded files
- Legal Basis for the Data Processing i.e. for the temporary storage of the logfiles is article 6 section 1 f) GDPR.
- Purpose of the Data Processing: The temporary storage of the IP address by the system is necessary, to be able to hand over the website to the computer of the user. For this purpose, it is necessary to store the IP address for the period of the session. The storage in logfiles takes place to steady the functionality of the website. Moreover, the data is used for the optimisation of the website and securing the safety of our information technology systems. In this context, an interpretation of the data for marketing purposes does not take place. These arguments also prove our legitimate interest in data processing according to article 6 section 1 f) GDPR.
- Duration of the Storage: The data will be deleted as soon as they are not necessary for the attainment of the purpose. A further storing is possible. In this case, the IP address will be anonymised with the result that an allocation of the calling client is impossible. In practice, the IP address of the client is anonymised with an 'x' in the logfiles after 7 days.
- Objection and Erasure Possibility: The collection of data for the provision of the website and the storage of the data in logfiles are compulsively necessary for the running of the website. As a result, there exists no objection possibility on the side of the user.
- Legal Basis for the Data Processing: The legal basis for the use of personal data applying cookies generally is article 6 section 1 a) GDPR.
Art. 8 | The Use of Google Fonts
- Description and Extent of the Data Processing: This page uses for a homogeneous display of fonts so-called web fonts, which Google provides. With the view of a page, your browser downloads all needed web fonts in your browser cache to view texts and fonts accurately. Thus, with the visit of our webseite, your browser sends a query to the Google server. While doing so, Google logs the following data:
- IP address
- Browser information
- Operating system of the user
- Screen resolution of the user
- Language settings of the browser or more precisely of the operating system of the user
- Font data file
- Legal Basis for the Data Processing: The legal basis for the use of personal data is article 6 section 1 f) GDPR.
Art. 9 | Newsletter
- Description and Extent of the Data Processing: There exists the option on our web page to subscribe to our costless newsletter. With this newsletter, we would like to inform you about upcoming events and/or outing tips in the surrounding area as well as about our current and interesting offers in German language. The content is also named in the declaration of consent. With the registration for the newsletter, the respective data of the input form will be transmitted to our newsletter tool CleverReach. An appropriate contract for commissioned data processing exists. For the registration to our newsletter, the so-called “double-opt-in”-procedure is used, which means that an email will be send to the given email address after your registration. In this mail, you will be asked to confirm your registration. If the registration is not confirmed within the next 48 hours, your information will be blocked and automatically deleted within 90 days. Generelly, your used IP address and the times of registration and confirmation will be stored. The intention of this procedure is, to prove your registration and if necessary to support the solving of an eventual abuse of your data via a third party. The compulsory statement for the newsletter remittance is solely your email address. The statement of further data as salutation, surname and first name is voluntary and we will gladly use those to address you personally.
- Description of the Google Service reCaptcha Use by CleverReach: CleverReach uses this service to ascertain if a human or a computer makes a specific request in our newsletter form. Google verifys on the basis of the following data if you are human or computer: IP address of the used terminal device, the viewed website on which the captcha is integrated, date and duration of the web page visit, the identifying code of the used browser and operating system, Google account if you are logged in, computer mouse movements on the reCaptcha surfaces as well as tasks, in which you have to identify pictures. Legal basis for the described data processing is article 6 section 1 f) GDPR. There is a legitimate interest at our side on this data processing to ensure the safety of our website and to protect us from automatic inputs (cyber attacks).
- Legal Basis for the Data Processing: The legal basis for the data processing after the registration to the newsletter with the consent in hand by the user is article 6 section 1 subparagraph 1 a) GDPR.
- Purpose of the Data Collection: The collection of the user email address serves to deliver the newsletter. The collection of other personal data within the registration procedure serves to prevent an abuse of the services or the used email address.
- Duration of the Storage: As soon as the data is needless for the attainability of the purpose, they will be deleted. Therefore, your newsletter-registration information will be stored as long as your newsletter subscription is activated. Other within the context of the registration procedure collected personal data normally will be deleted after a period of seven days.
- Objection and Erasure Possibility: You are able to cancel our newsletter subscription and recall your consent anytime. The cancelation takes place by clicking on the field “hier abmelden” in the email boilerplate of our newsletter (last row) or by sending an email to [bounce(at)hotel-faehrhaus.de]. Thus, an objection to the consent of the storage of personal data during the registration procedure is enabled.
Art. 10 | Online Booking Tool
- Description and Extent of the Data Processing: To use our online booking tool for requests or reservations of our hotel rooms, it is necessary for the contract closing to enter the requested personal data for processing your request or reservation. For the processing of contracts, mandatory information is separately marked further details are voluntary. In the process, the data put in the form will be transmitted to and stored by our service provider. The following data will be collected in the context of a booking process:
- First name
- Phone number
- Email address
- Fax number
- Address (company or address affix, street, postcode, place name, country)
- Payment method (for booking guarantee via credit card payment: credit card number, expiry date)
- Age (if booked for children)
- Data of fellow travellers (salutation, first name, surname)
- Our staff at the reservations department of our hotels, which is newly in written form obliged for attention to the data privacy especially to the protection of confidentiality according to § 53 Federal Data Protection Act.
- The service provider that supplies our online booking tool and guarantees data privacy to its full extent within the framework of the order data processing declaration according to article 28 GDPR.
- The service provider that runs and hosts our hotel software and guarantees data privacy to its full extent within the framework of the order data processing declaration according to article 28 GDPR.
- The service provider that takes care of our credit card billing and guarantees data privacy to its full extent within the framework of the order data processing declaration according to article 28 GDPR.
- Legal Basis for the Data Processing: The legal basis for the processing of your data is article 6 section 1 b) GDPR. In respect to further vonluntarily provided data, the legal basis for data processing is article 6 section 1 a) GDPR.
- Purpose of the Data Processing: The collected mandatory information is necessary to the fulfilment of the contract with the user (with a view to offer, conclusion and/or confirmation of the contens of contract). As the result, we will use the data for answering your requests, processing your booking and also for the purpose of technical administration of the websites. The voluntary information took place to prevent a missuse and if necessary to solve criminal acts. Moreover, we are able to process your given data to inform you on further interessting products of our portfolio or to send you emails with arrival, location or other information.
- Duration of the Storage: The data will be deleted as soon as the data is no longer required for the attainability of their collected purpose. In terms of commercial and tax law, we are obliged to store your address, payment and order data for a period of ten years after the completion of the contract. Regarding further voluntarily given data, we will delete those at the end of three years after the completion of the contract, unless we contracted any other agreement with the user on the data use.
- Objection and Erasure Possibility: Is the data necessary for the fulfilment of the contract or for the processing of the pre-contractual measures, an early deletion of the data is only possible if no contractual or legal obligation excludes a deletion. Apart from that it is within your discretion to deregister your, during the registration, given personal data completely from the data pool of the responsible for the processing. The responsible for the processing furnish you particulars, which personal data is stored about you, anytime on request. Furthermore, the responsible for the processing corrects or deletes personal data if requested or at a hint of the affected person, as long as no legal obligation to perserve records excludes this. You are able to write to the responsible or the commissioner of data protection according to article 1 or article 2 anytime via email or letter to ask for deletion or correction of the data.
Art. 11 | Links to External Websites
Art. 12 | Contact Form and Email Contact
- Description and Extent of the Data Processing: On our website, a contact form is available, which can be used for making contact electronical. If you seize this opportunity, the entered data in the input mask are transmitted to us and stored. These data are:
- Email address
- IP address of the user
- Date and time of the transmission
- Legal Basis for the Data Processing: Legal basis for the processing of the data, the consent of the user being present, is article 6 section 1 a) GDPR. Legal basis for the processing of the data as part of a transmission via mail is article 6 section 1 f) GDPR. Aims this mail contact at the completition of a contract, the legal basis for the processing of the data additionally is article 6 section 1 b) GDPR.
- Purpose of the Data Processing: The processing of personal data from the input mask serves us solely for contacting. Certainly, we will use the data of your email inquiry only for the purpose to which you have provided them in the contacting. In the case of contacting via email, the necessary legitimate interest for the processing of the data is down to their response. Any further personal data processed during the submission process serve to prevent a misuse of our contact form and to guarantee the safety of our information technology systems.
- Duration of the Storage: The data will be deleted as soon as the data is no longer required for the attainability of their collected purpose. For personal data from the input mask of the contact form and those sent via email, is this the case if the respective conversation is finished. The conversation is finished if the circumstances abstract the affected issue as conclusively resolved. Any other personal data additionally collected during the submission process will be deleted after a period of 180 days at the latest if there is no advanced agreement with the user on the data use.
- Objection and Erasure Possibility: You have always the opportunity to recall your consent for the processing of the personal data. Contact us anytime via email to object to the storage of your personal data. We explicitly point out that in such a case a conversation can be discontinued. Regarding the objection of your consent/objection to the storage, we ask you to contact the responsible person or the commissioner of data protection according to article 1 or article 2 via email or letter. Any personal data, which were stored as part of contacting, will be deleted in this case.
Art. 13 | Web Analysis by Google Analytics
- Description and Extent of the Data Processing: We use the service of Google Inc. (1600 Amphitheatre Parkway Monutain View, CA 94043, USA) on our website to analyse the surf behaviour of our website visitor and user. The software stores a cookie on your device (on the subject of cookies see also article 7). If single pages of our website are viewed, the following data will be stored:
- Two bytes of the anonymised IP address of the viewing system of the user
- The viewed website
- Landing page and exit page
- Length of stay on the website and dropout rate
- Frequency of the call-ups of the website
- Homeland and regional origin, language, browser, operating system, hardware, screen resolution
- Use of flash or java
- used search engines and used search keywords
- Legal Basis for the Data Processing: Legal basis for the processing of personal data is article 6 section 1 a) GDPR.
- Purpose of the Data Processing: In our order, Google uses this information to analyse the behaviour of our website visitor and user and to compile reports on website activities. We are able to compile Information about the use of single components of our website due to the analysis of the gained data. This enables us to improve our website and their user friendliness.
- Duration of the Storage: The data will be deleted as soom as the data is no longer required for our recording purposes. In our case, the user data and the event history will be stored for a period 14 months and afterwards deleted.
Moreover, you are able to prevent collection and processing by Google of those data (your shortened IP address included), generated through this cookie and refferring to your use of the website, while downloading and installing the browser plugin applying the following link. The current link is "http://tools.google.com/dlpage/gaoptout?hl=en". Anytime, you have the possibility to object to your consent of processing personal data. Please contact us via e-mail, this way you are anytime able to object to the storage of your personal data. Regarding the objection to the consent or the storage, please contact the person responsible according to article 1 via e-mail or mail.
As far as, you are visiting our website with a mobile device, you are able to object to the use by deactivating Google Analytics by clicking the following link: Deactivate Google Analytics. In this case, your browser sets a cookie, which signals Google to stop the tracking.
Art. 14 | Analysis by Google Ads and Conversion Tracking
- Description and Extent of the Data Processing: This website uses Google Ads. Ads is an online advertising platform of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States (“Google”). In the context of Google Ads, we use the so-called conversion tracking. If you click on an advertisement placed by Google, a cookie will be set for the conversion tracking (on the subject of cookies see also article 7). These cookies loose validity after 30 days and do not serve the personal identification of the user. If the user visits specific pages of this website and the cookie is unexpired yet, Google and we recognise that the user clicked the advertisement and was forwarded to this page.
Each Google Ads customer receives another cookie. The cookies cannot be traced back via the website of the Google Ads customer. Information collected with the aid of the conversion cookie serve to compile conversion statistics for Ads customers, which have gone for conversion tracking. The customers get to know the total number of users that clicked on their advertisement and were forwarded to the page equipped with the conversion tracking tag. However, they do not receive any information that identifies a user personally. If you want to abstain from the tracking, you are able to object to this usage by simply deactivating the Google Conversion Tracking in the user settings of your web browser. Thereafter, you are not included in the conversion tracking statistics.
- Purpose of the Data Processing: The storage of “conversion cookies” takes place on the legal basis of article 6 section 1 subparagraph f GDPR. The website provider has a legitimate interest in the analysis of the user behaviour to optimise its web offer as well as its advertisements.
You are able to set your browser so that you are informed about the setting of cookies, allow cookies solely in individual cases, object to cookies only for specific cases, forbid them generally or activate the automatic deletion of cookies by closing the browser. By deactivating cookies generally, the functionality of some pages can be restricted.
Art. 15 | Rights of the Affected PersonIf we process your personal data, then you are a person affected in the sense of the GDPR and you have the following rights towards the responsible person:
- Right to Information
- Right to Rectification
- Right to Restriction of Processing
- Right to Erasure
- Right to Briefing
- Right to Data Portability
- Right to Object to the Processing
- Right to Object to Assentation in Terms of Data Protection Law
- Right to Non-Application of an Automated Decision-Making
- Right to Complaint at a Supervisory Authority
- Right to Information: You have the right to obtain from the person responsible confirmation as to whether or not personal data concerning your person are being processed, and, where that is the case, access to the personal data and the following information:
- the purposes of the processing;
- the categories of personal data concerned;
- the recipients or categories of recipient, to whom the personal data have been or will be disclosed;
- where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
- the existence of the right to request from the person responsible rectification or erasure of personal data or restriction of processing of personal data concerning the affected person or to object to such processing;
- the right to lodge a complaint with a supervisory authority;
- where the personal data are not collected from the affected person, any available information as to their source;
- Right to Rectification: You have the right to obtain from the person responsible without undue delay the rectification of inaccurate personal data concerning your person and/or the right to have incomplete personal data completed.
- Right to Restriction of Processing: Where one of the following applies, you have the right to obtain from the person responsible restriction of processing:
- the accuracy of the personal data is contested by the affected person, for a period enabling the person responsible to verify the accuracy of the personal data;
- the processing is unlawful and the affected person opposes the erasure of the personal data and requests the restriction of their use instead;
- the person responsible no longer needs the personal data for the purposes of the processing but they are required by the affected person for the establishment, exercise or defence of legal claims, or
- the affected person has objected to processing pursuant to article 21 section 1 GDPR pending the verification whether the legitimate grounds of the perosn responsible override those of the affected person.
- Right to Erasure
- Erasure Obligation: You have the right to obtain from the person responsible without undue delay the erasure of personal data concerning you where one of the following grounds applies:
- the personal data concerning your person are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
- you withdraw consent on which the processing is based according to article 6 section 1 a GDPR, or article 9 section 2 a GDPR, and where there is no other legal ground for the processing.
- you object to the processing pursuant to article 21 section 1 GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to article 21 section 2 GDPR.
- the personal data concerning your person have been unlawfully processed.
- the personal data concerning your person have to be erased for compliance with a legal obligation in Union or Member State law to which the person responsible is subject.
- the personal data concerning your person have been collected in relation to the offer of information society services referred to in article 8 section 1 GDPR.
- Information to Third Parties: Where the person responsible has made public the personal data concerning you and is obliged pursuant to article 17 section 1 GDPR to erase the personal data, the person responsible, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform persons responsible which are processing the personal data the affected person has requested the erasure by such persons responsible of any links to, or copy or replication of, those personal data.
- Exceptions: The right to erasure shall not apply to the extent that processing is necessary
- for exercising the right of freedom of expression and information;
- for compliance with a legal obligation which requires processing by Union or Member State law to which the person responsible is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the person responsible;
- for reasons of public interests in the area of public health in accordance with article 9 section 2 h and i as well as article 9 section 3 GDPR;
- for archiving purposes in the public interest , scientific or historical research purposes or statistical purposes in accordance with article 89 section 1 GDPR, in so far as the right referred to in paragraph a. is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
- for the establishment, exercise of defence of legal claims.
- Erasure Obligation: You have the right to obtain from the person responsible without undue delay the erasure of personal data concerning you where one of the following grounds applies:
- Right to Briefing: Have you obtained the right of rectififcation, erasure or restriction of the processing towards the person responsible, the person responsible is obliged to communicate any rectification or erasure of personal data or restriction of processing to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. You have the right to be informed by the person responsible person about those recipients.
- Right to Data Portability: You have the right to receive the personal data concerning you, which you have provided to a person responsible, in a structured, commonly used and machine-readable format and have the right to transmit those data to another person responsible without hindrance from the person responsible to which the personal data have been provided, where:
- the processing is based on consent pursuant to article 6 section 1 a GDPR or article 9 section 2 a GDPR or on a contract pursuant to article 6 section 1 b GDPR and
- the processing is carried out by automated means.
- Right to Object to the Processing: You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning your person which is based on article 6 section 1 e or f GDPR. The person responsible no longer processes the personal data concerning your person unless the person responsible demonstrates compelling legitimate grounds for the processing, which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims. Where personal data concerning your person are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning your person for such marketing. Where you object to processing for direct marketing purposes, the personal data concerning your person no longer is processed for such purposes. In the context of the use of information society services, and notwithstanding Directive 2002/58/EG, you may exercise your right to object by automated means using technical specifications. For the exercise of this right to object to the processing, the affected person shall contact the person responsible for processing at all times.
- Right to object to Assentation in Terms of Data Protection Law: You have the right to object to your consent in terms of data protection law. With the withdrawal of the consent, the legitimacy of processing remains unaffected in consequence of the consent before the withdrawal. Concerning this, you shall contact the person responsible.
- Right to Non-Application of an Automated Decision-Making: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This applies not if the decision:
- is necessary for entering into, or performance of, a contract between you and the person responsible,
- is authorised by Union or Member State law to the person responsible is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
- is based on your explicit consent.
- Right to Complaint at a Supervisory Authority: Decisions shall not be based on special categories of personal data reffered to in article 9 section 1 GDPR, unless article 9 section 2 a) or g) GDPR applies and suitable measures to safeguard your rights and freedoms and legitimate interests are in place. In the cases referred to in points a) and c), the person responsible implements suitable measures to safeguard your rights, freedoms, and legitimate interests, at least the right to obtain human intervention on the part of the person responsible, to express his or her point of view and to contest the decision. For exercise of this right to non-application of an automated decision-making, the affected person shall contact the person responsible for processing at all times.