Data protection

Personal data in the form of contractual data

(1) The general provisions of the General Data Protection Regulation (GDPR) shall apply in their currently valid version. The Provider shall not pass on any personal data provided by the Guest to third parties unless it is absolutely necessary for implementing the contract. The Provider shall collect personal contractual data insofar as this is legally permissible and necessary in order to implement the contractual relationship with the Guest in accordance with Art. 6(1)(1)(b) GDPR, or to safeguard the Provider’s interests or those of third parties in accordance with Art. 6(1)(f) GDPR. Personal contractual data include, for example, the Guest’s name, address, contact details such as telephone number(s) or e-mail address, as well as other individual data from their identity card and/or passport, such as date of birth, place of birth, issuing authority or nationality.

(2) Personal data concerning the utilisation of our internet pages

We shall only gather, process and use personal data insofar as this is necessary for enabling the user to utilise the service. The accessing and processing of personal data in the context of our business activities may only be carried out by a trained department, in accordance with the provisions of the General Data Protection Regulation (GDPR). In the case of sensitive data, the basic principles of legitimacy, purpose, data security and data economy shall generally apply. The personal data shall be safeguarded by means of professional protection programmes (virus protection, etc.) that meet state-of-the-art technological standards and are located within legally compliant data rooms, regulated in the EU with, among others, third countries by Article 45 (Transfers on the basis of an adequacy decision).

The said personal data shall be erased after the order has been completed or the business relationship has come to an end. Legal storage periods in accordance with the provisions of Section 257 of the German Commercial Code (HGB) and Section 14b of the German Value Added Tax Act (UstG) shall thereby remain unaffected. The passing on of any personal data to state authorities shall take place within the framework of national legislations. Should any data breaches occur (e.g. due to hacker attacks or losses of data carriers), we shall fulfil our reporting obligations with regard to the data protection regulatory authorities and our obligation to notify the data subject in accordance with Art. 33 and 34 GDPR.

(3) The right of withdrawal of consent, and to the rectification, erasure and blocking of data

In accordance with the General Data Protection Regulation (GDPR), you have the right to access information, free of charge, on any stored data concerning you, including on the origin and recipient(s) of your data, as well as the purpose of the data processing (Art. 15). You also have the right to have any incorrect data rectified (Art. 16, the blocking and erasure of your personal data (Art. 17 GDPR – the right to erasure, “the right to be forgotten”), provided that this is not in conflict with any statutory storage obligation. The right to a restriction of data processing is enshrined in Art. 18. and the right to data portability in Art. 20 of the GDPR. You also have the right to at any time withdraw your consent in accordance with Art. 6(1)(a) or Art. 9(2)(a) GDPR. Many data processing procedures are only possible with your explicit consent. You can at any time withdraw a consent you have already granted. To do this, it suffices to send us an informal message by e-mail. The lawfulness of the data processing carried out up to the withdrawal of consent shall remain unaffected by the withdrawal of consent.

(4) The right to file a complaint with the responsible regulatory authority

In the event of any violations of data protection law, every data subject has the right to file a complaint with the responsible regulatory authority. The regulatory authority responsible for issues concerning data protection law is the state data protection official of the German state where our company’s headquarters are based. Here, the complaint should be filed with the State Official for Data Protection and Freedom of Information in Baden-Wuerttemberg: https://www.baden-wuerttemberg.datenschutz.de/

(5) Person responsible for data protection

Mr Arnd Fliescher, Lessingstrasse 6a, D-76530 Baden-Baden, Germany (for details, please see section on Company Details)

WordPress and Plug-ins

Cookies for the content management system WordPress are necessary for the page layout and the guarantee of basic functions of the website. WordPress websites and software extensions (plug-ins) set self-used cookies. The integrated security plug-in Wordfence stores anonymous IP addresses and protects the site from hacker attacks or malware. ManageWP is integrated to support and manage WordPress Internet pages. This is a tool for regular backups, Google Analytics integration or performance optimization. All data for the provision and administration of the website is collected and processed anonymously. In order to guarantee data protection-compliant processing, we have concluded an order processing contract with the provider.

Borlabs Cookie

This site uses the Borlabs Cookie tool, which integrates cookies via opt-in and stores your cookie consent. If you wish to withdraw your consent to the Borlabs cookie, simply delete the cookie from your browser. When you reload our website, you will be asked again for your cookie consent. You can use Borlabs cookies to enable or disable anonymous user data collected through Google Analytics cookies. Cookies to social networks or Google Maps can also be individually controlled via Borlabs cookies. As part of the cookie opt-in tool, a processing contract has been concluded with the provider.

Google services

Web fonts

This page uses in connection with WordPress for the standardized representation of fonts so-called Web Fonts, which are offered by Google. The Google Fonts are installed locally.

Google Maps

This page uses Google Maps. Google Maps uses cookies primarily to provide location information. Information, such as route planning, is collected by analyzing Internet Protocol (IP) addresses or device locations. When the browser window is loaded, cookies are automatically transmitted to Google. You can deactivate the continued use of Google Maps cookies on the site via Borlabs Cookie.

Google Analytics

When loading the website, your user behaviour can be statistically evaluated using the integrated analysis tool Google Analytics. The analysis of your user behaviour is carried out statistically via anonymous IP addresses. The website usage statistics show, among other things, the day, time or location. However, no information is collected that makes individual users personally identifiable for the site operator. Google’s current data protection guidelines and terms of use apply in the context of data protection-compliant processing. Responsible for Google services and European privacy is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Users can prevent cookies from being saved by setting their browser software. Browser add-on for deactivating Google Analytics: https://tools.google.com/dlpage/gaoptout?hl=de.
Information on data protection and the use of cookies in Google services can be found at: https://policies.google.com/

External Hosting

This website is hosted by Web-Service4u.de, IT-Service Reiko Kretzschmar, 17309 Pasewalk in Germany as an external service provider. The data protection declaration with information on the use of cookies for customers, business partners and the public can be found at https://web-service4u.de/datenschutzerklaerung The rights and obligations of the provider according to the General Data Protection Regulation (DSGVO) for the use of cookies and other personal data are also communicated here. As a rule, Internet providers store automated information such as Internet browser, operating system or time of the page call. Part of the data is collected in order to ensure that the website is error-free. Other data can be used to analyse user behaviour. Personal data such as contact enquiries, meta and communication data, contract data or IP addresses and website accesses generated via the website are stored and processed on the host’s servers. The basis for the processing of personal data for data processing is Art. 6 para. 1 lit. b DSGVO, which permits the processing of data for the fulfilment of a contract or pre-contractual measures.

vioma systems

The site integrates the server-side hotel software from vioma Systems. The vioma software system stands for TÜV-certified security. Here you can receive information in real time on room facilities, prices or available times and make booking enquiries. Cookies and personal data collected via this software is stored on the provider’s servers. This may include log files, IP addresses, contract information, contact information, and other information generated by the system. The provider is used for the purpose of fulfilling the contract with new and existing customers in accordance with Art. 6 Para. 1 lit. b DSGVO. The Provider will only process data to the extent necessary to fulfil its obligations. In order to guarantee processing in compliance with data protection regulations, we have concluded an order processing agreement with the provider.