Personal data in the form of contractual data
(1) The general provisions of the General Data Protection Regulation (GDPR) shall apply in their currently valid version. The Provider shall not pass on any personal data provided by the Guest to third parties unless it is absolutely necessary for implementing the contract. The Provider shall collect personal contractual data insofar as this is legally permissible and necessary in order to implement the contractual relationship with the Guest in accordance with Art. 6(1)(1)(b) GDPR, or to safeguard the Provider’s interests or those of third parties in accordance with Art. 6(1)(f) GDPR. Personal contractual data include, for example, the Guest’s name, address, contact details such as telephone number(s) or e-mail address, as well as other individual data from their identity card and/or passport, such as date of birth, place of birth, issuing authority or nationality.
(2) Personal data concerning the utilisation of our internet pages
We shall only gather, process and use personal data insofar as this is necessary for enabling the user to utilise the service. The accessing and processing of personal data in the context of our business activities may only be carried out by a trained department, in accordance with the provisions of the General Data Protection Regulation (GDPR). In the case of sensitive data, the basic principles of legitimacy, purpose, data security and data economy shall generally apply. The personal data shall be safeguarded by means of professional protection programmes (virus protection, etc.) that meet state-of-the-art technological standards and are located within legally compliant data rooms, regulated in the EU with, among others, third countries by Article 45 (Transfers on the basis of an adequacy decision).
The said personal data shall be erased after the order has been completed or the business relationship has come to an end. Legal storage periods in accordance with the provisions of Section 257 of the German Commercial Code (HGB) and Section 14b of the German Value Added Tax Act (UstG) shall thereby remain unaffected. The passing on of any personal data to state authorities shall take place within the framework of national legislations. Should any data breaches occur (e.g. due to hacker attacks or losses of data carriers), we shall fulfil our reporting obligations with regard to the data protection regulatory authorities and our obligation to notify the data subject in accordance with Art. 33 and 34 GDPR.
(3) The right of withdrawal of consent, and to the rectification, erasure and blocking of data
In accordance with the General Data Protection Regulation (GDPR), you have the right to access information, free of charge, on any stored data concerning you, including on the origin and recipient(s) of your data, as well as the purpose of the data processing (Art. 15). You also have the right to have any incorrect data rectified (Art. 16, the blocking and erasure of your personal data (Art. 17 GDPR – the right to erasure, “the right to be forgotten”), provided that this is not in conflict with any statutory storage obligation. The right to a restriction of data processing is enshrined in Art. 18. and the right to data portability in Art. 20 of the GDPR. You also have the right to at any time withdraw your consent in accordance with Art. 6(1)(a) or Art. 9(2)(a) GDPR. Many data processing procedures are only possible with your explicit consent. You can at any time withdraw a consent you have already granted. To do this, it suffices to send us an informal message by e-mail. The lawfulness of the data processing carried out up to the withdrawal of consent shall remain unaffected by the withdrawal of consent.
(4) The right to file a complaint with the responsible regulatory authority
In the event of any violations of data protection law, every data subject has the right to file a complaint with the responsible regulatory authority. The regulatory authority responsible for issues concerning data protection law is the state data protection official of the German state where our company’s headquarters are based. Here, the complaint should be filed with the State Official for Data Protection and Freedom of Information in Baden-Wuerttemberg: https://www.baden-wuerttemberg.datenschutz.de/
(5) Person responsible for data protection
Mr Arnd Fliescher, Lessingstrasse 6a, D-76530 Baden-Baden, Germany (for details, please see section on Company Details)
WordPress and Plug-ins
Cookies for the content management system WordPress are necessary for the page layout and the guarantee of basic functions of the website. WordPress websites and software extensions (plug-ins) set self-used cookies. The integrated security plug-in Wordfence stores anonymous IP addresses and protects the site from hacker attacks or malware. ManageWP is integrated to support and manage WordPress Internet pages. This is a tool for regular backups, Google Analytics integration or performance optimization. All data for the provision and administration of the website is collected and processed anonymously. In order to guarantee data protection-compliant processing, we have concluded an order processing contract with the provider.
This site uses the Borlabs Cookie tool, which integrates cookies via opt-in and stores your cookie consent. If you wish to withdraw your consent to the Borlabs cookie, simply delete the cookie from your browser. When you reload our website, you will be asked again for your cookie consent. You can use Borlabs cookies to enable or disable anonymous user data collected through Google Analytics cookies. Cookies to social networks or Google Maps can also be individually controlled via Borlabs cookies. As part of the cookie opt-in tool, a processing contract has been concluded with the provider.
This page uses in connection with WordPress for the standardized representation of fonts so-called Web Fonts, which are offered by Google. The Google Fonts are installed locally.
Users can prevent cookies from being saved by setting their browser software. Browser add-on for deactivating Google Analytics: https://tools.google.com/dlpage/gaoptout?hl=de.
The site integrates the server-side hotel software from vioma Systems. The vioma software system stands for TÜV-certified security. Here you can receive information in real time on room facilities, prices or available times and make booking enquiries. Cookies and personal data collected via this software is stored on the provider’s servers. This may include log files, IP addresses, contract information, contact information, and other information generated by the system. The provider is used for the purpose of fulfilling the contract with new and existing customers in accordance with Art. 6 Para. 1 lit. b DSGVO. The Provider will only process data to the extent necessary to fulfil its obligations. In order to guarantee processing in compliance with data protection regulations, we have concluded an order processing agreement with the provider.