The following notes provide a simple overview of what happens to your personal data when you visit our website. Personal data is all data with which you can be personally identified.
This data protection declaration explains the type, scope and purpose of the processing of personal data (hereinafter referred to as “data”) within our online offer and the websites, functions and content associated with it as well as external online presences, such as our social media profile (hereinafter referred to as collectively referred to as “Online Offering”).
With regard to the terms used, such as “processing” or “person responsible”, we refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).
We reserve the right to adapt this data protection declaration so that it always corresponds to the current legal requirements or to implement changes to our services in the data protection declaration, e.g. when introducing new services. The new data protection declaration will then apply to your next visit.
WHO IS RESPONSIBLE FOR DATA PROCESSING AND WHO CAN I CONTACT?
Kurgarten-Hotel GmbH & Co. KG
Tel.: + 49 (0) 7834 / 40 – 53
Fax: + 49 (0) 7834 / 47 – 589
You can reach our data protection officer at:
Dr. Gert Landauer
HWH – Gesellschaft für Datenschutz und Beratung GmbH
BGM – Bürgermeister-Rohrmüller Straße 14
Tel.: +49 (0) 160 / 96780366
TYPES OF DATA PROCESSED
- Inventory data (e.g. names, addresses)
- Contact information (e.g. e-mail, telephone numbers)
- Content data (e.g. text input, photographs, videos)
- Usage data (e.g. websites visited, interest in content, access times)
- Meta/communication data (e.g. device information, IP addresses)
In addition, we process:
- Contract data (e.g. subject of the contract, term, customer category)
- Payment data (e.g. bank details, payment history)
from our customers, prospects and business partners for the purpose of providing contractual services, service and customer care, marketing, advertising and market research.
WHAT DO WE PROCESS YOUR DATA FOR (PURPOSE OF PROCESSING) AND ON WHAT LEGAL BASIS?
We process personal data in accordance with the provisions of the European General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG).
- Provision of the online offer, its functions and content
- Answering contact requests and communicating with users
- Safety measures
- Reach measurement/marketing
We only process your personal data for the purposes stated in this data protection declaration. Your personal data will not be transmitted to third parties for purposes other than those mentioned. We only pass on your personal data to third parties if:
- you have given your express consent,
- the processing is necessary for the execution of a contract with you,
- the processing is necessary to fulfill a legal obligation,
- the processing is necessary to protect legitimate interests and there is no reason to believe that you
- have an overriding legitimate interest in not disclosing your data.
use of the website
If you only use the website for informational purposes, we only collect the data that your browser transmits to our server. If you want to view our website, we collect the following data that is technically necessary for us to display our website to you and to ensure stability and security. The legal basis is Article 6 Paragraph 1 Clause 1 Letter f GDPR.
In addition to the aforementioned data, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard drive and assigned to the browser you are using and through which certain information flows to the place that sets the cookie (here from us). Cookies cannot run programs or transmit viruses to your computer. They serve to make the Internet offer more user-friendly and effective overall.
The website uses transient and persistent cookies, the scope of which is explained below: Transient cookies are automatically deleted when you close the browser. These include in particular the session cookies. These store a so-called session ID, with which various requests from your browser can be assigned to the joint session. This allows your computer to be recognized when you return to our website. The session cookies are deleted when you log out or close the browser.
Persistent cookies are automatically deleted after a specified period, which can vary depending on the cookie. You can delete the cookies in the security settings of your browser at any time.
You can configure your browser settings according to your wishes and e.g. B. refuse to accept third-party cookies or all cookies. We would like to point out that you may then not be able to use all the functions of this website.
Use of Google Analytics
This website uses Google Analytics, a web analytics service provided by Google Inc. (“Google”). Google Analytics uses so-called “cookies”, text files that are stored on your computer and enable an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. If IP anonymization is activated on this website, your IP address will be shortened beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on the activities and to provide other services related to website and internet use to the website operator.
The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
You can prevent the storage of cookies by setting your browser software accordingly; we would like to point out to you however that in this case you will if applicable not be able to use all functions of this website in full. You can also prevent Google from collecting the data generated by the cookie and related to your use of the website (including your IP address) and from processing this data by Google by downloading the browser plug-in available under the following link and install: http://tools.google.com/dlpage/gaoptout?hl=de.
We use Google Analytics to analyze and regularly improve the use of our website. We can use the statistics obtained to improve our offer and make it more interesting for you as a user. For the exceptional cases in which personal data is transmitted to the USA, Google has submitted to the EU-US Privacy Shield, www.privacyshield.gov/EU-US-Framework. The legal basis for the use of Google Analytics is Article 6 Paragraph 1 Clause 1 Letter f GDPR.
With your consent, you can contact us via the contact forms and send us messages. The legal basis is Article 6 Paragraph 1 Clause 1 Letter a GDPR.
Mandatory information for submitting the forms is your surname and first name as well as your e-mail address. The specification of further, separately marked data is voluntary. The data will be used confidentially and exclusively for your desired purpose and will not be passed on to unauthorized third parties.
You can revoke your consent to the transmission of the contact form at any time with effect for the future. You can declare your revocation by sending a message to the contact details given in the imprint.
Data protection information in the application process
We process the applicant data only for the purpose and as part of the application process in accordance with the legal requirements. The applicant data is processed to fulfill our (pre)contractual obligations within the scope of the application process within the meaning of Article 6 Paragraph 1 Letter b. GDPR Art. 6 Paragraph 1 lit. f. GDPR if the data processing is necessary for us, e.g. in the context of legal proceedings (in Germany § 26 BDSG also applies).
The application process requires that applicants provide us with the applicant data. The necessary applicant data result from the job descriptions and basically include personal details, postal and contact addresses and the documents belonging to the application, such as cover letter, curriculum vitae and certificates. In addition, applicants can voluntarily provide us with additional information. By submitting the application to us, the applicants agree to the processing of their data for the purposes of the application process in accordance with the type and scope set out in this data protection declaration.
Insofar as special categories of personal data within the meaning of Art. 9 Para. 1 GDPR are voluntarily communicated as part of the application process, they are also processed in accordance with Art. 9 Para. 2 lit. b GDPR (e.g. health data, such as severe disability or ethnic origin) . Insofar as special categories of personal data within the meaning of Art. 9 Para. 1 GDPR are requested from applicants as part of the application process, they are also processed in accordance with Art. 9 Para. 2 lit. a GDPR (e.g. health data if this is necessary for the exercise of the profession are).
In addition to the postal route, applicants can send us their applications via e-mail. However, we ask you to note that e-mails are generally not sent in encrypted form and that the applicants themselves must ensure that they are encrypted. We can therefore assume no responsibility for the transmission path of the application between the sender and receipt on our server.
In the event of a successful application, the data provided by the applicants can be processed by us for the purposes of the employment relationship. Otherwise, if the application for a job offer is not successful, the data of the applicants will be deleted. The applicants’ data will also be deleted if an application is withdrawn, which applicants are entitled to do at any time.
The deletion takes place, subject to a justified revocation by the applicant, after a period of six months, so that we can answer any follow-up questions about the application and meet our obligations to provide evidence under the Equal Treatment Act.
WHO GETS MY DATA?
Only those departments that need your data to fulfill their contractual and legal obligations will have access to it. Processors employed by us in accordance with Art. 28 GDPR may also receive data for these purposes. These are companies in the IT services and telecommunications categories. In this regard, there are corresponding contracts for order processing in accordance with Article 28 GDPR.
We may only pass on personal data if this is permitted by law or if you have given your consent. Under these conditions, recipients of personal data can be third parties named under point 2.
HOW LONG WILL MY DATA BE STORED?
Personal data will be deleted immediately as soon as their knowledge is no longer required for the fulfillment of the purpose of storage (e.g. sending information material) and there is no legal obligation to retain the corresponding documents.
WILL MY DATA BE TRANSFERRED TO A THIRD COUNTRY OR AN INTERNATIONAL ORGANIZATION?
Data will only be transferred to third countries (countries outside the European Economic Area) if this is legally permissible or if you have given us your consent. Under these conditions, recipients of personal data can be third parties named under point 3.
AM I OBLIGATED TO PROVIDE DATA?
As part of your visit to our website, you only have to provide the data that is required for the technical implementation of the visit. The provision of the data is neither legally nor contractually required or necessary for the conclusion of a contract. You are not obliged to provide the data. Failure to provide personal data can only mean that you may not be able to use all the functions and offers of this website.
WHAT PRIVACY RIGHTS DO I HAVE?
Every data subject has the right to information under Article 15 GDPR, the right to rectification under Article 16 GDPR, the right to erasure under Article 17 GDPR, the right to restriction of processing under Article 18 GDPR and the right to data portability Article 20 GDPR. The restrictions under §§ 34 and 35 BDSG apply to the right to information and the right to erasure. In addition, there is a right of appeal to a data protection supervisory authority in accordance with Article 77 GDPR i. in conjunction with § 19 BDSG.