The protection of your data is one of our most important principles. With this privacy statement we inform you:
- about the nature, scope, purpose and duration of the collected personal data, used and processed by us, as well as
- about your rights.
1. What data do we collect?
- For general inquiries, which are addressed to us by telephone, e-mail or contact form, the corresponding personal data that you provide us voluntarily (name, telephone number and/or e-mail address, eventually information which is in your e-mail signature) are stored only for the purpose of the respective communication. Further processing does not take place.
- Personal data requested by us in connection with a service (room booking) will only be processed for the purpose of contract processing. Basically, in this case we need from you: name, address, date of birth, payment method. For the bill data we do not store the telephone number, email address or credit card numbers.
2. Why do we collect this data?
We process and use your data in order to fulfil the contract concluded with you and to provide our service as well as to prepare the billing for it.
The legal basis for the data processing described above is Article 6 of the European Data Protection Basic Regulation (GDPR EU), the German Federal Data Protection Act (BDSG), the German Federal Reporting Act as well as other relevant laws (Tax Law, Trade Act).
3. How do we collect the data and how long do we store it?
We collect the above mentioned data as follows:
- Your name, date of birth, address and signature will be indicated on the registration form on your arrival on the basis of the German Federal Reporting Act. As specified in the Reporting Act, the registration form is destroyed after 1 year.
- The name, address, used services and payment method are stored in our customer database and are used for invoicing. We do not store birth data in our customer database, no communication data (telephone number or email addresses) and no bank details or credit card data, only the payment method. Sensitive payment data (bank details and credit card data) are only collected directly through the payment provider (e.g. Credit Card Institute or similar) during the booking or payment process.
4. Passing data on to third parties
In order to be able to fully fulfil the contract with you, our service providers have access to your data as well as those responsible for the processing of orders. Our service providers are contractually obligated to carry out the processing of these data in accordance with applicable European and German data protection directives. This applies to the operation of our in-house network, our web site, for bookings via portals or through our homepage, for payment transactions and for accounting.
When you visit our website or use our in-house networks, your data, which is provided by your Internet-enabled device and browser (log data), is queried and stored by our providers. Log data contains the IP address of the device you use to access our website, the type of browser you are accessing, the Web page you previously visited, your system configuration, and date and time information. This data is not retrieved by us and is not evaluated, but it is stored on our servers or on the servers of our providers. IP addresses, according to our provider, are stored for a maximum of 7 days to detect and defend against attacks.
If you have made a booking through our homepage or through a booking portal, your data will be made available to us for the purpose of concluding a contract via our service providers (operators of the booking portals or booking modules).
However, we would point out that a completely secure communication on the Internet is not possible.
We do not use profiling or other automatic decision-making.
We only issue data in accordance with legal regulations or a court order to authorities and third parties. Information to authorities may be issued on the basis of a statutory provision for security or prosecution.
Your data will not be sold to other providers!
5. Protective measures
We always take action for:
– preventing unauthorised access to data processing equipment
- preventing unauthorized use of the system
- preventing unauthorized reading, copying, modification or removal/destruction of data
- ensuring separate processing of data collected for different purposes
6. Your rights
You have the right to receive free information from us at any time, as well as confirmation of the personal data stored on your person (art. 15 GDPR EU), as well as to request the immediate rectification or completion (art. 16 GDPR EU) of your personal data.
You have the right to request the immediat restricted processing (art. 18 GDPR EU) or deleting (art. 17 GDPR EU) of your personal data, provided that there is no other legal basis for processing (§§ 34 and 35 BDSG).
In addition, there is a right of appeal to a Data protection supervisory authority (art. 77 GDPR EU in conjunction with § 19 BDSG)
In order to contact us in the above mentioned matters, it suffices if you give us an informal eMail
You can also use the contact form
on our website.
Data protection supervisor: Michael Brunner