In the following, we would like to inform you about data protection on our website and about the type, scope and purpose of the personal data we collect, use and process. Data protection is a high priority for us.

 

Personal data is all data with which you could be personally identified, e.g. name, IP address, telephone number, etc. Some of this data is processed automatically when you visit the website (e.g. IP address, browser type, operating system, etc.), or if you give us your consent to process it, or if you provide us with your data voluntarily, e.g. by entering your data in a form on our website.

 

We would also like to inform you about your rights under the GDPR.

 

You have the right to receive information free of charge at any time about the origin, recipient and purpose of your personal data processed by us, as well as the right to correct or delete this data.

 

You also have the right to request the restriction of the processing of your personal data under certain circumstances. If you have given us your consent to process your data, you can withdraw this consent at any time with effect for the future. You also have the right to lodge a complaint with the competent data protection supervisory authority.

 

The person responsible for data protection/processing is

 

Josef Schegerer

Hotel & SPA Reibener-Hof

Reiben 1

94357 Konzell

Konzell, Germany

 

Phone: +49 (0) 9963/94320

Fax: +49 (0) 9963/943210

E-mail: info@reibener-hof.de

 

Processing of your data in the context of the services we provide

 

In the case of our guests, customers or business partners, or in the event that you are interested in our services, the type, scope and purpose of the processing of your personal data is based on the contractual or pre-contractual relationships existing between us. We process personal data that we request from you or that you provide to us in order to answer your inquiry, prepare an offer for you or process your order. The data subjects are guests, interested parties, business and contractual partners. The purpose of processing is the processing of contractual services, communication, as well as answering contact requests and office and organizational procedures.

 

Unless otherwise stated in the further information in this privacy policy, the processing of your data and its disclosure to third parties is limited to the data that is necessary and expedient to answer your inquiries and/or to fulfill the contract, to protect our rights and to fulfill legal obligations.

 

The data concerned are

 

• Inventory data (e.g. names, addresses)
• Payment data (e.g. bank details, invoices)
• Contact data (e.g. e-mail address, telephone number, postal address)
• Contract data (e.g. subject matter of the contract, duration of the contract)

 

The legal basis for data processing is Art. 6 I 1 lit. b GDPR, the fulfillment of the contract or the fulfillment of pre-contractual inquiries.

 

Unless a specific storage period is specified in this privacy policy, we store your personal data until the purpose for data processing no longer applies. We delete your personal data when we no longer need it, i.e. after termination of the contractual relationship between us, or after our legitimate interest in the further processing of the data has ceased to exist, or if you request us to delete it. Mandatory statutory provisions - in particular statutory retention periods - remain unaffected. It may also be necessary to process your personal data until the expiry of these periods in order to assert, exercise or defend legal claims arising from contractual relationships or to protect the rights of another natural or legal person. We will then only delete the personal data required for this purpose after these periods have expired. However, we will restrict the processing of this data to these purposes until these periods have expired.

 

Accessing the website - processing of personal data and type and purpose of use

 

When you access our website, you transmit data to our web server via your Internet browser (for technical reasons). The following data is processed in the server log files during an ongoing connection for communication between your internet browser and our web server:

• the page from which the file was requested - referrer URL
• the name of the file
• the date and time of the request
• a description of the type of web browser used / browser version and operating system
• IP address of the requesting computer
• Access status (file transferred, file not found, etc.)
• mount of data transferred

 

This data is stored temporarily for technical reasons (accessing the website). It is not possible for us to draw conclusions about individual persons from this data. The IP addresses are deleted or anonymized after 7 days at the latest.

 

The data is evaluated exclusively for internal purposes and does not allow us to draw any conclusions about your person. A comparison with other databases does not take place.

 

The aforementioned data is processed for the following purposes:

 

• Ensuring a proper and smooth connection to the website,
• Ensuring convenient use of the website,
• Evaluation of system security and stability

 

The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. f GDPR. The legitimate interest follows from the data collection purposes listed above. Under no circumstances do we use the data collected for the purpose of drawing conclusions about your person. You can visit the website without providing any personal data.

 

Cookies - Consent Tool

 

We use cookies on our website. Cookies are small files that your browser automatically creates and that are stored on your end device (laptop, tablet, smartphone, etc.) when you visit our website. Cookies do not cause any damage to your end device and do not contain any viruses, Trojans or other malware.

 

Information is stored in the cookie that results in each case in connection with the specific end device used. However, this does not mean that we obtain direct knowledge of your identity. Cookies do not contain any personal data and therefore cannot be directly assigned to a user.

 

The use of cookies serves to make the use of our website more pleasant for you. For example, we use technically necessary session cookies to save your selection for tracking measures and cookies. These cookies are automatically deleted after you close your browser or after one day. The legal basis is Art 6 I S 1 lit c DSGVI in conjunction with § 25 TTDSG.

 

Cookies may also be used by third-party services with your consent. The legal basis is then Art 6 I S 1 lit a GDPR - your consent. These cookies are automatically deleted after a defined period of time. A detailed overview of the cookies or other technologies and service providers we use, their purposes and storage duration, the legal basis for cookie use and further information can be found in our Consent Manager.

 

You can use the Consent Manager to accept or reject individual or all cookies separately when you visit our website for the first time and at any time thereafter by placing a tick / a cross next to the respective cookie or removing it and saving the settings. These settings are saved on your computer or mobile device in local storage. They must therefore be made and saved again if the device's local storage is deleted or another device or browser is used. Please note that you may have to manually delete cookies that have already been set if you withdraw your consent.

 

Most browsers accept cookies automatically. However, you can also configure your browser so that no cookies are stored on your computer or a message always appears before a new cookie is created. Each browser manages the cookie settings differently. How you can deactivate cookies or change settings is described in the help menus of your browser.

 

Inquiries by e-mail, fax or telephone

 

If you contact us by e-mail, fax or telephone, we will store and process your request, including all personal data resulting from it (e.g. name, request) for the purpose of processing your request. The data will not be passed on without your consent. There is no legal or contractual obligation to provide your data, but it is not possible to process your request without providing your data.

 

This data is processed on the basis of Art. 6 para. 1 lit. b GDPR if your request is related to the fulfillment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on your consent (Art. 6 para. 1 lit. a GDPR) and / or on our legitimate interest (Art. 6 para. 1 lit. f GDPR), as we have a legitimate interest in the effective processing of the inquiries addressed to us.

 

The data sent to us via contact requests (e-mails) will be stored by us until you request us to delete it, revoke your consent to storage or the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory statutory provisions - in particular statutory retention periods - remain unaffected.

 

Data when using our contact form

 

If you send us a message via our contact form, you can also use a pseudonym instead of your real name. Entering an e-mail address is necessary to enable us to contact you by e-mail. There is no legal or contractual obligation to provide your data, but it is not possible to process your request without providing your data.

 

The data you enter in the contact form will only be used by us to respond to your inquiry via the contact form. We do not pass on the data you enter in the contact form to third parties or use this data for any other purpose than to respond to your inquiry. The data processing is carried out either for the purpose of fulfilling a contract to which the data subject is a party or for the implementation of pre-contractual measures (Art. 6 I S 1 lit. b GDPR), or in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR on the basis of your voluntarily given consent and / or on our legitimate interests (Art. 6 para. 1 lit. f GDPR), as we have a legitimate interest in the effective processing of the inquiries addressed to us.

 

Your data will be deleted after final processing of your request, provided that the deletion does not conflict with any statutory retention obligations.

 

Vioma - reservation system and vouchers

 

We integrate hotel reservation services from vioma GmbH (vioma GmbH, Industriestraße 27, 77656 Offenburg, info@vioma.de) on our website.

 

If you make an online booking or a booking request via our website, we require your e-mail address, travel dates, title, first name and surname for processing. In individual cases, we may ask for your telephone number so that we can contact you quickly.

 

For the calculation of the travel price, the duration of the stay, the number of persons traveling and the information as to whether the persons are adults or children is required. In the case of children, the age is requested for the correct calculation of the travel price. Further information in the form is provided on a voluntary basis.

 

The legal basis is Art 6 I S 1 lit b GDPR (your request for reservations - fulfillment of a contract or the implementation of pre-contractual measures) and Art 6 I S 1 lit f GDPR our legitimate interest in a secure and user-friendly reservation system.

 

We also use vioma's voucher software for the sale, redemption and management of online vouchers. If you purchase an online voucher via our website, we need your e-mail address, title and first and last name of the voucher recipient for processing. If the voucher is sent by e-mail, we also process the recipient's e-mail address. If the voucher is sent by post, the recipient's postal address will be processed for delivery. The residual value of the voucher, the redemptions already made and the current status are recorded in the voucher management system.

 

The legal basis is Art. 6 I S 1 lit b GDPR - the fulfillment of a contract or implementation of pre-contractual measures.

 

You can find vioma's privacy policy at https://www.vioma.de/de/company/datenschutzhinweise/

 

Newsletter - Brevo

 

We only send our newsletter with advertising information (hereinafter "newsletter") with the express consent of the recipient in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR. Registration for our newsletter takes place in a so-called double opt-in procedure, i.e. after registering for our newsletter, you will receive an email asking you to confirm your registration. This confirmation is necessary so that no third party can register with your e-mail address. There is no legal or contractual obligation to provide your data, but it is not possible to send a newsletter without providing your data.

 

Subscriptions to the newsletter are logged in order to be able to prove the registration process in accordance with legal requirements. This includes storing the time of registration and confirmation as well as the IP address.

To subscribe to our newsletter, it is sufficient to enter your e-mail address. We will store your e-mail address until you unsubscribe from our newsletter. You can unsubscribe from the newsletter at any time in the future either by clicking on the link at the end of each newsletter or by clicking on the "Unsubscribe from newsletter" link on our website and following the steps described.

 

Consent to the sending of e-mail addresses is based on Art. 6 para. 1 lit. a GDPR. We are interested in using a user-friendly and secure newsletter system that serves both our business interests and meets the expectations of users for information about our products.

We would like to point out that you can revoke your consent to the future processing of your personal data at any time. Further information on your right of revocation can be found under "Rights of data subjects".

 

We use the services of Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin (Brevo) to send out our newsletter. Brevo is a service with which, among other things, the sending of newsletters can be organized and analyzed.

 

The email addresses of the recipients of our newsletters are stored on the servers of Sendinblue GmbH. If we send a newsletter via Brevo and you open it, a file contained in the newsletter automatically connects to Brevo's servers. Brevo is informed that the newsletter has been opened and registers all clicks on the links it contains. In addition, Brevo may collect technical information such as the time of access, IP address, browser type and operating system. Brevo therefore uses your personal data to send and analyze the newsletter on our behalf. We can recognize via Brevo whether a newsletter message has been opened and which links have been clicked on. Furthermore, Brevo can also use the data to optimize its own offer. Brevo does not use the personal data of our newsletter recipients to contact them itself or to pass the data on to unauthorized third parties.

 

By subscribing to the newsletter on our website, you confirm that the information you provide may be transferred to Brevo for processing in accordance with the above and within the scope of Brevo's terms of use (https://www.brevo.com/de/legal/termsofuse/).

 

You can find Brevo's privacy policy at https://www.brevo.com/de/legal/privacypolicy/

 

Email advertising and your right to object

 

If we have received your e-mail address in connection with a booking or service and you have not objected, we reserve the right to regularly send you our offers for similar services on the basis of Section 7 III UWG. The legal basis arises from our legitimate interest in advertising to our guests and the processing of the data is permitted in accordance with Art. 6 I S1 lit. f GDPR as part of a balancing of interests.

 

You can object to the use of your e-mail address at any time by sending us a message or via the corresponding link in the advertising e-mail. After the legal basis for data processing for advertising e-mails no longer applies, your e-mail address will be deleted, unless statutory retention obligations (e.g. from tax or commercial law retention obligations) prevent this.

 

We would also like to point out that you can object to the future processing of your personal data in accordance with the legal requirements pursuant to Art. 21 GDPR at any time. In particular, you may object to processing for direct marketing purposes.

 

Postal advertising and your right to object

 

We reserve the right to use your first and last name as well as your postal address, which you have provided to us in the context of bookings, for our own advertising purposes, e.g. to send you interesting offers by post. This serves to safeguard our legitimate interests, which predominate in the context of a balancing of interests, in a promotional approach to our guests in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR.

 

You can object to the storage and use of your data for these purposes at any time by sending us a message. The objection can be made in particular against processing for direct marketing purposes. After the legal basis for data processing for postal advertising ceases to apply, your address data will be deleted, unless there are legal obligations to retain it.

 

OpenStreetMaps

 

On our website, we use the geodata of the open source map service "OpenStreetMaps" (also known as "OSM") of the Openstreetmap Foundation, St John's Innovation Centre, Cowley Road, Cambridge, CB4 0WS, United Kingdom (Company Registration Number: 05912761) to display maps. The United Kingdom is a secure third country under data protection law and has a level of data protection equivalent to that of the EU.

 

This service enables us to present our website with the map displayed on it in an appealing way. When you access the map data, your IP address and the information that our website has been accessed are transmitted to the OSM servers. The legal basis for the processing of your data is Art. 6 I S 1 lit f GDPR. Our legitimate interest arises from the need for an appealing presentation of our location and other places indicated on our website.

 

Further information on the handling of user data can be found in OSM's privacy policy at https://wiki.osmfoundation.org/wiki/Privacy_Policy

 

Google Tag Manager - Google Analytics

 

Our website uses Google Tag Manager. This service allows website tags to be managed via an interface. The Google Tool Manager only implements tags. This means that no cookies are used and no personal data is collected. The Google Tool Manager triggers other tags, which in turn may collect data. However, the Google Tag Manager does not access this data. If a deactivation has been made at domain or cookie level, it will remain in place for all tracking tags if they are implemented with the Google Tag Manager.

 

We use Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics may use so-called "cookies" with your consent (Art 6 I S 1 lit a GDPR). Server requests are transmitted to a Google server and processed there. Google may also use other technologies such as tracking pixels to analyze the use of the website.

 

On behalf of the operator of this website, Google will use this information to evaluate the use of the website, to compile reports on website activity and to provide other services related to website activity and internet usage, such as market research and needs-based website design. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. The IP addresses are anonymized so that an assignment is not possible (IP masking).

 

A possible data transfer of your IP address to Google servers in the USA is based on the adequacy decision of the EU Commission (EU-U.S. Data Privacy Framework). Based on EU adequacy decisions, personal data can flow unhindered and securely from the European Economic Area to the third country in question without any further conditions or authorizations being required. This means that data can be transferred to the third country in the same way as within the EU.

 

You can find more information on data protection at Google at https://policies.google.com/privacy?hl=de or at https://support.google.com/analytics/answer/6004245?hl=de

 

Online rating - HolidayCheck

 

We include reviews from HolidayCheck AG on our website. The integration of HolidayCheck reviews on our website is done for reasons of advertising our services on the basis of Art 6 I S 1 lit f GDPR.

 

The controller responsible for the processing is HolidayCheck Group AG, Bahnweg 8, CH-8598 Bottighofen, info@holidaycheck.de Tel +41 (0) 71 686 9000, Fax +41 (0) 71 686 9009. The company is a wholly owned subsidiary of HolidayCheck Group AG, Munich, Neumarkter Str. 61, 81673 Munich. The main shareholder of HolidayCheck Group AG is Burda Digital SE. HolidayCheck collects and uses your personal data exclusively in accordance with the provisions of the data protection laws of the Federal Republic of Germany. A rating is voluntary. Your data will only be collected, processed and used for the purpose of processing the review. The data will be deleted six months after completion of the evaluation process. Insofar as there are no statutory retention obligations to the contrary, HolidayCheck will also correct or delete this data before then at your request. Please contact HolidayCheck directly for this purpose.

You can find HolidayCheck's privacy policy at https://www.holidaycheckgroup.com/privacy/

 

Data protection when sending application documents

 

If you send us your application documents, we will only use them to decide on your application and will not pass your data on to third parties. We would like to point out that we do not currently offer encryption of your data when sending application documents by e-mail. However, you can send your attachments to us by e-mail in encrypted form, e.g. using the 7ZIP program (http://www.7-zip.de/), and inform us of your password separately, e.g. by telephone. You will receive an e-mail message from us to your e-mail address when we receive your application. You can also send us your application by post at any time.

 

Application data is stored and managed separately from other data records.

If we conclude an employment contract with an applicant, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If no employment contract is concluded with the applicant, the application documents will be automatically deleted no later than 6 months after notification of the rejection decision, provided that deletion does not conflict with any other legitimate interests of the controller or the applicant has expressly consented to longer storage and retention of their application, e.g. for possible subsequent contact in the event of vacancies. Other legitimate interest in this sense is, for example, a burden of proof in proceedings under the General Equal Treatment Act (AGG).

 

Data processing for the purpose of contacting you and processing your application data is carried out in accordance with Art. 6 para. 1 sentence 1 lit. a,b GDPR on the basis of your voluntarily given consent, as well as for the implementation of pre-contractual measures.

 

Online presence in social networks

 

We operate online presences in social networks for advertising purposes.

We would like to point out that you use the social services and their functions on your own responsibility. This applies in particular to the use of interactive functions (e.g. sharing, rating).

 

If you visit our online presences in social media, personal data will be collected and processed by the respective provider for advertising and market research purposes. As a rule, user profiles are also created. This is particularly the case if you are a member of the respective platform and are logged in to it. The user profiles can be used by the providers to show you interest-based advertising. To prevent social media operators from collecting information about you during your visit to our websites, you should log out of the respective social media before visiting our websites and delete any existing social media cookies from your browser.

 

Social network links

 

No social plugins from Facebook or other social networks are integrated on our websites. Therefore, no program code of a social network is active on our pages. The icons for Facebook, Instagram or YouTube on our website are merely linked images.

 

Data protection notice - Online presence on Facebook/Instagram (META)

 

Facebook Ireland (Meta Platforms Ireland Ltd, 4 Grand Canal Square, Dublin 2, Ireland - hereinafter referred to as Facebook) and the page administrator (we) are jointly responsible for the processing of personal data for the purposes described in the Terms of Use for Covered Products on the page administrator's Facebook account that are collected in connection with a visit or interaction with a page (including its content).

Covered Products are all Facebook Products, Facebook Pages and Page Insights. Facebook products include Facebook itself (including the Facebook mobile app and the browser in the app), Messenger, Instagram (including apps such as Direct and Boomerang), Portal-branded devices, Bonfire, Facebook Mentions, Facebook Shops, Spark AR Studio, Audience Network, NPE Team apps and any other features, apps, technologies, software products, products or services offered by Facebook, Inc. or Facebook Ireland Limited. In addition, Facebook Business Tools are also Facebook products.

The scope of joint processing and the Controller Addendum covers the collection of the personal data specified in the Terms of Use for Covered Products and its transmission to Facebook. The subsequent processing of data by Facebook is not part of joint processing. Likewise, it is not part of the joint processing if personal data is processed exclusively by us - in this case, we are the sole controller of the data processing.

The information required under Article 13 (1) (a) and (b) GDPR can be found in Facebook's data policy at https://www.facebook.com/about/privacy. Further information on joint processing can be found in the respective terms of use of the products.

For the use of certain Facebook products (so-called "Facebook Business Tools") and the associated data processing, the additional agreement between us and Facebook as joint controllers pursuant to Art. 26 GDPR applies, which you can view at https://www.facebook.com/legal/controller_addendum.

The Site Administrator and Facebook have entered into this Joint Controller Addendum to define the respective responsibilities for fulfilling the obligations under the GDPR with regard to joint processing (as set out in the Terms of Use for Covered Products).

Furthermore, we have agreed that between the parties, Facebook is responsible for enabling the rights of data subjects under Articles 15-20 of the GDPR with respect to the personal data stored by Facebook after joint processing.

A data transfer to the USA is based on the adequacy decision of the EU Commission (EU-U.S. Data Privacy Framework). Based on adequacy decisions, personal data can flow unhindered and securely from the European Economic Area to the third country in question without the need for further conditions or authorizations. This means that data can be transferred to the third country in the same way as within the EU.

 

Data processing conditions at Facebook

We expressly draw your attention to the fact that the use of certain Facebook products may involve the transfer of personal information to Facebook. Depending on the circumstances, Facebook Ireland Limited may also transfer EU data to Facebook Inc. in the USA for storage and further processing. By using Facebook products, the user agrees to Facebook's data processing conditions. These can be found at https://www.facebook.com/legal/terms/dataprocessing/update.

The Facebook EU Data Transfer Addendum can be found at https://www.facebook.com/legal/EU_data_transfer_addendum

Facebook's data policy can be found at https://www.facebook.com/about/privacy/ - Instagram's data policy can be found at https://privacycenter.instagram.com/policy/

Information on cookies and other storage technologies on Facebook can be found at https://www.facebook.com/policies/cookies/

You can view Facebook's data security conditions at https://www.facebook.com/legal/terms/data_security_terms

You can find Facebook's terms of use for commercial use at https://www.facebook.com/legal/commercial_terms/update

You can contact Facebook's data protection officer at https://www.facebook.com/help/contact/540977946302970

 

Further information on Page Insights data

Facebook continues to provide us with so-called Page Insights for the Facebook page. Insights data is summarized data that provides us with information on how users interact with the Facebook page. The legal basis for data processing is Art. 6 Para. I S. 1 lit. f GDPR, the protection of our legitimate interests in an optimized presentation of the website and effective communication with users.

Data processing is carried out on the basis of an agreement between the joint controllers in accordance with Art. 26 GDPR, which you can view at https://www.facebook.com/legal/terms/page_controller_addendum.

Further information on Page Insights data on Facebook can be found at https://www.facebook.com/legal/terms/information_about_page_insights_data and at https://de-de.facebook.com/help/instagram/155833707900388

 

Data processing when contacting us via Facebook products

We collect personal data when you contact us, e.g. via the contact form or Messenger. This data is stored and used exclusively for the purpose of responding to your request or for contacting you and the associated technical administration. The legal basis for processing the data is our legitimate interest in responding to your request in accordance with Art. 6 para. I sentence 1 lit. f GDPR. Your data will be deleted after final processing of your request, provided that there are no legal retention obligations to the contrary.

 

Your rights

Facebook and we have agreed that Facebook is primarily responsible for providing you with information about the joint processing and enabling you to exercise your rights under the GDPR. Under the GDPR, you have the right to access, rectification, portability and erasure of your data, as well as the right to object to and restrict the processing of your data. You can find out more about these rights in your Facebook settings. For more information on your rights, see also "Data subject rights" in this privacy policy.

Facebook and we have agreed that the Irish Data Protection Commission is the authority responsible for overseeing the processing under joint responsibility. You have the right to lodge a complaint with the Irish Data Protection Commission (see www.dataprotection.ie ) or with your local supervisory authority.

 

Right to object to advertising

You can object to the processing of your data for advertising purposes on Facebook at any time by changing your settings for advertisements in your Facebook user account at https://www.facebook.com/settings?tab=ads.

 

Legal basis for the operation of the Facebook page / Instagram and processing of personal data when accessed

We operate the Facebook page / Instagram page for advertising purposes for our services. The processing of personal data takes place on the basis of Art. 6 I S 1 lit f GDPR.

 

Data security - SSL encryption

 

We use the SSL (Secure Socket Layer) method on our website for encryption and to protect the transmission of confidential content. If SSL encryption is activated, the data you transmit to us cannot be read by third parties. You can tell whether an individual page of our website is transmitted in encrypted form by the closed display of the key or lock symbol in the status bar of your browser - the address bar of your browser displays "https://" if SSL encryption is activated.

 

Processing/disclosure of data

 

Your personal data will not be transferred to third parties for purposes other than those listed above or below.

 

We only pass on your personal data to third parties if:

    you have given your express consent to this in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR,
    this is permitted by law and is necessary for the fulfillment of contractual relationships or for the implementation of pre-contractual measures with you in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR
    in the event that there is a legal obligation for us to pass on data in accordance with Art. 6 para. 1 sentence 1 lit. c GDPR,
    processing is necessary for the purposes of the legitimate interests pursued by us or by a third party pursuant to Article 6(1)(f) GDPR, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

 

Rights of data subjects

 

You have the right:

• in accordance with Art. 15 GDPR, to request information about your personal data processed by us;
• in accordance with Art. 16 GDPR, to request the rectification of inaccurate or completion of your personal data stored by us without undue delay
• in accordance with Art. 17 GDPR, to request the erasure of your personal data stored by us, unless the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defense of legal claims
• to demand the restriction of the processing of your personal data in accordance with Art. 18 GDPR
• in accordance with Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request that it be transmitted to another controller
• in accordance with Art. 7 para. 3 GDPR, to revoke your consent once given to us at any time. As a result, we may no longer continue the data processing based on this consent in the future;
• in accordance with Art. 77 GDPR, to lodge a complaint with a supervisory authority if you believe that the processing of personal data concerning you is in breach of the GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our registered office. You can find a list of data protection officers in Germany and their contact details at the following link: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.

 

Right to object to the collection of data in special cases and to direct advertising (Art. 21 GDPR)

 

If we process your personal data in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR in order to safeguard our legitimate interests, which predominate in the context of a balancing of interests, you have the right to object to the processing of your personal data with effect for the future in accordance with Art. 21 GDPR. If the processing is carried out for direct marketing purposes, you can exercise this right at any time. This also applies to profiling insofar as it is associated with such direct marketing. If the processing is carried out for other purposes, you only have the right to object if there are grounds relating to your particular situation.

If you wish to exercise your right to object, simply send us an e-mail.

After exercising your right to object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or if the processing serves the establishment, exercise or defense of legal claims.

If you object to the processing of your personal data for direct marketing purposes, the personal data will no longer be processed for these purposes.

No automated decision-making or profiling takes place on our website.

 

Changes to this privacy policy - status

 

Due to the further development of our website and offers on it or due to changed legal or official requirements, it may become necessary to change this data protection declaration in compliance with the applicable data protection regulations. You can access and print out the current data protection declaration at any time on our website under Data protection.

 

Status: February 2024
created by RA Markus v. Hohenhau - www.e-anwalt.de