PRIVACY NOTICE
PRIVACY AT A GLANCE
General Information
The following information provides a basic overview of what happens to your personal data when you visit our website. Personal data refers to all data with which you can be personally identified. Detailed information on the topic of data protection can be found in our privacy policy that is set out under this text.
Data collection on our website
Who is responsible for data collection on this website?
Data processing on this website is carried out by the website operator. You can find our contact details in the legal notice of this website.
How do we collect your data?
One way in which your data is collected is when you communicate it to us. This may be data that you enter in a contact form, for example.
Other data are recorded automatically or with your consent by our IT systems when you visit the website. This is primarily technical data (e.g. Internet browser, operating system or time of the page access). This data is collected automatically as soon as you enter our website.
What do we use your data for?
Some of the data are collected to ensure that the website is provided without errors. Other data can be used to analyse your user behaviour.
What rights do you have regarding your data?
You have the right to receive information about the origin, recipients and purpose of your stored personal data free of charge at any time. You also have the right to request the correction or deletion of this data. If you have given your consent to data processing, you can withdraw this consent at any time in the future. In addition, under certain circumstances, you have the right to request the restriction of the processing of your personal data. You also have the right to lodge a complaint with the competent supervisory authority.
If you have any questions relating to this you can contact us at any time at the address given in the legal notice if you have any further questions about the topic of personal data.
Analysis tools and third party tools
We do not use any analysis tools.
When you visit our website, your browsing behaviour can be statistically evaluated. This is mainly done with something called analysis programs. You will find detailed information about analysis programs in the privacy policy.
Hosting and Content Delivery Networks (CDN)
External hosting
This website is hosted by an external service provider.
The personal data collected on this website is stored on the hoster's servers. This may include, but is not limited to, IP addresses, contact requests, meta and communication data, contract data, contact data, names, website accesses and other data generated via a website.
The use of ‘conversion cookies’ is based on Art. 6 1(1) (f) GDPR. We have a legitimate interest in presenting our website in the most reliable way. Insofar as a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 1 (1) (a) GDPR and §25 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) as defined by the TTDSG. The consent can be revoked at any time with future effect
Our hoster will only process your data to the extent necessary to fulfil its service obligations and will follow our instructions regarding this data.
We host our website at:
(Hosting)
(Str_)
(City) (Postcode)
We have concluded a data processing contract with our website host to ensure that processing is performed in compliance with data protection regulations. This is a contract required by data protection law, which ensures that our hoster only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.
Google Cloud CDN
We use the Content Delivery Network Google Cloud CDN. Operated by Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
Google offers a worldwide distributed content delivery network. In doing so, the transfer of information between your browser and our website is technically routed via the Google network. This allows us to increase the global accessibility and performance of our website.
The use of Google Cloud CDN is based on our legitimate interest in the most error-free and secure provision of our website in accordance with Art. 6 1 (1) (a) GDPR
The transfer of data to the USA is based on the standard contractual clauses of the EU Commission. Details can be found at: https://cloud.google.com/terms/eu-model-contract-clause. You can find more information about Google Cloud CDN here: https://cloud.google.com/cdn/docs/overview?hl=de.
We have concluded an order processing agreement with the above-mentioned provider. This is a contract required by data protection law, which ensures that the provider only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.
Amazon CloudFront CDN
We use the Content Delivery Network Amazon CloudFront CDN. The provider is Amazon Web Services EMEA SARL, 38 avenue John F. Kennedy, L-1855, Luxembourg (hereinafter "Amazon").
Amazon CloudFront CDN is a globally distributed content delivery network. The transfer of information between your browser and our website is technically routed via the Content Delivery Network. This allows us to increase the global accessibility and performance of our website.
The use of Amazon CloudFront CDN is based on our legitimate interest in the most error-free and secure provision of our website in accordance with Art. 6 1 (1) (a) GDPR.
The transfer of data to the USA is based on the standard contractual clauses of the EU Commission. Details can be found at: https://aws.amazon.com/de/blogs/security/aws-gdpr-data-processing-addendum/. You can find more information about Amazon CloudFront CDN here: https://d1.awsstatic.com/legal/privacypolicy/AWS_Privacy_Notice_German_Translation.pdf.
We have concluded an order processing agreement with the above-mentioned provider. This is a contract required by data protection law, which ensures that the provider only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.
General notes and mandatory information
Data protection
As the operators of this website, we take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy.
When you use this website, various personal data are collected. This privacy policy explains what data we collect and what we use it for. It also explains how and for what purpose this is done.
We would like to point out that data transmission over the Internet (e.g. communication by email) may have security gaps. It is not possible to protect data completely against access by third parties.
Information on the data controller
The data controller for this website is:
Parkhotel Burgmühle
Auf der Insel 2-4
87538 Fischen im Allgäu
Telephone: +49 8326 9950
email: info@parkhotel-burgmuehle.de
The data controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data (e.g. names, e-mail addresses etc.) in accordance with Art. 4 (7) GDPR.
Storage period
We adhere to the legally prescribed retention periods when processing data, so that your personal data will only remain with us until the purpose for processing the data no longer applies. If you make a justified request for deletion or revoke your consent to data processing, your data will be deleted unless we have any other legally permissible reasons for storing your personal data (e.g.: retention periods under tax or commercial law); in the latter case, the data will be deleted after these reasons no longer apply.
General information on the legal basis for data processing on this website
If you have consented to data processing, we process your personal data on the basis of Art. 6 (1) (a) GDPR or Art. 9 (2) (a) GDPR, if special categories of data are processed according to Art. 9 (1) GDPR. If you have consented to the storage of cookies or to access to information on your terminal device (e.g. via device fingerprinting), then the data processing will also be carried out on the basis of §25 1 TTDSG. The consent can be revoked at any time with future effect If your data is required for the performance of a contract or to implement pre-contractual measures, then we process your data on the basis of Art. 6 1 (1) (b) GDPR. Furthermore, we process your data if this is required to fulfil a legal obligation on the basis of Art. 6 1 (1) (c) GDPR. Furthermore, the data processing may be based on our legitimate interest according to Art. 6 1 (1) (c) GDPR. Information on the relevant legal basis in each individual case is provided below in the data protection declaration.
Data Protection Officer prescribed by law
We have appointed a data protection officer for our hotel.
#KOMM #IT
Salmas 52
87534 Oberstaufen
Telephone: +49 (0) 8325 927050
Email: dsb@komm-it.info
Note on data transfer to the USA and other third countries
We also use tools from companies based in the USA or other third countries that are not secure under data protection law. When these tools are active, your personal data may be transferred to these third countries and processed there. We would like to point out that no level of data protection comparable to that in the EU can be guaranteed in these countries. For example, under the CLOUD ACT, U.S. companies are required to hand over personal data to security authorities without you as a data subject being able to take legal action against this. It can therefore not be ruled out that US authorities (e.g. intelligence agencies) process, evaluate and permanently store your data located on US servers for surveillance purposes. We have no influence over these processing activities.
Withdrawing your consent to data processing
Many data processing operations are only possible with your express consent. You can revoke already given consent at any time with future effect. No specific form is required: an email to us is sufficient. The legality of the data processing that has already taken place up to the point of revocation remains unaffected by the revocation.
Right to object to the collection of data in special cases and to direct advertising (Art. 21 GDPR)
If the data processing is based on Art. 6 1 (1) (e) or (f) GDPR, you have the right to object to the processing of your personal data at any time for reasons arising from your particular situation. This also applies to profiling based on these provisions. The respective legal basis on which an act of processing is based can be found in this Privacy Policy. If you object, we will no longer process your personal data unless we can prove comprehensive grounds for the processing that override your interests, rights and freedoms or the assertion, exercise or defence of legal claims pursuant to Art. 21 (1) GDPR).
If your personal data is processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling, insofar as it is related to such direct marketing. If you object, your personal data will no longer be used for the purposes of direct advertising (Objection pursuant to Art. 21(2) GDPR).
Right to lodge a complaint with the competent supervisory authority
In the event of violations of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, their place of work or the place of the alleged violation. The right to lodge a complaint is without prejudice to any other administrative or judicial remedy.
Right to data portability
You have the right to have data that we process automatically on the basis of your consent or in fulfilment of a contract handed over to you or to a third party in a generally accepted, machine-readable format. If you request the direct transfer of the data to another data controller, this will only be done to the extent that it is technically feasible.
SSL or TLS encryption
This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the site operator. You can recognise an encrypted connection by the fact that the address bar of the browser changes from “http://” to “https://” and by the lock symbol in your browser bar.
If SSL or TLS encryption is activated, the data that you transmit to us cannot be read by third parties.
Encrypted payment transactions on this website
If there is an obligation to send us your payment data (e.g. account number for direct debit authorisation) after the conclusion of a fee-based contract, this data is required for payment processing.
Payment transactions using the usual payment methods (Visa/Master Card, direct debit) are carried out exclusively via an encrypted SSL or TLS connection. You can recognise an encrypted connection by the fact that the address bar of the browser changes from http:// to https:// and by the lock symbol in your browser bar. Encrypted communication means that the payment data that you transmit to us cannot be read by third parties.
Disclosure, deletion and rectification
Within the framework of the applicable legal provisions, you have the right to free information about your stored personal data, its origin, recipient and the purpose of the data processing and, if necessary, a right to rectification or erasure of this data at any time. You can contact us at any time at the address given in the legal notice if you have any further questions about the topic of personal data.
Right to restrict processing
You have the right to request the restriction of the processing of your personal data. You can contact us at any time at the address given in the legal notice. The right to restrict processing exists in the following cases:
- If you dispute the accuracy of your personal data stored by us, we usually need time to check this. For the duration of the check, you have the right to request that the processing of your personal data be restricted.
- If your personal data was/is processed unlawfully, you can request the restriction of data processing instead of erasure.
- If we no longer need your personal data, but you need it to exercise, defend or assert legal claims, you have the right to request that the processing of your personal data be restricted instead of being erased.
- If you object pursuant to Art. 21 (1) GDPR, a balance must be made between your interests and ours. Until such time as it is determined whose interests prevail, you have the right to demand that the processing of your personal data be restricted.
If you have restricted the processing of your personal data, this data - apart from its storage - may only be used with your consent or to assert, exercise or defend legal claims or to protect the rights of another natural or legal person or for reasons of important public interest of the European Union or a Member State are processed.
Objection to advertising emails
The use of contact data published within the scope of the legal notice obligation for sending advertising and information material that is not expressly requested is hereby objected to. As the operators of this website, we expressly reserve the right to take legal action in the event of unsolicited sending of advertising information, for example, via spam emails.
Data collection on our website
Cookies
Our website uses "cookies". These are small text files and do not cause any damage to the end device. They are stored either temporarily for the duration of a session as session cookies or permanently as permanent cookies on your device. Session cookies are automatically deleted after your visit. Permanent cookies are stored on your device until you delete them yourself or until they are automatically deleted by your web browser.
In some cases, cookies from third-party companies may also be stored on your device, namely when you enter our pages (third-party cookies). These enable the use of certain services of the third-party company, e.g. cookies for processing payment services.
Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them, for example the shopping cart function. Other cookies are used to evaluate user behaviour or display advertising. Cookies that are required to carry out the electronic communication process (necessary cookies) or to provide certain functions you have requested (functional cookies) or to optimize the website as cookies for measuring the web audience are stored on the basis of Art. 6 1 (1) (f) GDPR in conjunction with §25 (2) TTDSG, unless another legal basis is specified. As the website operator, we have a legitimate interest in storing cookies for technically error-free and optimised provision of our services. If consent to the storage of cookies has been requested, storage of the cookies in question is based exclusively on consent in accordance with Art. 6 1 (1) (a) GDPR and §25 (1) TTDSG. The consent can be revoked at any time with future effect
You can configure your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general, and activate the automatic deletion of cookies when the browser is closed. If cookies are deactivated, the functionality of our website may be restricted.
If cookies are used by third-party companies or for analysis purposes, we will inform you about this separately within the framework of this data protection declaration and request your consent.
Consent to Vioma's Consent Technology
Our website uses the cookie consent technology from vioma GmbH to obtain your consent to the storage of certain cookies in your device or to the use of certain technologies and to document this in accordance with data protection regulations. The provider of this technology is vioma GmbH, Industriestraße 27, 77656 Offenburg, Germany - (hereinafter referred to as “vioma”).
When you enter our website, a connection is established to vioma's servers in order to obtain your consent and other declarations regarding cookie use. vioma then saves a cookie in your browser in order to be able to assign to you the consent given or its revocation. The data collected in this way will be stored until you request us to delete it, delete the vioma provider cookie yourself or the purpose for storing the data no longer applies. This is without prejudice to mandatory statutory retention obligations. It is acquired by vioma in order to obtain the legally required consents for the use of cookies. The legal basis for this is Art. 6 1 (1) (c) GDPR.
Furthermore, your consent can be revoked at any time with future effect. If you want to change your choices in the cookie consent dialog, please click here (integrate link). When you click the link, the cookie consent dialog will appear again and you can change your selection.
We have concluded an order processing agreement with the above-mentioned provider. This is a contract required by data protection law, which ensures that the provider only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.
Server log files
The provider of this website automatically collects and stores information in what are known as server log files, which your browser automatically transmits to us. These are:
• Browser type and browser version
• Operating system used
• Referrer URL
• Host name of the accessing computer
• Time of server request
• IP address
This data is not merged with other data sources. The collection of this data is based on Art. 6 (1) (f) GDPR. As the site operator, we have a legitimate interest in the technically flawless presentation and optimisation of our website - the server log files must be recorded for this purpose.
Online bookings and booking requests
Our website uses the booking technology "Clearing Station", provided by "Vioma".
If you make an online booking or a booking request via our website, we need your email address, your travel dates, the booked product and your title as well as your first and last name for processing. In individual cases, your telephone number will also be requested in order to be able to contact you quickly, especially with regard to unforeseeable circumstances that affect your booking.
The dates of your stay, the selected product, the number of people travelling and whether the people are adults or children are required to calculate the valid travel costs. If you are travelling with children, the age of the child will also be requested for the correct calculation of the travel price. We also ask for the desired payment method for the trip. If advance payment applies to your travel parameters, you will be forwarded to a payment service provider for secure processing of the advance payment after selecting the desired payment method. Further information in the form is provided on a voluntary basis.
The processing of your data for the online booking and the online booking request is based on Art. 6 1 (1) (b) GDPR and serves the fulfilment of a contract or the implementation of pre-contractual measures. We will retain the data you send to us until the purpose for storing the data no longer applies (for example, after your request has been processed). This is without prejudice to mandatory legal provisions - in particular statutory retention periods.
We have concluded an order processing agreement with the above-mentioned provider. This is a contract required by data protection law, which ensures that the provider only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.
Voucher purchase and voucher management
Our website uses the Clearing Station voucher software (hereinafter referred to as "Protel") for the sale, redemption and management of online vouchers. If you purchase an online voucher via our website, we need your email address to process your voucher purchase, as well as the correct form of address, first and last name of the voucher recipient. We will also ask you for your preferred shipping method so that we can deliver the voucher according to your wishes. For sending the voucher by email, we process the email address of the recipient. If sending via post is selected, the recipient's postal address will be recorded for postal delivery.
The voucher management also records the remaining value of the voucher, the redemptions already made and the current status (open, paid, redeemed, etc.).
The processing of your data for the online purchase of vouchers is based on Art. 6 1 (1) (b) GDPR and serves the fulfilment of a contract or the implementation of pre-contractual measures. The processing of your data in the voucher management is based on Art. 6 1 (1) (c) GDPR and serves to fulfil legal storage obligations.
We will retain the data you send to us until the purpose for storing the data no longer applies (e.g. after your request has been processed). This is without prejudice to mandatory legal provisions - in particular statutory retention periods.
We have concluded an order processing agreement with the above-mentioned provider. This is a contract required by data protection law, which ensures that the provider only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.
Contact form
If you send us enquiries via the contact form, your details from the enquiry form, including the contact details you have provided there, will be stored by us for the purpose of processing the enquiry and in the event of any follow-up enquiries. We will not share this data without your consent.
The processing of this data is based on Art. 6 (1) (b) GDPR, provided that your request is related to the performance of a contract or is necessary for implementing pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective handling of the inquiries addressed to us pursuant to Art. 6 (1) (f) GDPR or on your consent pursuant to Art. 6 (1) (a) GDPR, if this has been requested.
Data you enter on the contact form will remain with us until you request us to delete it, withdraw your consent to store it or the purpose for storing the data no longer applies (e.g. after we have finished processing your enquiry). This is without prejudice to mandatory legal provisions - in particular retention periods.
Enquiries by email, telephone or fax
If you contact us by email, telephone or fax, your inquiry including all resulting personal data (name, enquiry) will be stored and processed by us for the purpose of processing your request. We will not share this data without your consent.
The processing of this data is based on Art. 6 (1) (b) GDPR, provided that your request is related to the performance of a contract or is necessary for implementing pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective handling of the inquiries addressed to us pursuant to Art. 6 (1) (f) GDPR or on your consent pursuant to Art. 6 (1) (a) GDPR, if this has been requested.
We will retain the data you send to us via contact requests until you ask us to delete it, withdraw your consent to store it or the purpose for storing the data no longer applies (e.g. after we have finished processing your enquiry). This is without prejudice to mandatory legal provisions - in particular statutory retention periods.
Postal advertising
We use your address in compliance with all legal requirements for sending postal advertising.
The legal basis for this is our legitimate interest in direct advertising pursuant to Art. 6 (1) (f) GDPR in conjunction with Recital 47 GDPR. If corresponding consent was requested, the processing takes place exclusively on the basis of Art. 6 (1) (a) GDPR. The consent can be revoked at any time with future effect More specific regulations may be communicated to you as part of the data collection process, if applicable, and take precedence over this regulation.
Your address will remain with us until the purpose for data processing no longer applies. If you make a legitimate request for deletion or withdraw your consent to postal advertising, your data will be deleted unless we have other legally permissible reasons for storing your personal data, such as tax retention periods. In the latter case, the deletion shall take place after these reasons cease to apply.
Data processing through social networks
We maintain a publicly accessible profile on social networks. In doing so, we use the following social networks: (Facebook/Meta, Instagram)
These social networks can comprehensively analyse your user behaviour when you visit our website with integrated content from social networks (e.g. when using advertising banners and Like buttons). However, your personal data may also be collected if you are not logged in or do not have an account with the respective provider. In this case, your data is usually collected via cookies that are stored on your terminal device or by recording your IP address.
The collected data allows network operators to create user profiles in which they store your preferences and interests. In this way, you may be shown interest-based advertising inside and outside of the use of social media. In the event that you have an account with the respective provider, the advertising can be displayed on all these devices on which you are or were logged in.
In addition, you must note that we are not able to track all processing on the portals. Depending on the network operator, further processing operations may therefore be carried out by the operators of the portals, details of which can be found in the terms of use and data protection provisions of the respective portals.
Our presence on social networks is intended to ensure a comprehensive presence on the Internet. This is a legitimate interest according to Art. 6 (1) (f) GDPR. As website operator, we have a justified interest in ensuring the greatest possible visibility on social media. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 (1) (a) GDPR and §25 (1) TTDSG, insofar as the consent includes the storage of cookies or access to information on the user's terminal device within the meaning of the TTDSG. The consent can be revoked at any time with future effect
When you visit our site on the social networks, we are jointly responsible with the operator of the platform for the data processing operations triggered. This means that you can assert your rights both against us and the operator of the portal. It must be noted, however, that despite the joint responsibility with the operators, we do not have full influence on the data processing operations of the portals. Our options depend on the company policy of the respective provider.
The data collected directly by us via the social media presence will be deleted from our systems when you request us to delete it, withdraw your consent to store it, or the purpose for storing the data no longer applies. Stored cookies remain on your end device until you delete them. This is without prejudice to mandatory legal provisions - in particular statutory retention periods. We have no influence on the storage period of your data, which is stored by the operators for their own purposes. For details, you must contact the operator directly.
Facebook Profile and Facebook Plugins/Meta Profile and Meta Plugins (Like & Share Button)
We maintain a profile on Facebook (since the end of 2021: "Meta"). Facebook/Meta is operated by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. The data collected is also transferred to the USA and other third countries.
We have entered into a joint processing agreement with Facebook/Meta. This agreement determines who is responsible for which data processing operations when you visit our site. You can view this agreement at the following link: https://www.facebook.com/legal/terms/page_controller_addendum.
The advertising setting can be adjusted independently by you in your user account. To do so, you must follow the following link and log in: https://www.facebook.com/settings?tab=ads.
Plugins from the social network Facebook/Meta are also integrated on this website. The provider of this service is also Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. According to Facebook/Meta, the data collected is also transferred to the USA and other third countries.
You can recognise Facebook/Meta plugins by the Facebook/Meta logo or the "Like" button on our website. You can find an overview of the Facebook/Meta plugins at: https://developers.facebook.com/docs/plugins/?locale=de_DE.
When you visit our website, a direct connection between your browser and the Facebook/Meta server is established via the plugin. This allows Facebook/Meta to receive the information that you have visited our website with your IP address. If you click the Facebook/Meta "Like" button while your are logged into your Facebook/Meta account, you can link the contents of our website to your Facebook/Meta profile. This enables Facebook/Meta to associate your visit to this website with your user account. We would like to point out that we, as the provider of the site, have no knowledge of the content of the data transmitted or its use by Facebook/Meta. For more information, please see the Facebook/Meta privacy policy at: https://de-de.facebook.com/privacy/explanation.
If you do not want Facebook/Meta to be able to link your visit to our website with your Facebook/Meta user account, please log out of your Facebook/Meta user account. The use of Facebook/Meta Plugins is based on Art. 6 (1) (f) GDPR. As website operator, we have a justified interest in ensuring the greatest possible visibility on social media. If corresponding consent was requested, the processing will be carried out exclusively on the basis of Art. 6 (1) (a) GDPR and Section 25 (1) TTDSG, insofar as the consent covers the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) as defined by the TTDSG. The consent can be revoked at any time with future effect
Insofar as personal data is collected on our website and forwarded to Facebook/Meta using the tool described here , we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing pursuant to Art. 26 GDPR. Joint responsibility is limited to collecting the data and passing it on to Facebook/Meta. Processing by Facebook/Meta after forwarding is not part of the joint responsibility. Our joint obligations have been set out in a joint processing agreement. The text of the agreement can be found at: https://www.facebook.com/legal/controller_addendum.
According to this agreement, we are responsible for providing the privacy information when using the Facebook/Meta tool and for implementing the tool on our website in a manner that is secure as regards data protection. Facebook/Meta is responsible for the data security of Facebook/Meta products. You can assert your rights as a data subject (e.g. information requests) regarding the data processed by Facebook/Meta directly on Facebook/Meta. If you assert the data subject rights with us, we are obliged to forward them to Facebook/Meta.
The transfer of data to the USA is based on the standard contractual clauses of the EU Commission. You can find details here:
https://www.facebook.com/legal/EU_data_transfer_addendum, https://de-de.facebook.com/help/566994660333381 and https://www.facebook.com/policy.php.
Instagram profile and Instagram plugin
Functions of the Instagram service are integrated on our website. These functions are offered by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
We also have a profile on Instagram. The provider is Instagram Inc.,1601 Willow Road, Menlo Park, CA, 94025 USA.
If you are logged into your Instagram account, you can link the content of this website to your Instagram profile by clicking on the Instagram button. This allows Instagram to associate your visit to this website with your user account. We would like to point out that we, as the provider of the site, have no knowledge about the content of the data transmitted or its use by Instagram. The data is stored and analysed on the basis of Art. 6 (1) (f) GDPR. As website operator, we have a justified interest in ensuring the greatest possible visibility on social media. If corresponding consent was requested, the processing will be carried out exclusively on the basis of Art. 6 (1) (a) GDPR and Section 25 (1) TTDSG, insofar as the consent covers the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) as defined by the TTDSG. The consent can be revoked at any time with future effect
Insofar as personal data is collected on our website and forwarded to Facebook/Meta or Instagram using the tool described here, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing pursuant to Art. 26 GDPR. Joint responsibility is limited to collecting the data and passing it on to Facebook/Meta or Instagram. Processing by Facebook/Meta or Instagram after forwarding is not part of the joint responsibility. Our joint obligations have been set out in a joint processing agreement. The text of the agreement can be found at: https://www.facebook.com/legal/controller_addendum.
According to this agreement, we are responsible for providing the privacy information when using the Facebook/Meta - or Instagram tool and for implementing the tool on our website in a manner that is secure as regards data protection. Facebook/Meta is responsible for the data security of Facebook/Meta or Instagram products. You can assert your rights as a data subject (e.g. information requests) regarding the data or Instagram processed by Facebook/Meta directly on Facebook/Meta or Instagram. If you assert the data subject rights with us, we are obliged to forward them to Facebook/Meta. The transfer of data to the USA is based on the standard contractual clauses of the EU Commission. You can find details here: https://www.facebook.com/legal/EU_data_transfer_addendum, https://help.instagram.com/519522125107875 and https://de-de.facebook.com/help/56699466033338
For more information, please see Instagram's privacy policy: https://instagram.com/about/legal/privacy/.
Analytical tools and advertising
Google Tag Manager
We use the Google Tag Manager. Operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Google Tag Manager is a tool that allows us to embed tracking or statistical tools and other technologies on our website. The Google Tag Manager itself does not create user profiles, nor does it store any cookies and or carry out any independent analyses. It is only used for the administration and display of the tools integrated through it. However, Google Tag Manager records your IP address, which may also be transmitted to Google's parent company in the United States.
Google Tag Manager is used on the basis of Art. 6 (1) (f) GDPR. As the website operator, we have a legitimate interest in the quick and easy integration and management of various tools on the website. If the corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 (1) (a) GDPR and §25 para. 1 TTDSG, insofar as the consent and storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) is provided for by the TTDSG. The consent can be revoked at any time with future effect
We have concluded an order processing agreement with the above-mentioned provider. This is a contract required by data protection law, which ensures that the provider only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.
Google Analytics
This website uses functions of the web analysis service Google Analytics. Operated by Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Analytics enables us, as the website operator, to analyse the behaviour of website visitors. In doing so, we receive various usage data, such as page views, dwell time, operating systems used and the origin of the user. This data is assigned to the respective end device of the user. There is no assignment to a device ID.
Furthermore, Google Analytics allows us to record your mouse movements, scrolling movements and clicks, among other things. Furthermore, Google Analytics uses various modelling approaches to augment the data sets it collects and uses machine learning technologies in its data analysis.
Google Analytics uses technologies that enable the user to be recognised for the purpose of analysing user behaviour (e.g. cookies or device fingerprinting). The information collected by Google about your use of our website is usually transmitted to a Google server in the USA and stored there.
This analysis tool is used on the basis of Art. 6 (1) (f) GDPR. As the website operator, we have a legitimate interest in analysing user behaviour in order to optimise both our website and its advertising. Insofar as a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 1 (1) (a) GDPR and §25 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) as defined by the TTDSG. The consent can be revoked at any time with future effect
The transfer of data to the USA is based on the standard contractual clauses of the EU Commission. You can find details at: https://privacy.google.com/businesses/controllerterms/mccs/.
We have concluded a data processing contract with Google and fully implement the strict specifications of the German data protection authorities when using Google Analytics.
Browser plugin
You can prevent the collection and processing of your data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.
You can find more information on how Google Analytics handles user data in Google's privacy policy: https://support.google.com/analytics/answer/6004245?hl=de.
Google Signals
We use Google Signals. When you visit our website, Google Analytics collects, among other things, your location, search history and YouTube history, as well as demographic data (visitor data). This data can be used for personalized advertising with the help of Google Signal. If you have a Google account, Google Signal's visitor data is linked to your Google account and used for personalized advertising messages. The data is also used to compile anonymized statistics on the user behaviour of our users.
Google Analytics e-Commerce Measurement
The website uses the ‘e-Commerce Measurement’ function of Google Analytics. E-commerce measurement allows us, as a website operator, to analyse the purchasing behaviour of visitors to our website in order to improve its online marketing campaigns. Here, information such as orders placed, average order values, shipping costs and the time from viewing to purchasing a product is recorded. This data can be aggregated by Google under a transaction ID, which is assigned to the respective user or device.
Storage period
Data stored at Google at the user and event level which is linked to cookies, user IDs (e.g. User ID) or advertising IDs (e.g. DoubleClick cookies, Android advertising ID) will be anonymised or deleted after two months. Details can be found under the following link: https://support.google.com/analytics/answer/7667196?hl=de
Google Ads
We use Google Ads. Google Ads is an online advertising program operated by Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Ads enables us to display advertisements in the Google search engine or on third-party websites when the user enters certain search terms on Google (keyword targeting). Furthermore, targeted advertisements can be displayed based on the user data available at Google (e.g. location data and interests) (target group targeting). As a website operator, we can evaluate this data quantitatively, for example, by analysing which search terms led to the display of our advertisements and how many ads resulted in corresponding clicks.
The data is stored and analysed on the basis of Art. 6 (1) (f) GDPR. As the website operator, we have a legitimate interest in marketing our service products as effectively as possible.
The transfer of data to the USA is based on the standard contractual clauses of the EU Commission. Details can be found at: https://policies.google.com/privacy/frameworks and https://privacy.google.com/businesses/controllerterms/mccs/.
We have concluded an order processing agreement with the above-mentioned provider. This is a contract required by data protection law, which ensures that the provider only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.
Plugins and tools
YouTube with enhanced privacy
This website incorporates videos on YouTube. YouTube is operated by Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
We use YouTube in the extended data protection mode. According to YouTube, this mode means that YouTube does not store any information about visitors to this website before they watch the video. However, the extended data protection mode does not necessarily exclude the transfer of data to YouTube partners. This is how YouTube establishes a connection to the Google DoubleClick network, regardless of whether you are watching a video.
As soon as you launch a YouTube video on this website, a connection to the YouTube servers is established. The YouTube server is informed about which of pages you have visited. If you are logged into your YouTube account, you enable YouTube to assign your browsing behaviour directly to your personal profile. You can prevent this by logging out of your YouTube account.
Furthermore, YouTube can save various cookies on your end device after starting a video or use comparable recognition technologies (e.g. device fingerprinting). In this way, YouTube can receive information about visitors to this website. Among other things, this information is used to collect video statistics, to improve user-friendliness and to prevent attempts at fraud. If necessary, further data processing operations can be triggered after the start of a YouTube video over which we have no influence.
YouTube is used in the interest of an attractive presentation of our online offers. This constitutes a legitimate interest within the meaning of Art. 6 (1) p. 1 lit. f GDPR. Insofar as a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 1 (1) (a) GDPR and §25 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) as defined by the TTDSG. The consent can be revoked at any time with future effect
For more information about data protection at YouTube, please visit: https://policies.google.com/privacy?hl=en.
We have concluded an order processing agreement with the above-mentioned provider. This is a contract required by data protection law, which ensures that the provider only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.
Google Web Fonts (local hosting)
This website uses what are known as web fonts provided by Google for the uniform display of fonts. Google Fonts are installed locally. This does not establish a connection to Google services.
More information is available at: https://developers.google.com/fonts/faq and in Google's privacy policy: https://policies.google.com/privacy?hl=en.
We have concluded an order processing agreement with the above-mentioned provider. This is a contract required by data protection law, which ensures that the provider only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.
Google Maps
This site uses the Google Maps map service. Operated by Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
To use the functions of Google Maps, it is necessary to store your IP address. This information is generally transmitted to a Google server in the USA and stored there. The provider of this website has no influence on this data transfer. If Google Maps is activated, Google may use Google Web Fonts to display the fonts uniformly. When you access Google Maps, your browser loads the required web fonts into your browser cache to display text and fonts correctly.
Google Maps is used in the interest of an attractive presentation of our online offers and to make it easy to find the places we have indicated on the website. This constitutes a legitimate interest within the meaning of Art. 6 (1) p. 1 lit. f GDPR. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 (1) (a) GDPR and §25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TTDSG; the consent can be revoked at any time with effect for the future.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found at: https://privacy.google.com/businesses/gdprcontrollerterms/ and https://privacy.google.com/businesses/gdprcontrollerterms/sccs/.
You can find more information on how user data is handled in Google's privacy policy: https://policies.google.com/privacy?hl=en.
We have concluded an order processing agreement with the above-mentioned provider. This is a contract required by data protection law, which ensures that the provider only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.
Tramino for webcam use
We use the web design service from Tramino. The provider is Tramino, Weststraße 30, 87561 Oberstdorf.
When you use our webcam service, your IP address and other information about your behaviour on this website will be forwarded to Tramino. Tramino may store cookies in your browser or use similar recognition technologies for this purpose.
Your location can also be recorded if you have allowed this in your device settings - e.g. on your mobile phone. As the provider of this website, we have no influence on this data transfer. Details can be found in the Tramino Privacy Statement at the following link: https://tramino.de/datenschutz.html.
Tramino is used in the interest of an attractive presentation of our online offers and to make it easy to find the places we have indicated on the website. This constitutes a legitimate interest within the meaning of Art. 6 (1) p. 1 lit. f GDPR. Insofar as a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 1 (1) (a) GDPR and §25 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) as defined by the TTDSG. The consent can be revoked at any time with future effect
We have concluded an order processing agreement with the above-mentioned provider. This is a contract required by data protection law, which ensures that the provider only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.
eCommerce and payment service providers
Processing customer and contract data
We collect, process and use personal data only insofar as they are necessary for the establishment, content or amendment of the legal relationship (inventory data). The basis for data processing is Art. 6(1) (b) GDPR, which permits the processing of data for the fulfilment of a contract or pre-contractual measures. We collect, process and use personal data about the use of our website (usage data) only insofar as this is necessary to enable the user to use the service or to charge for it.
The customer data collected will be deleted upon completion of the order or termination of the business relationship. This is without prejudice to statutory retention periods.
Data transmitted on the conclusion of a contract for online shops, retailers and shipment of goods
If you order goods from us, we will pass on your personal data to the transport company entrusted with the delivery and to the payment service provider commissioned with the payment processing. The only data released is that required by the respective service provider to fulfil its task. The legal basis for this is Art. 6 (1) (b) GDPR, which permits the processing of data for the fulfilment of a contract or pre-contractual measures. If you have given your consent in accordance with Art. 6 (1) (a) GDPR, we will pass your email address to the transport company entrusted with the delivery so that they can inform you by email about the shipping status of your order. You can withdraw your consent at any time with future effect.
Data transfer upon conclusion of a contract for services and digital content
We transmit personal data to third parties only if this is necessary for the processing of the contract, for example, to the credit institution entrusted with processing payments.
Your data will not be transmitted for any other purpose unless you have given your express permission to do so. Your data will not be passed on to third parties, for example, for advertising purposes without your express consent.
The basis for data processing is Art. 6(1) (b) GDPR, which permits the processing of data for the fulfilment of a contract or pre-contractual measures.
Credit checks
In the case of a purchase on account or any other form of payment in which we make advance deliveries, we may carry out a credit check (scoring). For this purpose, we transmit your entered data (e.g. name, address, age or bank data) to a credit agency. The probability of default is determined on the basis of this data. In the event of an excessive risk of non-payment, we may refuse the payment method in question.
The credit check is carried out on the basis of fulfilment of the contract according to Art. 6 (1) (b) GDPR as well as to avoid payment defaults within the scope of the legitimate interest according to Art. 6 (1) (f) GDPR. If consent has been obtained, the credit check is carried out on the basis of this consent in accordance with Art. 6 (1) (a) GDPR. The consent can be revoked at any time with future effect
Payment services
We include third-party payment services on our website. When you make a purchase from us, your payment data (e.g. name, payment amount, account details and credit card number) will be processed by the payment service provider for the purpose of processing the payment. The respective contract and data protection provisions of the respective provider apply to these transactions. The use of payment service providers is based on Art. 6 (1) (b) GDPR in the context of contract implementation and in the interest of a smooth, convenient and secure payment process according to Art. 6 (1) (f) GDPR. Insofar as your consent is requested for certain actions, Art. 6 (1) (a) GDPR is the legal basis for data processing. You can withdraw your consent with future effect at any time.
We use the following payment services and payment service providers on this website:
Mastercard
The provider of this payment service is Mastercard Europe SA, Chausée de Tervuren 198A, B-1410 Waterloo, Belgium (hereinafter "Mastercard").
Mastercard may transfer data to its parent company in the United States. Data transfer to the USA is based on Mastercard's Binding Corporate Rules. Details can be found at: https://www.mastercard.de//en-us/data-protection.html and https://www.mastercard.us/content/dam/mccom/global/documents/mastercard-bcrs.pdf.
We have concluded an order processing agreement with the above-mentioned provider. This is a contract required by data protection law, which ensures that the provider only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.
VISA
The provider of this payment service is Visa Europe Service Inc, London Branch, 1 Sheldon Square, London W2 6TT, United Kingdom (hereinafter "VISA").
The United Kingdom is considered a safe third country under data protection law. This means that the United Kingdom has a level of data protection that is equivalent to the level of data protection in the European Union.
VISA may transfer data to its parent company in the United States. The transfer of data to the USA is based on the standard contractual clauses of the EU Commission. Details can be found at: https://www.visa.de/nutzungsbedingungen/visa-globale-datenschutzmitteilung/mitteilung-zuzustandigkeitsfragen-fur-den-ewr.html.
For more information, please see VISA's privacy policy: https://www.visa.de/nutzungsbedingungen/visa-privacy-center.html.
We have concluded an order processing agreement with the above-mentioned provider. This is a contract required by data protection law, which ensures that the provider only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.
Our services
Handling applicant data
We offer you the opportunity to apply for positions with us (e.g. by email, post or via the online application form). In the following, we inform you about the scope, purpose and use of your personal data collected during the application process. We ensure that the collection, processing and use of your data will be carried out in accordance with applicable data protection law and all other legal provisions and that your data will be treated in strict confidence.
Scope and purpose of data processing
If you send us an application, we process your associated personal data (e.g. contact and communication data, application documents, notes taken during interviews, etc.) insofar as this is necessary to decide whether or not to establish an employment relationship. The legal basis for this is §26 BDSG under German law for the initiation of an employment relationship, Art. 6 (1) (b) GDPR for the general initiation of a contract and - if you have given your consent - Art. 6 (1) (a) GDPR.
The consent can be revoked at any time with future effect Your personal data will only be passed on within our company to individuals who are involved in processing your application.
If the application is successful, the data submitted by you will be stored in our data processing systems on the basis of §26 BDSG and Art. 6 (1) (b) GDPR for the purpose of implementing the employment relationship.
Data retention period
If we are unable to make you a job offer, or if you reject a job offer or withdraw your application, we reserve the right to retain the data you have provided on the basis of our legitimate interests pursuant to Art. 6 (1) (f) GDPR for up to six months from the end of the application process in the event of rejection or withdrawal of the application. The data will then be deleted and the physical application documents destroyed. Data is stored for evidence purposes in particular in the event of a legal dispute. If the data will foreseeably be required after the six-month period has expired (e.g. due to an impending or pending legal dispute), the data will not be deleted until the purpose for continued storage is no longer applicable.
Longer storage can also take place if you have given the corresponding consent according to Art. 6 (1) (a) GDPR or if legal storage periods oppose the deletion.
Dear Hotel Guests,
The new General Data Protection Regulation has changed a lot with regard to data protection. We have also incorporated the changes and are fulfilling our duty to inform in accordance with Art. 12ff. GDPR.
Total information according to Art. 12ff. GDPR
In order to be able to use the services offered by our company, we process your data on the basis of Art. 6 I lit. b DSGVO. The purpose of the processing is the accommodation contract and the fulfilment of our legal obligation from §30 II Federal Registration Act.
2 Who is responsible?Markus Reinheimer, Parkhotel Burgmühle
Tel.: +49 8326 9950Email: info@parkhotel-burgmuehle.de
Jürgen Funke, #KOMM#IT, Salmas 52, 87534 Oberstaufen, Germany
Telephone: 08325/927050, fax: 08325/9726, Email: dsb@komm-it.info
Our company processes your personal data:
- Day of arrival, day of expected departure
- Surname, first name, date of birth, address
- Nationality/country of origin
- First name and surname of fellow travellers, dates of birth of fellow travellers.
- Passport number/ID card number, date of issue, place of issue
- Email address, landline and mobile number, fax number
- Gender
- Company, payment details, license plate number
- Allergies, culinary preferences
- for cures and therapies: Health status data
If you have booked or inquired directly with us, your data has been collected by us. If you booked via a booking website, the data collected there was transmitted to us.
6 To whom do we make your data available?In order to make your stay as pleasant as possible, as a service of our hotel and for organizational reasons, for example, entry lists of our hotel guests or welcome information in the entrance area or restaurant with your name and room number are made visible.
With your consent, we transmit your name, room number and period of stay to affiliated service partners for your booked services e.g. wellness treatments or bookings at the surrounding facilities.
7th How long do we store your data?We adhere to the respective statutory retention period for the maximum duration of the storage of your personal data. After expiry of this period, the corresponding data is routinely deleted, provided that it is no longer required for the fulfilment or initiation of the contract. With their consent, we store your data long-term in our guest database to improve the service for returning guests of our hotel.
8th What is the handling of monetary amounts?If amounts are collected for the services and processed via card payments, further data such as card information will be stored by us and transmitted to our payment service provider. At the payment service provider, your data will only be stored for as long as it is required for payment processing, including chargebacks, etc., and for combating misuse.
Your data subject rights within the meaning of the General Data Protection Regulation remain unaffected.
9th What rights do you have? "Your data subject rights"According to the EU General Data Protection Regulation, you have the following rights:
- If your personal data is processed, you have the right to obtain information about the data stored about you (Art. 15 DSGVO).
- If incorrect personal data is processed, you have a right to rectification (Art. 16 DSGVO).
- If the legal requirements are met, you can request the deletion or restriction of processing, as well as object to processing (Art. 17,18 and 21 DSGVO)
- If you have consented to the data processing or if there is a contract for data processing and the data processing is carried out with the help of automated procedures, you may have a right to data portability (Art. 20 DSGVO)
Should you make use of your rights, we are obliged to check whether the legal requirements for this are met.
To exercise your rights, please contact the person responsible or the company data protection officer.
In case of complaints regarding data protection, you can contact the competent supervisory authority:
Bavarian State Office for Data Protection Supervision
Promenade 27 (Schloss),
91522 Ansbach, Germany
Telephone: 0981/531300
Email: poststelle@lda.bayern.de
10th Withdrawing your consent
If you have consented to the processing of your data by our company, you can withdraw your consent at any time.
11th Impossibility of use in case of non-disclosure
If you do not provide the data required for us, it is unfortunately not possible for us to conclude an accommodation contract with you.