With the following Data Protection Statement we would like to inform you about the types of your personal data (hereinafter also referred to as “data”) that we process, for what purposes and to what extent. The data protection statement applies to all processing of personal data carried out by us, both in the context of the provision of our services and in particular on our websites, in mobile applications and within external online presences, such as our social media profiles (hereinafter collectively referred to as “online offer“).

The terms used are as follows.

The terms used are not gender-specific.

 

Responsible

.

Hotel Fürst von Waldeck
Briloner Strasse 1
34508 Willingen

Authorized representatives: Ludwig Engelmann

Email address: info@fuerstvonwaldeck.de
Telephone: +49 5632 98899

Imprint: Link to the imprint

& nbsp;

Overview of processing operations

The following overview summarizes the types of data processed and the purposes of their processing and refers to the data subjects.

Types of data processed

  • Inventory data (e.g. names, addresses).
  • Content data (e.g. text input, photographs, videos).
  • Contact details (e.g. email, telephone numbers).
  • Meta / communication data (e.g. device information, IP addresses).
  • Usage data (e.g. websites visited, interest in content, access times).
  • Location data (data indicating the location of an end user’s device).
  • Contract data (e.g. subject of the contract, term, customer category).
  • Payment data (e.g. bank details, invoices, payment history).

& nbsp;

Categories of data subjects

  • Business and contractual partners.
  • Interested parties.
  • Communication partner.
  • Users (e.g. website visitors, users of online services).

& nbsp;

Purposes of processing

  • Provision of our online offer and user-friendliness.
  • Visit action evaluation.
  • Office and organisational procedures.
  • Cross-device tracking
    (Cross-device processing of user data for marketing purposes).
  • Direct marketing (e.g. by email or post).
  • Interest-based and behavioral marketing.
  • Contact inquiries and communication.
  • Conversion measurement (measurement of the effectiveness of marketing measures).
  • Profiling (creation of user profiles).
  • Remarketing.
  • Range measurement (e.g. access statistics, recognition of returning visitors).
  • Tracking (e.g. interest / behavior-based profiling, use of cookies).
  • Contractual services and services.
  • Management and responding to requests.
  • Target group building (determination of target groups relevant for marketing purposes or other content issue).

& nbsp;

Applicable legal bases

In the following we share the legal basis of the General Data Protection Regulation (GDPR), on the basis of which we process the personal data. Please note that in addition to the provisions of the GDPR, the national data protection requirements in your or our country of residence and domicile may apply.

  • Consent (Art. 6 para. 1 p. 1 lit. a GDPR) – The affected person has given his or her consent to the processing of personal data relating to him or her for a specific purpose or for several specific purposes.
  • Contractual performance and pre-contractual enquiries (Art. 6(1) p. 1 lit. b. DSGVO) – Processing is necessary for the performance of a contract to which the affected person is a party or for the performance of pre-contractual measures which are carried out at the request of the data subject.
  • Registered interests (Art. 6 para. 1 p. 1 lit. f. DSGVO) –
    The processing is necessary to safeguard the legitimate interests of the person responsible or a third party, unless the interests or fundamental rights and freedoms of the affected person require the protection of personal data, predominate.

 

National data protection regulations in Germany: In addition to the data protection regulations of the General Data Protection Regulation, national regulations on data protection apply in Germany. These include, in particular, the Act on Protection against Misuse of Personal Data in Data Processing (Bundesdatenschutzgesetz – BDSG). In particular, the BDSG contains special regulations on the right to information, the right to delete data, the right to object, the processing of special categories of personal data, processing for other purposes and automated decision-making in individual cases, including profiling.
Furthermore, it regulates data processing for purposes of the employment relationship (§ 26 BDSG), in particular with regard to the establishment, implementation or termination of employment relationships and the consent of employees. Furthermore, the data protection laws of the individual federal states may apply.

 

Security measures

Furthermore, we already take the protection of personal data into account in the development and selection of hardware, software and processes in accordance with the principle of data protection, through technology design and through data protection-friendly default settings.
&Uml;bmittlung und Offenbarung von personenbezogenen Daten

In the course of our processing of personal data, the data may be communicated to or disclosed to other bodies, companies, legally independent organisational units or persons. The recipients of this data may include, for example, payment institutions in the context of payment transactions, service providers commissioned with IT tasks or providers of services and content that are integrated into a website. In such cases, we comply with the legal requirements and, in particular, conclude corresponding contracts or agreements with the recipients of your data that serve to protect your data.

Data transfer within the organisation: We may transfer personal data to other bodies within our organisation or grant them access to this data. Where this transfer is for administrative purposes, the transfer of data is based on our legitimate business and managerial interests or is made where it is necessary to fulfil our contractual obligations or where we have the consent of the data subject or legal permission.

.

 

Data processing in third countries

If we process data in a third country (i.e. outside the European Union (EU), the European Economic Area (EEA)) or the processing takes place in the context of the use of third-party services or the disclosure or transfer of data to other persons, bodies or companies, this is only done in accordance with the legal requirements.

.

Subject to explicit consent or contractually or legally required transfer, we only process the data or have the data processed in third countries with a recognised level of data protection, which includes the US processors certified under the “Privacy Shield”, or on the basis of special guarantees, such as e.g. contractual obligation through so-called standard protection clauses of the EU Commission, the existence of certifications or binding internal data protection regulations (Art. 44 to 49 DSGVO, information page of the EU Commission). contractual obligation through so-called standard protection clauses of the EU Commission, the existence of certifications or binding internal data protection regulations (Art. 44 to 49 DSGVO, information page of the EU Commission: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_de ).

 

Use of cookies

.

Cookies are text files that contain data from visited websites or domains and are stored by a browser on the user’s computer. The primary purpose of a cookie is to store information about a user during or after their visit within an online service. The stored information may include, for example, the language settings on a website, the login status, a shopping cart or the location where a video was watched. We also include in the term cookies other technologies that perform the same functions as cookies (for example, where user details are stored using pseudonymous online identifiers, also known as “user IDs”)

.

The following cookie types and functions are distinguished:

    Permanent cookies: Permanent cookies remain stored even after the browser is closed. For example, the login status can be saved or preferred content can be displayed directly when the user visits a website again. Likewise, the interests of users, which are used for range measurement or marketing purposes, can be stored in such a cookie.

  • First-party cookies: First-party cookies are set by ourselves.
  • Third-party cookies (also: third-party cookies): Third-party cookies are mainly used by advertisers (so-called third parties) to process user information.
  • Necessary (also: essential or absolutely necessary) cookies: Cookies can be absolutely necessary for the operation of a website (e.g. to save logins or other user entries or for security reasons).
  • Statistics, marketing and personalisation cookies: Furthermore, cookies are usually also used in the context of range measurement and when a user’s interests or behaviour (e.g. viewing certain content, using functions, etc.) on individual websites are stored in a user profile. Such profiles are used, for example, to show users content that corresponds to their potential interests.
    This process is also known as “tracking”, i.e. following the potential interests of users. . Insofar as we use cookies or “tracking” technologies, we will inform you separately in our data protection declaration or in the context of obtaining consent.

 

Notes on legal bases: The legal basis on which we process your personal data with the help of cookies depends on whether we ask you for consent. If this is the case and you consent to the use of cookies, the legal basis for the processing of your data is the consent given. Otherwise, the data processed with the help of cookies will be processed on the basis of our legitimate interests (e.g. in the business operation of our online offer and its improvement) or, if the use of cookies is necessary to fulfil our contractual obligations.

.

General information on revocation and objection (opt-out): Irrespective of whether the processing is based on consent or legal permission, you have the option at any time to revoke any consent you have given or to object to the processing of your data by cookie technologies (collectively referred to as “opt-out”). You can initially declare your objection by means of your browser settings, e.g. by deactivating the use of cookies (although this may also restrict the functionality of our online offer). An objection to the use of cookies for online marketing purposes can also be declared by means of a variety of services, especially in the case of tracking, via the websites http://optout.aboutads.info and http://www.youronlinechoices.com/. In addition, you can receive further instructions on how to object in the context of the information on the service providers and cookies used.

.

Processing of cookie data on the basis of consent: Before we process or have data processed within the scope of the use of cookies, we ask users for consent that can be revoked at any time. Before consent has been given, cookies are only used if they are necessary for the operation of our online service. Their use is based on our interest and the interest of the users in the expected functionality of our online offer.

  • Types of data processed: Usage data (e.g. web pages visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).
  • Data subjects: Users (e.g. website visitors, users of online services).
  • Legal basis: Consent (Art. 6 para. 1 p. 1 lit. a DSGVO), Legitimate Interests (Art. 6 para. 1 p. 1 lit. f. DSGVO).

 

Commercial and Business Services

We process data of our contractual and business partners, e.g. customers and interested parties (collectively referred to as “contractual partners”) in the context of contractual and comparable legal relationships as well as related measures and in the context of communication with the contractual partners (or pre-contractual), e.g. to answer enquiries.

.

We process this data to fulfil our contractual obligations, to secure our rights and for the purposes of the administrative tasks associated with this information as well as the corporate organisation. We only pass on the data of the contractual partners to third parties within the framework of the applicable law to the extent that this is necessary for the aforementioned purposes or for the fulfilment of legal obligations or with the consent of the contractual partners (e.g. to participating telecommunications, transport and other auxiliary services as well as subcontractors, banks, tax and legal advisors, payment service providers or tax authorities). The contractual partners will be informed about further forms of processing, e.g. for marketing purposes, within the scope of this data protection declaration.

We inform the contractual partners of the data required for the above-mentioned purposes before or during data collection, e.g. in online forms, by means of special labelling (e.g. colours) or symbols (e.g. asterisks or the like), or in person.

.

We delete the data after the expiry of statutory warranty and comparable obligations, i.e., in principle after 4 years, unless the data is stored in a customer account, e.g., as long as it must be retained for legal archiving reasons (e.g., for tax purposes usually 10 years).
We delete data disclosed to us by the contractual partner within the scope of an order in accordance with the specifications of the order, in principle after the end of the order.

If we use third-party providers or platforms to provide our services, the terms and conditions and data protection notices of the respective third-party providers or platforms apply in the relationship between the users and the providers.

Travel-related services: We process the data of our customers and prospective customers (collectively referred to as “customers”) in accordance with the underlying contractual relationship. We may also process information about the characteristics and circumstances of persons or things belonging to them if this is necessary in the context of the contractual relationship. This can be, for example, information on personal circumstances, on mobile property and on the financial situation.

In the context of our commissioning, it may be necessary for us to process special categories of data within the meaning of Art. 9 (1) of the GDPR, in particular information on the health of a person. Processing is carried out to protect the health interests of customers and otherwise only with the consent of customers.

If required for the performance of the contract or required by law, or consented to by the customer or based on our legitimate interests, we disclose or transfer the customer’s data, for example, to the service providers involved in the performance of the travel services.

.

  • Types of data processed: inventory data (e.g. names, addresses), payment data (e.g. bank details, invoices, payment history), contact data (e.g. e-mail, telephone numbers), contract data (e.g. subject matter of the contract, term, customer category).
  • People concerned: Interested parties, business and contractual partners.
  • Purposes of the processing: contractual performance and service, contact requests and communication, Büro and organisational procedures, administration and response to requests.
  • .

  • Legal basis: Contractual performance and pre-contractual enquiries (Art. 6 para. 1 p. 1 lit. b. DSGVO), Legal obligation (Art. 6 para. 1 p. 1 lit. c. DSGVO), Legitimate interests (Art. 6 para. 1 p. 1 lit. f. DSGVO).

 

Provision of the online offer and web hosting

In order to provide our online service securely and efficiently, we use the services of one or more web hosting providers from whose servers (or servers managed by them) the online service can be accessed. For these purposes, we may use infrastructure and platform services, computing capacity, storage space and database services as well as security services and technical maintenance services.

The data processed in the course of providing the hosting service may include all information relating to the users of our online service that is generated in the course of use and communication. This regularly includes the IP address, which is necessary in order to be able to deliver the contents of online offers to browsers, and all entries made within our online offer or from websites.

E-mail sending and hosting: The web hosting services we use also include the sending, receiving and storing of e-mails. For these purposes, the addresses of the recipients and senders as well as further information regarding the e-mail dispatch (e.g. the providers involved) and the contents of the respective e-mails are processed. The aforementioned data may also be processed for the purpose of recognising SPAM. Please note that e-mails on the Internet are generally not sent encrypted. As a rule, e-mails are encrypted in transit, but (unless a so-called end-to-end encryption method is used) not on the servers from which they are sent and received. We can therefore accept no responsibility for the transmission path of the e-mails between the sender and receipt on our server.

Collection of access data and log files: We ourselves (or our web hosting provider) collect data on every access to the server (so-called server log files). The server log files may include the address and name of the web pages and files accessed, the date and time of the access, the amount of data transferred, notification of successful access, browser type and version, the user’s operating system, referrer URL (the previously visited page) and, as a rule, IP addresses and the requesting provider.

The server log files can be used for security purposes, e.g. to avoid overloading the servers (especially in the case of abusive attacks, so-called DDoS attacks) and to ensure the utilisation of the servers and their stability.

  • Types of data processed: Content data (e.g. text input, photographs, videos), usage data (e.g. web pages visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).
  • Data subjects: Users (e.g. website visitors, users of online services).
  • Legal basis: Legitimate interests (Art. 6 para. 1 p. 1 lit. f. DSGVO).

 

Newsletter and broad communication

We send newsletters, e-mails and other electronic notifications (hereinafter referred to as “newsletters”) only with the consent of the recipients or with legal permission. If the contents of the newsletter are specifically described in the registration, they are relevant for the consent of the user. Otherwise, our newsletters contain information about our services and us.

In order to subscribe to our newsletters, it is generally sufficient for you to provide your e-mail address. However, we may ask you to provide a name in order to address you personally in the newsletter, or to provide further information if this is necessary for the purposes of the newsletter.

Double opt-in procedure: Registration for our newsletter is generally carried out in a so-called double opt-in process. This means that after registration you will receive an e-mail asking you to confirm your registration. This confirmation is necessary so that no one can register with other people’s e-mail addresses. The registrations for the newsletter are logged in order to be able to prove the registration process in accordance with the legal requirements. This includes the storage of the registration and confirmation time as well as the IP address. Changes to your data stored with the shipping service provider are also logged.

  • Types of data processed: inventory data (e.g. names, addresses), contact data (e.g. e-mail, telephone numbers), meta/communication data (e.g. device information, IP addresses), usage data (e.g. websites visited, interest in content, access times).
  • People concerned: Communication partners.
  • Purposes of processing: direct marketing (e.g. by e-mail or post).
  • Legal basis: Consent (Art. 6 para. 1 p. 1 lit. a DSGVO), Legitimate Interests (Art. 6 para. 1 p. 1 lit. f. DSGVO).
  • You can cancel receipt of our newsletter at any time, i.e. revoke your consent or object to further receipt. You will find a link to cancel the newsletter either at the end of each newsletter or you can use one of the contact options given above, preferably e-mail, for this purpose.
  • Services used and service providers:

    Rapidmail
    “In order to receive the newsletter offered on our website, you can register via our form. We use the so-called double opt-in procedure. Here, a confirmation email is first sent to the email address you provided, with a request for confirmation. The registration only becomes effective when you click on the activation link contained in the confirmation email. We use your data transmitted to us exclusively for sending the newsletter, which may contain information or offers.

    We use rapidmail to send our newsletter. Your data will therefore be transmitted to rapidmail GmbH. In doing so, rapidmail GmbH is prohibited from using your data for purposes other than sending the newsletter. The rapidmail GmbH is not permitted to pass on or sell your data. rapidmail is a German, certified newsletter software provider, which has been carefully selected in accordance with the requirements of the DSGVO and the BDSG.

    You can revoke your consent to the storage of the data and its use for sending the newsletter at any time, e.g. via the unsubscribe link in the newsletter.”

    .

     

    Use of Facebook plugins

    Plugins of the social network Facebook, 1601 South California Avenue, Palo Alto, CA 94304, USA are integrated on our pages. You can recognise the Facebook plugins by the Facebook logo or the “Like” button on our site. You can find an overview of the Facebook plugins here: http://developers.facebook.com/docs/plugins/ When you visit our pages, a direct connection is established between your browser and the Facebook server via the plugin. Facebook thereby receives the information that you have visited our site with your IP address. If you click on the Facebook Like button while logged into your Facebook account, you can link the content of our pages to your Facebook profile. This allows Facebook to associate your visit to our pages with your user account. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the data transmitted or how it is used by Facebook. You can find more information on this in facebook’s privacy statement at https://de-de.facebook.com/policy.php

    .

    If you do not want Facebook to be able to associate your visit to our pages with your Facebook user account, please log out of your Facebook user account

    .

    Privacy policy for the use of Tripadvisor and HolidayCheck.de plugins

    .

    On our pages, plugins of the website TripAdvisor (TripAdvisor Inc., 141 Needham Street, Newton, MA 02464, USA) as well as HolidayCheck.de (HolidayCheck AG, Bahnweg 8, CH-8598 Bottighofen, Switzerland) are integrated. You can recognise the plugins by the corresponding logos on our site. When you visit our pages, a direct connection is established via the plugin between your browser and the server of the corresponding plugin provider. These companies thereby receive the information that you have visited our site with your IP address. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by the aforementioned companies Tripadvisor and HolidayCheck.de. You can find further information on this in the data protection declarations of TripAdvisor at: www.tripadvisor.de/datenschutz and HolidayCheck.de at: www.holidaychek.de/datenschutz 

    Promotional communication via e-mail, post, fax or telephone

    .

    We process personal data for the purposes of advertising communication, which can take place via various channels, such as e-mail, telephone, post or fax, in accordance with the legal requirements.

    >.

    The recipients have the right to revoke consent given at any time or to object to the promotional communication at any time.

    After revocation or objection, we may store the data required to prove consent for up to three years on the basis of our legitimate interests before deleting it. The processing of this data is limited to the purpose of a possible defence against claims. An individual request for deletion is possible at any time, provided that the former existence of consent is confirmed at the same time.

    • Processed data types: inventory data (e.g. names, addresses), contact details (e.g. e-mail, telephone numbers).
    • Affected persons: communication partner.
    • Purposes of processing: direct marketing (e.g. by email or post).
    • Legal basis: Consent (Art. 6 Para. 1 S. 1 lit. a GDPR), legitimate interests (Art. 6 Para. 1 S. 1 lit. f. GDPR).

    & nbsp;

    Web analysis and optimization

    The web analysis (also referred to as “reach measurement”) is used to evaluate the visitor flows of our online offer and may include behaviour, interests or demographic information about the visitors, such as age or gender, as pseudonymous values. With the help of the reach analysis, we can, for example, recognise at what time our online offer or its functions or contents are most frequently used or invite re-use. Likewise, we can understand which areas require optimisation.

    In addition to web analysis, we may also use test procedures, e.g. to test and optimise different versions of our online offer or its components.

    .

    For these purposes, so-called user profiles may be created and stored in a file (so-called “cookie”) or similar procedures with the same purpose may be used. This information may include, for example, content viewed, websites visited and elements used there and technical information such as the browser used, the computer system used and information on usage times. If users have consented to the collection of their location data, this may also be processed, depending on the provider.

    The IP addresses of the users are also stored. However, we use an IP masking procedure (i.e. pseudonymisation by shortening the IP address) to protect users. In general, no clear user data (such as email addresses or names) is stored in the context of web analysis, A/B testing and optimisation, but pseudonyms. This means that we, as well as the providers of the software used, do not know the actual identity of the users, but only the information stored in their profiles for the purposes of the respective procedures.

    The data stored for the purpose of web analytics is not used for any other purposes.

    Notes on legal basis: If we ask users for their consent to use third-party providers, the legal basis for processing data is consent. Otherwise, users’ data is processed on the basis of our legitimate interests (i.e. interest in efficient, economical and user-friendly services). In this context, we would also like to refer you to the information on the use of cookies in this data protection declaration.

    • People concerned: Users (e.g. website visitors, users of online services).
    • Purposes of processing: reach measurement (e.g. access statistics, recognition of returning visitors), tracking (e.g. interest/behaviour-based profiling, use of cookies), visit action evaluation, profiling (creation of user profiles).
    • Security measures: IP masking (pseudonymisation of the IP address).
    • Legal basis: Consent (Art. 6 para. 1 p. 1 lit. a DSGVO), Legitimate Interests (Art. 6 para. 1 p. 1 lit. f. DSGVO).

     

    Online marketing

    We process personal data for online marketing purposes, which may include, but are not limited to, marketing advertising space or displaying promotional and other content (collectively, “Content”) based on the potential interests of users and measuring its effectiveness.

    For these purposes, so-called user profiles are created and stored in a file (so-called “cookie”) or similar procedures are used, by means of which the information about the user relevant to the presentation of the aforementioned content is stored. This information may include, for example, content viewed, websites visited, online networks used, but also communication partners and technical information such as the browser used, the computer system used and information on usage times. If users have consented to the collection of their location data, this can also be processed.

    The IP addresses of the users are also stored. However, we use the available IP masking method (i.e. pseudonymisation by shortening the IP address) to protect users. In general, no clear user data (such as email addresses or names) is stored in the online marketing process, but pseudonyms. This means that we as well as the providers of the online marketing procedures do not know the actual identity of the users, but only the information stored in their profiles.