Sonnenpark Familotel Hochsauerland
Privacy policy according to DSGVO
The protection of personal data is an important concern for us. Therefore, the processing of personal data is carried out in accordance with the applicable European and national laws.
You can of course revoke your declaration(s) of consent at any time with effect for the future. Please contact the person responsible according to § 1.
The following declaration provides an overview of the type of data collected, the way in which this data is used and passed on, the security measures we take to protect your data and the way in which you can obtain information about the information given to us.
Legal basis for the processing of personal data
Insofar as we obtain the consent of the data subject for processing of personal data, Art. 6 para. 1 sentence 1 lit. a) of the EU Data Protection Basic Regulation (DSGVO) serves as the legal basis. When processing personal data which is necessary for the performance of a contract to which the data subject is a party, Article 6 (1) sentence b) of the DPA serves as the legal basis. This also applies to processing operations necessary for the performance of pre-contractual measures. Insofar as the processing of personal data is necessary to fulfil a legal obligation to which we are subject, Art. 6 para. 1 sentence 1 lit. c) DSGVO serves as the legal basis. If the processing is necessary to safeguard a legitimate interest of our company or of a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest, Art. 6 para. 1 sentence 1 lit. f) DSGVO serves as the legal basis for the processing.
Data erasure and storage period
The personal data of the person concerned will be deleted or blocked as soon as the purpose of the storage no longer applies. Furthermore, data may be stored if this has been provided for by the European or national legislator in EU regulations, laws or other regulations to which we are subject. Data will also be blocked or deleted when a storage period prescribed by the above-mentioned standards expires, unless there is a need to continue storing the data for the purpose of concluding or fulfilling a contract.
1. The person responsible and the data protection officer
(1 ) Name and address of the person responsible
The person responsible in terms of the basic data protection regulation and other national data protection laws of the member states as well as other data protection regulations is:
Sonnenpark Hotel GmbH & Co KG
Sonnenweg 4a
34508 Willingen (Upland)
Germany
Phone: +49 5632 4080
e-mail: info@sonnenpark.de
Website: www.sonnenpark.de
(2) Name and address of the data protection officer
The data protection officer of the person responsible is:
Dieter Grohmann
Akwiso Privacy & Audit
Beethoven Street 23
87435 Kempten
Germany
Phone: +49 831 5124-7030
E-mail: info@akwiso.de
Website: www.akwiso.de
2. Definitions
The data protection statement is based on the terms used by the European legislator when the EU data protection basic regulation (hereinafter: "DSGVO") was adopted. The Data Protection Declaration should be easy to read and understand. To ensure this, the most important terms are explained below:
a) Personal data is any information relating to an identified or identifiable natural person (hereinafter referred to as "data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
(b) Data subject means any identified or identifiable natural person whose personal data are processed by the person responsible for precessing.
(c) Processing means any operation or set of operations, performed with or without the aid of automated means, concerning personal data, such as collection, recording, organisation, filing, storage, adaptation or modification, reading, querying, use, disclosure by transmission, distribution or any other form of making available, matching or linking, restriction, deletion or destruction.
(d) Profiling means any automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular with a view to analysing or predicting aspects relating to the performance of work, the economic situation, health, personal preferences, interests, reliability, conduct, location or movements of that natural person
(e) Pseudonymisation is the processing of personal data in such a way that the personal data cannot be attributed to a specific data subject without the need to obtain additional information, provided that this additional information is kept separately and is subject to technical and organisational measures which ensure that the personal data is not attributed to an identified or identifiable natural person
(f) Person responsible or person responsible for processing shall mean the natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union law or by the law of the Member States, the person responsible or the specific criteria for his or her designation may be laid down by Union law or by the law of the Member States.
(g) Order processor means any natural or legal person, public authority, agency, or any other body which processes personal data on behalf of the person responsible.
(h) Recipient means any natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not that person is a third party However, public authorities which may receive personal data in the course of a specific investigation carried out pursuant to Union or national law shall not be considered as recipients.
(i) Third party means any natural or legal person, public authority, agency, or body other than the data subject, the person responsible, the processor and the persons who, under the direct authority of the person responsible or the processor, are authorized to process the personal data
j) Consent shall mean any freely given specific and informed expression of the data subject's will in an informed and unequivocal manner, in the form of a declaration or other unequivocal affirmative act by which the data subject signifies his or her consent to the processing of personal data relating to him or her.
3. Provision of the website and creation of log files
(1) In the case of purely informational use of the website, i.e. if you do not register or otherwise provide us with information, we automatically collect the following data and information from the computer system of the calling computer each time you access the website:
a) The IP address and host name of the user
b) Time of access
c) Browser used by the visitor
(d) The operating system used by the visitor
(e) Link or URL of origin
f) Search engine used, including keywords used
(g) Retention period
(h) Number of pages viewed
i) Last opened page before leaving the website
The data is also stored in the log files of our system. These data are not stored together with other personal data of the user.
(2) The legal basis for the temporary storage of log files is Art. 6 para. 1 p. f) DSGVO.
(3) Temporary storage of the IP address by the system is necessary in order
a) to enable the website to be delivered to the user's computer For this purpose, the user's IP address must remain stored for the duration of the session.
b) to optimise the contents of our website and the advertising for it
c) to ensure the functionality of our information technology systems and the technology of our website
(d) to provide law enforcement authorities with information necessary for law enforcement purposes in the event of a cyber attack
The storage in log files is done to ensure the functionality of the website. In addition, the data is used to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.
These purposes also include our legitimate interest in data processing in accordance with Art. 6 Para. 1 S. 1 lit. f) DSGVO.
(4) The data will be deleted as soon as they are no longer required for the purpose for which they were collected - in this case at the end of the usage process. In the case of storage of the data in log files, this is the case after seven days at the latest. Storage beyond this period is possible. In this case, the IP addresses are deleted or made anonymous, so that an assignment of the calling client is no longer possible.
(5) The collection of data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website, which is why there is no possibility of objection.
4. Use of cookies
(1) This website uses so-called cookies. Cookies are small text files which, as soon as you visit a website, are sent from a web server to your browser and stored locally on your end device (PC, notebook, tablet, smartphone, etc.) and are stored on your computer and provide the user (i.e. us) with certain information. Cookies are used to make the website more customer-friendly and safer, in particular to collect use-related information, such as frequency of use and number of users of the pages as well as the behaviour of the site usage. Cookies do not cause any damage to the computer and do not contain viruses.
This cookie contains a characteristic string of characters (Sog. Cookie-ID), which enables a unique identification of the browser when the website is called up again.
(2) We use cookies to make our website more user-friendly. Some elements of our website require that the calling browser can be identified even after a page change. The following data is stored and transmitted in the cookies:
- Transfer of language settings
- Articles in the shopping cart
The legal basis for the processing of personal data using cookies is Art. 6 para. 1 sentence 1 letter f) DSGVO.
(3) The purpose of using technically necessary cookies is to simplify the use of websites for you. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary that the browser is recognised even after a page change. We require cookies for the following applications:
- Articles in the shopping cart
- Transfer of language settings
- Remembering search settings in the booking engine
The user data collected through technically necessary cookies is not used to create user profiles.
(4) Cookies remain stored even if the browser session is terminated and can be called up again when the site is visited again. However, cookies are stored on your computer and transmitted from there to our site. Therefore you have full control over the use of cookies. If you do not want data collection via cookies, you can set your browser via the menu under "Settings" so that you are informed about the setting of cookies or you can generally exclude the setting of cookies or delete cookies individually. Please note, however, that if you deactivate cookies, the functionality of this website may be limited. As far as session cookies are concerned, they will be deleted automatically anyway after leaving the website.
5. Newsletter
(1) With your consent you can subscribe to our free newsletter, with which we inform you about our current interesting offers. The advertised goods and services are named in the declaration of consent.
For the registration to our newsletter we use the so-called double-opt-in procedure. This means that after your registration we will send you an e-mail to the e-mail address provided, in which we ask you to confirm that you wish to receive the newsletter. If you do not confirm your registration within 30 days, your information will be blocked and automatically deleted. In addition, we store your IP address and the time of registration and confirmation. The purpose of this procedure is to be able to prove your registration and, if necessary, to clarify any possible misuse of your personal data.
Your e-mail address is the only mandatory information for the sending of the newsletter. The provision of further data such as title, first name, surname is voluntary and is used to address you personally. The data will be used exclusively for sending the newsletter.
(2) The legal basis for the processing of the data after registration for the newsletter by the user is, if consent is given, Art. 6 para. 1 sentence 1 lit. a) DSGVO.
(3) The collection of the user's e-mail address serves to deliver the newsletter. The collection of other personal data in the course of the registration process serves to prevent misuse of the services or the e-mail address used.
(4) The data will be deleted as soon as they are no longer necessary for the purpose of their collection. Your e-mail address will therefore be stored as long as the subscription to the newsletter is active. The other personal data collected during the registration process are usually deleted after a period of seven days.
(5) You can cancel the receipt of our newsletters at any time and thus revoke your consent by clicking on the "Unsubscribe newsletter" link in our newsletter binder or by sending us an e-mail to info@sonnenpark.de or a message to the contact details given in the imprint. This also enables you to revoke your consent to the storage of personal data collected during the registration process.
6. e-commerce
(1) If you would like to order in our web shop, it is necessary for the conclusion of the contract that you provide your personal data, which we need to process your order. Mandatory data necessary for the processing of the contracts are marked separately, further data are voluntary. The data will be entered into an input mask, transmitted to us and stored. The following data is collected within the framework of the web shop:
- Name
- Address
- Name and date of birth of all persons travelling with you
- Arrival and departure date
- Booked room/service
- E-mail address
- IP address
- Date and time of the order
The data will only be passed on to third parties if the transfer is necessary for the purpose of processing the contract or for invoicing purposes or for the collection of the fee or if you have expressly consented to this. In this regard, we only pass on the data required in each case. The data recipients are
- Collection companies, as far as the payment has to be collected (disclosure of name, address, order details)'.
- Credit inquiry agencies to check creditworthiness (disclosure of name, address, date of birth, etc.). In this case, the information is only passed on if we make advance payments for orders (e.g. purchase on account).
- The bank to collect the payment, if the payment is made by direct debit
(2 ) The legal basis is Article 6(1)( b) DS-GVO. With regard to voluntary data, the legal basis for the processing of data is Art. 6 para. 1 sentence 1 lit. a) DS-GVO.
(3) The mandatory data collected is required for the fulfilment of the contract with the user (for the purpose of sending the goods and confirming the content of the contract). We therefore use the data to answer your enquiries, to process your order, to check creditworthiness or to collect a claim, if necessary, and for the purpose of technical administration of the websites. The voluntary information is provided to prevent misuse and, if necessary, to clarify criminal offences. We may also process the data you provide in order to inform you about other interesting products from our portfolio or to send you e-mails with technical information.
(4) The data will be deleted as soon as they are no longer required for the purpose of their collection. We are obliged by commercial and tax law to store your address, payment and order data for a period of ten years after execution of the contract. However, after two years we will restrict the processing, i.e. h. Your data will only be used to comply with the legal obligations. If there is a continuing obligation between us and the user, we store the data for the entire duration of the contract and for ten years thereafter (see above). With regard to data provided voluntarily, we will delete the data at the end of two years after the execution of the contract, provided that no further contract is concluded with the user during this time; in this case, the data will be deleted at the end of two years after the execution of the last contract.
(5) If the data is necessary for the fulfilment of a contract or for the implementation of pre-contractual measures, an early deletion of the data is only possible, unless contractual or legal obligations prevent a deletion.
Otherwise, you are free to have the personal data provided during registration completely deleted from the data stock of the person responsible for processing. The person responsible for processing will provide you with information on which of your personal data is stored at any time upon request. Furthermore, the data controller will correct or delete personal data upon request or notification of the person concerned, unless this is contrary to any legal obligation to retain data. You can contact the data controller or the data protection officer pursuant to § 1 at any time by e-mail or by post and request that the data be deleted or amended.
7. Data processing when using our voucher online shop
On our website you have the opportunity to purchase vouchers.
The processed data includes inventory data, communication data, contract data and payment data. The data subjects affected by the processing are our customers. The processing is carried out for the purpose of providing contractual services in the context of operating an online store, billing, delivery and customer services.
If you take advantage of the voucher purchase option, the data you enter in the input mask will be transmitted to us and stored:
- Title, first name, surname (of the purchaser or, if applicable, the recipient)
- Dedication
- telephone number
- E-mail address
- Address (street, house number, zip code, town, country)
- Payment data Information about the voucher (number, value)
- IP address of the user
- Date and time of dispatch.
The data will only be passed on to third parties if this is necessary for the purpose of processing the contract or for billing purposes or to collect the payment or if you have expressly consented to this. In this respect, we only pass on the data required in each case.
The data recipients are
- Debt collection companies, insofar as payment must be collected (forwarding of name, address, order details)
- accounting department
The legal basis is Art. 6 para. 1 sentence 1 lit. b) GDPR.
With regard to the voluntary data, the legal basis for the processing of the data is Art. 6 para. 1 sentence 1 lit. a) GDPR.
The mandatory data collected is required to fulfill the contract with the user (for the purpose of sending the goods and confirming the content of the contract). We therefore use the data to answer your inquiries, to process your order, to check your creditworthiness or to collect a debt, if necessary, and for the purpose of technical administration of the websites. The voluntary information is provided to prevent misuse and, if necessary, to investigate criminal offenses. We may also process the data you provide in order to inform you about other interesting products from our portfolio or to send you e-mails with technical information.
The data will be deleted as soon as it is no longer required for the purpose for which it was collected. Due to commercial and tax law requirements, we are obliged to store your address, payment and order data for a period of ten years after the execution of the contract. However, we restrict processing after two years, i.e. your data will only be used to comply with legal obligations. If there is a continuing obligation between us and the user, we store the data for the entire term of the contract and for a period of ten years thereafter (see above). With regard to the data provided voluntarily, we will delete the data two years after the contract has been executed, unless another contract is concluded with the user during this time; in this case, the data will be deleted two years after the last contract has been executed. Statutory retention periods remain unaffected and take precedence.
If the data is required to fulfill a contract or to carry out pre-contractual measures, premature deletion of the data is only possible insofar as contractual or legal obligations do not prevent deletion.
Otherwise, you are free to have the personal data provided when placing the order completely deleted from the controller's database. The controller will provide you with information about which personal data about you is stored at any time on request. Furthermore, the controller shall correct or delete personal data at the request or notice of the data subject, provided that this does not conflict with any statutory retention obligations. You can write to the controller or the data protection officer at any time by e-mail or post and ask for the data to be deleted/changed.
Payment processing for voucher purchases is handled by the payment service provider PAYONE GmbH using the "credit card" payment method.
For payment processing by credit card, we use the services of the payment service provider PAYONE GmbH, Lyoner Straße 9, 60528 Frankfurt am Main, Germany, for voucher purchases. For this payment method, PAYONE will receive your data required in connection with the purchase for payment processing (such as inventory data (name, address, contact details), contract data (such as order details)). Your data will be passed on exclusively for the purpose of payment processing. The legal basis is Art. 6 para. 1 sentence 1 lit. b GDPR. Your payment data will not be passed on to us by PAYONE. Further data protection information can be found in PAYONE's privacy policy (https://www.payone.com/DE-de/dsgvo#andere-zahlverfahren-msit-karte).
When paying by credit card, your data will be processed by PAYONE for the purpose of payment processing vis-à-vis the credit institution commissioned with the payment. We do not have access to your full credit card details.
8. Transfer of personal data to third parties
1. integration of YouTube videos
(1) We have integrated YouTube videos into our online offer, which are stored at http://www.YouTube.com and can be played directly from our website. These are all included in the "extended data protection mode", i.e. h. that no data about you as a user is transferred to YouTube if you do not play the videos. Only when you play the videos will the data mentioned in paragraph 2 be transferred. We have no influence on this data transfer. By visiting the website, YouTube receives the information that you have called up the corresponding subpage of our website.
The following data is transmitted
- Device-specific information, such as the hardware used; the version of the operating system; unique device ID and information about the mobile network, including your telephone number.
- Log data in the form of server logs. This includes, but is not limited to, details about how the services were used, such as search queries; IP address; hardware settings; browser type; browser language; date and time of your query; originating page; cookies that uniquely identify your browser or Google Account
- Location-based information. Google may collect information about your actual location. This includes, for example, your IP address, your wireless access points or cell phone towers
- Further information about the data collected by Google, INC can be found under the following link: https://policies.google.com/privacy?hl=de&gl=de
This is done regardless of whether YouTube provides a user account that you are logged in with or whether no user account exists. If you are logged in at Google, your data will be assigned directly to your account.
(2) The integration of the videos serves to make the website more descriptive for the user and to increase the search engine ranking of the website on Google and to refer more specifically to our own videos. YouTube stores your data as user profiles and uses them for purposes of advertising, market research and/or demand-oriented design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website.
(3) If you do not wish to be associated with your profile on YouTube, you must log out before activating the button.
(4) You have the right to object to the creation of these user profiles, and you must contact YouTube to exercise this right.
(5) Further information on the purpose and scope of data collection and its processing by YouTube can be found in the privacy policy. There you will also find further information on your rights and setting options to protect your privacy: https://www.google.de/intl/de/policies/privacy.
2. Links to external websites
This website contains links to external sites. We are responsible for our own content. We have no influence on the contents of external links and are therefore not responsible for them, in particular we do not adopt their contents as our own. If you are directed to an external site, the privacy policy provided there applies. If you notice any illegal activities or contents on this site, you are welcome to point this out to us. In this case we will check the content and react accordingly (notice and take down procedure).
3. Hedging of credit risk
In the event of a credit risk (name, address, e-mail address, details of the company and, if applicable, contractual and receivables data), we will transfer your data to IHD Gesellschaft für Kredit und Forderungsmanagement mbH, Augustinusstr. 11 B, 50226 Frechen, Germany, and, if applicable, to other cooperating credit agencies for the purpose of credit assessment and to check the deliverability of the address provided and for the purpose of debt collection processing. The legal basis for this transmission is Art 6 I b DSGVO and Art 6 I f DSGVO. Transmissions on the basis of Art 6 I f DSGVO may only take place to the extent that this is necessary to protect the legitimate interests of our company and does not outweigh the interests or fundamental rights and freedoms of the person concerned, which require the protection of personal data.
Detailed information on our contractual partner, the IHD, in the sense of Art 14 DSGVO, i.e. the business purpose, the purpose of data storage there, the legal basis, the data recipients of the IHD, the right to self-disclosure and the right to deletion and correction as well as profiling can be found at www.ihd.de/datenschutz/Artikel14.html.
Information on their contractual partners in the credit agency sector can be found at: www.ihd.de/datenschutz#vertragspartner
4. Other service providers
List of the services commissioned (scope, type, purpose of the collection, processing, use of data, type of data, circle of persons concerned)
table
Thefollowing opt-out links areavailable:
Adform:https://site.adform.com/datenschutz-opt-out/
Facebook:http://de-de.facebook.com/privacy/explanation.php
9. Contact / Request / Catalogue form and e-mail contact
(1) On our website there are contact forms which can be used for electronic contact. If you use this option, the data entered in the input mask will be transmitted to us and stored. These are with all forms at the time of sending the following data:
- IP address of the user
- Date and time of registration
Furthermore in detail at the contact form:
- first name
- Cash on delivery
- email address
In addition in detail with the inquiry form:
- first name
- Cash on delivery
- email address
- Arrival/departure date
- Number of adults, number and age of children
In addition in detail at the catalogue form:
- First name
- Cash on delivery
- mailing address
For the processing of the data, your consent will be obtained during the sending process and reference will be made to this privacy policy.
Alternatively, it is possible to contact us via the provided e-mail address. In this case the personal data transmitted with the e-mail will be stored.
If this involves information on communication channels (e.g. e-mail address, telephone number), you also agree that we may contact you via this communication channel in order to answer your request.
In this context, the data will not be passed on to third parties. The data will be used exclusively for processing the conversation.
(2) The legal basis for the processing of the data is Art. 6 para. 1 p. lit. a) DSGVO if the user has given his consent. The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 para. 1 p.1 letter f) DSGVO. If the e-mail contact aims at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1S. 1 lit. b) DSGVO.
(3) The processing of the personal data from the input mask serves us solely to process the contact. We will of course use the data from your e-mail enquiries exclusively for the purpose for which you provide us with the data when contacting us. If you contact us by e-mail, the necessary legitimate interest in the processing of the data is also based on the reply. The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.
(4) The data will be deleted as soon as they are no longer necessary for the purpose of their collection. For personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is terminated when it can be concluded from the circumstances that the matter in question has been finally clarified. The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.
(5) You have the possibility to revoke your consent to the processing of your personal data at any time. If you contact us by e-mail, you can object to the storage of his personal data at any time. In such a case the conversation cannot be continued. Regarding the revocation of the consent / objection to the storage, we ask you to contact the person responsible or the data protection officer according to § 1 via e-mail or by post. All personal data stored in the course of the contact will be deleted in this case.
10. Privacy policy on the use and application of web analytics by Google Analytics
We use the analysis tracking tool Google Analytics (GA) of the American company Google LLC on our website. For the European area, the company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services. Google Analytics collects data about your actions on our website. For example, when you click on a link, this action is stored in a cookie and sent to Google Analytics. The reports we receive from Google Analytics help us to better tailor our website and service to your preferences. In the following, we will go into more detail about the tracking tool and inform you in particular about what data is stored and how you can prevent this.
Google Analytics is a tracking tool used to analyse traffic on our website. In order for Google Analytics to work, a tracking code is built into the code of our website. When you visit our website, this code records various actions you take on our website. As soon as you leave our website, this data is sent to the Google Analytics servers and stored there.
Google processes the data and we receive reports about your user behaviour. These reports may include, but are not limited to, the following:
• Target group reports: Through target group reports we get to know our users better and know more precisely who is interested in our service.
• Ad reports: Ad reports make it easier for us to analyse and improve our online advertising.
• Acquisition reports: Acquisition reports give us helpful information on how to get more people interested in our service.
• Behavioural reports: This tells us how you interact with our website. We can track the path you take on our site and which links you click on.
• Conversion reports: Conversion is the name given to a process in which you take a desired action as a result of a marketing message. For example, when you go from being just a website visitor to a buyer or newsletter subscriber. These reports help us learn more about how our marketing efforts are working for you. This is how we want to increase our conversion rate.
• Real-time reports: Here we always know immediately what is happening on our website. For example, we can see how many users are reading this text.
Our goal with this website is clear: we want to offer you the best possible service. The statistics and data from Google Analytics help us to achieve this goal.
The statistically evaluated data show us a clear picture of the strengths and weaknesses of our website. On the one hand, we can optimise our site so that it is found more easily by interested people on Google. On the other hand, the data helps us to better understand you as a visitor. We thus know exactly what we need to improve on our website in order to offer you the best possible service. The data also helps us to carry out our advertising and marketing measures in a more individual and cost-effective way. After all, it only makes sense to show our products and services to people who are interested in them.
Google Analytics uses a tracking code to create a random, unique ID that is linked to your browser cookie. This is how Google Analytics recognises you as a new user. The next time you visit our site, you will be recognised as a "returning" user. All collected data is stored together with this user ID. This is what makes it possible to evaluate pseudonymous user profiles in the first place.
In order to be able to analyse our website with Google Analytics, a property ID must be inserted into the tracking code. The data is then stored in the corresponding property. For each newly created property, the Google Analytics 4 property is standard. Alternatively, you can also create the Universal Analytics property. Depending on the property used, data is stored for different periods of time.
Identifiers such as cookies and app instance IDs measure your interactions on our website. Interactions are all types of actions you take on our website. If you also use other Google systems (such as a Google Account), data generated through Google Analytics may be linked to third-party cookies. Google does not share Google Analytics data unless we, as the website operator, authorise it. Exceptions may occur if required by law.
Google creates so-called heat maps. Heat maps show exactly those areas that you click on. This gives us information about where you are "travelling" on our site.
Google defines session duration as the time you spend on our site without leaving. If you have been inactive for 20 minutes, the session ends automatically.
Bounce rate: A bounce is when you view only one page on our website and then leave our website again.
Account creation: When you create an account or place an order on our website, Google Analytics collects this data.
The IP address is only shown in abbreviated form so that no clear assignment is possible.
The IP address can be used to determine the country and your approximate location. This process is also called IP location determination.
Technical information includes your browser type, internet service provider or screen resolution.
Source of origin: Google Analytics or, of course, we are also interested in which website or which advertisements you came to our site from.
Other data include contact details, any ratings, playing media (e.g. when you play a video via our site), sharing content via social media or adding to your favourites. The list does not claim to be complete and only serves as a general orientation of the data storage by Google Analytics.
Google has their servers spread all over the world. Most servers are located in America and consequently your data is mostly stored on American servers. You can read exactly where Google's data centres are located here: https://www.google.com/about/datacenters/locations/?hl=de
Your data is distributed on different physical data carriers. This has the advantage that the data can be retrieved more quickly and is better protected against manipulation. In every Google data centre, there are corresponding emergency programmes for your data. If, for example, the hardware at Google fails or natural disasters paralyse servers, the risk of a service interruption at Google still remains low.
The retention period of the data depends on the properties used. When using the newer Google Analytics 4 properties, the retention period of your user data is set to 14 months. For other so-called event data, we have the option to choose a retention period of 2 months or 14 months.
For Universal Analytics properties, Google Analytics has a default retention period of 26 months for your user data. Then your user data is deleted. However, we have the option to choose the retention period of user data ourselves. Five variants are available to us for this purpose.
In addition, there is also the option that data is only deleted when you no longer visit our website within the period we have chosen. In this case, the retention period is reset each time you visit our website again within the specified period.
Once the specified period has expired, the data is deleted once a month. This retention period applies to your data linked to cookies, user recognition and advertising IDs (e.g. DoubleClick domain cookies). Reporting results are based on aggregated data and are stored separately from user data. Aggregated data is a merging of individual data into a larger unit.
Under European Union data protection law, you have the right to access, update, delete or restrict your data. You can prevent Google Analytics from using your data by using the browser add-on to deactivate Google Analytics JavaScript (ga.js, analytics.js, dc.js). You can download and install the browser add-on at https://tools.google.com/dlpage/gaoptout?hl=de. Please note that this add-on only disables the collection of data by Google Analytics.
If you basically want to deactivate, delete or manage cookies, you will find the corresponding links to the respective instructions of the most popular browsers under the section "Cookies".
The use of Google Analytics requires your consent, which we have obtained with our cookie pop-up. According to Art. 6 para. 1 lit. a GDPR (consent), this consent constitutes the legal basis for the processing of personal data, as may occur during the collection by web analytics tools.
In addition to consent, we have a legitimate interest in analysing the behaviour of website visitors in order to improve our offer technically and economically. With the help of Google Analytics, we recognise website errors, can identify attacks and improve economic efficiency. The legal basis for this is Art. 6 para. 1 lit. f GDPR (legitimate interest). Nevertheless, we only use Google Analytics if you have given your consent.
Google also processes data from you in the USA, among other places. We would like to point out that according to the opinion of the European Court of Justice, there is currently no adequate level of protection for the transfer of data to the USA. This may be associated with various risks for the legality and security of the data processing.
Google uses so-called standard contractual clauses (= Art. 46 para. 2 and 3 GDPR) as the basis for data processing for recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular the USA) or for data transfer there. Standard Contractual Clauses (SCC) are templates provided by the EU Commission and are intended to ensure that your data comply with European data protection standards even if they are transferred to third countries (such as the USA) and stored there. Through these clauses, Google undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the US. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here, among other places: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de
The Google Ads Data Processing Terms, which refer to the standard contractual clauses, can be found at https://business.safety.google/intl/de/adsprocessorterms/.
If you want to learn more about the tracking service, we recommend these two links:
https://marketingplatform.google.com/about/analytics/terms/de/ and https://support.google.com/analytics/answer/6004245?hl=de
11. Use of Google Web Fonts
(1) This site uses so-called web fonts, which are provided by Google, for the uniform display of fonts. When you call up a page, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly. When you visit our website, your browser sends requests to the Google server. Google logs the following data:
a. IP address
b. Browser information (name, version)
c. Website
d. Operating system of the user
e. Screen resolution of the user
f. Language settings of the user's browser or operating system
g. Font file
This happens regardless of whether Google provides a user account through which you are logged in or whether no user account exists. If you are logged in to Google, your data will be assigned directly to your account. Google Web Fonts are used in the interest of a uniform and attractive presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6 para. 1 sentence 1 lit. f DSGVO.
(2) Google stores your data as user profiles and uses them for the purposes of advertising, market research and/or demand-oriented design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide advertising tailored to your needs and to inform you about your activities on our website.
(3) You have a right of objection to the creation of these user profiles, whereby you must contact Google to exercise this right.
(4) Further information on the purpose and scope of data collection and its processing by the plug-in provider can be found in the provider's data protection declarations. There you will also find further information on your rights and settings to protect your privacy: http://www.google.de/intl/de/policies/privacy.
12. Privacy policy on the use and application of Google Maps
We use Google Maps from Google Inc. on our website. Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services in Europe. Google Maps allows us to better show you locations and thus adapt our service to your needs. By using Google Maps, data is transmitted to Google and stored on Google servers. Here we would like to go into more detail about what Google Maps is, why we use this Google service, what data is stored and how you can prevent this.
Google Maps is an internet map service provided by Google. With Google Maps, you can search for exact locations of cities, sights, accommodation or businesses online via a PC, tablet or app. If companies are represented on Google My Business, further information about the company is displayed in addition to the location. To show how to get there, map sections of a location can be integrated into a website using HTML code. Google Maps shows the earth's surface as a street map or as an aerial or satellite image. Thanks to the Street View images and the high-quality satellite images, very accurate representations are possible.
All our efforts on this site are aimed at providing you with a useful and meaningful time on our website. By integrating Google Maps, we can provide you with the most important information about various locations. You can see at a glance where we are located. The directions always show you the best or fastest way to reach us. You can call up the directions for routes by car, public transport, on foot or by bicycle. For us, providing Google Maps is part of our customer service.
In order for Google Maps to fully provide their service, the company must collect and store data from you. This includes, among other things, the search terms entered, your IP address and also the latitude and longitude coordinates. If you use the route planner function, the start address entered is also stored. However, this data storage happens on the Google Maps websites. We can only inform you about this, but cannot influence it. Since we have integrated Google Maps into our website, Google sets at least one cookie (name: NID) in your browser. This cookie stores data about your user behaviour. Google uses this data primarily to optimise its own services and to provide you with individual, personalised advertising.
Google servers are located in data centres around the world. However, most servers are located in America. For this reason, your data is increasingly stored in the USA. You can find out exactly where Google's data centres are located here: https://www.google.com/about/datacenters/locations/?hl=de.
Google distributes the data on different data carriers. This means that the data can be accessed more quickly and is better protected against any attempts at manipulation. Each data centre also has special emergency programmes. If, for example, there are problems with Google's hardware or a natural disaster paralyses the servers, the data will pretty much remain protected anyway.
Google stores some data for a set period of time. For other data, Google only offers the option of deleting it manually. Furthermore, the company also anonymises information (such as advertising data) in server logs by deleting part of the IP address and cookie information after 9 and 18 months respectively.
With the automatic deletion of location and activity data introduced in 2019, location and web/app activity information will be stored for either 3 or 18 months - depending on your decision - and then deleted. In addition, you can also manually delete this data from your history at any time via your Google Account. If you want to completely prevent your location tracking, you must pause the "Web and App Activity" section in the Google Account. Click "Data and personalisation" and then on the "Activity setting" option. Here you can switch the activities on or off.
In your browser, you can also deactivate, delete or manage individual cookies. Depending on which browser you use, this always works slightly differently. Under the section "Cookies" you will find the corresponding links to the respective instructions of the most popular browsers.
If you generally do not want cookies, you can set up your browser so that it always informs you when a cookie is to be set. In this way, you can decide for each individual cookie whether you allow it or not.
If you have consented to Google Maps being used, the legal basis for the corresponding data processing is this consent. According to Art. 6 para. 1 lit. a DSGVO (consent), this consent constitutes the legal basis for the processing of personal data as it may occur during the collection by Google Maps.
On our part, there is also a legitimate interest in using Google Maps to optimise our online service. The corresponding legal basis for this is Art. 6 para. 1 lit. f DSGVO (legitimate interest). Nevertheless, we only use Google Maps if you have given your consent.
Google also processes your data in the USA, among other places. We would like to point out that according to the opinion of the European Court of Justice, there is currently no adequate level of protection for the transfer of data to the USA. This may be associated with various risks to the lawfulness and security of the data processing.
Google uses so-called standard contractual clauses (= Art. 46. para. 2 and 3 DSGVO) as the basis for data processing for recipients located in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular in the USA) or a data transfer there. Standard Contractual Clauses (SCC) are templates provided by the EU Commission and are intended to ensure that your data comply with European data protection standards even if they are transferred to third countries (such as the USA) and stored there. Through these clauses, Google undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the US. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here, among other places: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de
The Google Ads Data Processing Terms, which refer to the standard contractual clauses, can be found at https://business.safety.google/intl/de/adsprocessorterms/.
If you would like to learn more about Google's data processing, we recommend the company's own privacy policy at https://policies.google.com/privacy?hl=de.
13. Rights of the data subject
If personal data are processed by you, you are the data subject within the meaning of the DSGVO and you are entitled to the following rights in relation to the person responsible:
1. Right to information,
2. Right to rectification
3. Right to restrict processing,
4. Right to cancel
5. Right to information
6. Right to data transferability.
7. Right to object to the processing
8. Right to revoke consent under data protection law
9. Right not to apply an automated decision
10. Right of appeal to a supervisory authority
1. Right tp information
(1) You may request confirmation from the person responsible as to whether personal data concerning you are being processed by us. If such processing is carried out, you may at any time request from the data controller free of charge information about the personal data stored about you and about the following information:
a) The purposes for which the personal data are processed
b) The categories of personal data which are processed;
c) The recipients or the categories of recipients to whom the personal data concerning you have been or will be disclosed;
d) The planned duration of the storage of the personal data concerning you or, if it is not possible to give specific details, criteria for determining the duration of storage;
e) The existence of a right of rectification or erasure of personal data concerning you, a right to have the processing limited by the controller or a right to object to such processing;
(f) The existence of a right of appeal to a supervisory authority;
(g) Any available information as to the origin of the data where the personal data are not collected from the data subject;
h) The existence of automated decision making, including profiling, in accordance with Art. 22 (1) and (4) DPA and, at least in these cases, meaningful information on the logic involved and the scope and intended effects of such processing on the data subject.
(2) You have the right to request information as to whether the personal data concerning you are being transferred to a third country or to an international organisation. In this context, you may request to be informed of the appropriate guarantees pursuant to Art. 46 DPA in connection with the transfer.
2. Right to rectification
You have the right to obtain from the data controller the rectification and/or completion without delay if the personal data processed concerning you is incorrect or incomplete.
3. Right to restrict processing
1. You may request the controller to restrict without delay the processing of personal data relating to you under the following conditions:
(a) If you dispute the accuracy of the personal data relating to you for a period which enables the controller to verify the accuracy of the personal data
(b) If the processing is unlawful and you object to the deletion of the personal data and instead demand the restriction of the use of the personal data;
(c) The controller no longer needs the personal data for the purposes of the processing, but you need the personal data for the purpose of exercising or defending legal claims; or
d) If you have lodged an objection to the processing pursuant to Art. 21 para. 1 DPA and it has not yet been established whether the legitimate reasons given by the controller outweigh the reasons given by you.
(2) If the processing of personal data relating to you has been restricted, such data - apart from being stored - may be processed only with your consent or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person or for reasons of an important public interest of the Union or a Member State. If the restriction on processing has been restricted in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.
4. Right to cancel
1. You may request the controller to delete the personal data relating to you without delay if one of the following reasons applies:
(a) The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed
b) You revoke your consent on which the processing was based pursuant to section 6 paragraph 1 lit. a or section 9 paragraph 2 lit. a FADP, and there is no other legal basis for the processing.
c) you object to the processing in accordance with section 21 paragraph 1 DPA and there are no legitimate reasons for processing that take precedence, or you object to the processing in accordance with section 21 paragraph 2 DPA.
(d) The personal data concerning you have been processed unlawfully
(e) Deletion of personal data concerning you is necessary to comply with a legal obligation under Union law or the law of the Member States to which the controller is subject
f) The personal data concerning you have been collected in relation to information society services offered in accordance with section 8 paragraph 1 DSGVO.
(2) If the data controller has made the personal data concerning you public and is obliged to delete it pursuant to section 17 paragraph 1 DPA, he shall take reasonable measures, including technical measures, taking into account the available technology and the implementation costs, to inform data controllers who process the personal data that you, as a data subject, have requested them to delete all links to this personal data or to make copies or replications of this personal data.
(3) The right of cancellation shall not apply where the processing is necessary
(a) to exercise the right to freedom of expression and information
(b) to comply with a legal obligation requiring processing under Union or national law to which the controller is subject or in the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
c) for reasons of public interest in the field of public health pursuant to section 9 paragraph 2 letters h and i and section 9 paragraph 3 FADP;
d) For archiving, scientific or historical research purposes in the public interest or for statistical purposes pursuant to section 89 paragraph 1 FADP, insofar as the law referred to in section a) is likely to render impossible or seriously prejudice the attainment of the objectives of such processing, or
(e) to assert, exercise, or defend legal claims.
5. Right to information
If you have asserted the right to rectification, erasure, or limitation of processing vis-à-vis the controller, the controller is obliged to notify all recipients to whom the personal data concerning you have been disclosed of this rectification/erasure/limitation of processing, unless this proves impossible or involves a disproportionate effort. You have the right vis-à-vis the controller to be informed of these recipients.
6. Right to data transferability
(1) You have the right to receive the personal data concerning you which you have provided to the data controller in a structured, common, and machine-readable format. You also have the right to have this data communicated to another controller, without interference from the controller to whom the personal data has been made available, provided that
a) the processing is based on consent pursuant to section 6 paragraph 1 letter a DSGVO or section 9 paragraph 2 letter a DSGVO or on a contract pursuant to section 6 paragraph 1 letter b DSGVO and
(b) the processing is carried out by means of automated procedures.
(2) In exercising this right, you also have the right to obtain that the personal data concerning you be transferred directly from one controller to another controller, insofar as this is technically feasible. The freedoms and rights of other persons must not be affected by this.
3. The right to data transferability shall not apply to the processing of personal data that is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
4. In order to exercise the right to data transferability, the data subject may at any time contact the controller.
7. Right to object
(1) You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you which is carried out pursuant to section 6 (1) lit. e or f FADP; this also applies to profiling based on these provisions.
2. The controller shall cease processing personal data relating to you unless he can demonstrate compelling legitimate reasons for the processing which override your interests, rights, and freedoms, or unless the processing is carried out in order to assert, exercise, or defend legal claims.
3. Where personal data relating to you are processed for the purpose of direct marketing, you shall have the right to object at any time to the processing of personal data relating to you for the purpose of such marketing, including profiling, insofar as it relates to such direct marketing. If you object to processing for the purposes of direct marketing, the personal data concerning you will no longer be processed for those purposes.
(4) In the context of the use of information society services, and without prejudice to Directive 2002/58/EC, you have the possibility of exercising your right of objection by means of automated procedures involving technical specifications.
5. In order to exercise the right of objection, the data subject may contact the controller directly.
8. Right to cancel the declaration of consent under the data protection law
You have the right to cancel your data protection declaration of consent at any time. Cancellation of your consent does not affect the legality of the processing that has taken place on the basis of your consent until revocation. You can contact the person responsible for this.
9. Automated decision in individual cases including profiling
(1) You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects vis-à-vis you or significantly affects you in a similar way. This shall not apply if the decision
(a) is necessary for the conclusion or performance of a contract between you and the person responsible
(b) is authorised by Union law or the law of the Member States to which the person responsible is subject and that law contains appropriate measures to safeguard your rights and freedoms and your legitimate interests; or
c) with your express consent.
(2) However, such decisions may not be based on special categories of personal data pursuant to section 9 paragraph 1 DPA, unless section 9 paragraph 2 lit. a or g DPA applies and appropriate measures have been taken to protect rights and freedoms and your legitimate interests.
(3) In the cases referred to in (1) and (3), the responsible person shall take appropriate measures to safeguard the rights and freedoms and your legitimate interests, which shall include at least the right to obtain the intervention of any person from the responsible person, to express his or her point of view and to challenge the decision.
4. If the data subject wishes to exercise rights relating to automated decisions, he or she may at any time contact the controller.
10. Right to appeal to a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State in which you are resident, your place of work, or the place of the alleged infringement, if you consider that the processing of personal data concerning you is in breach of the DPA. The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Art. 78 DSGVO.
14. Changes to the privacy policy
We reserve the right to modify our privacy practices and this policy to reflect changes in relevant laws or regulations or to better meet your needs. Any changes to our privacy practices will be posted here accordingly. Please note the current version date of the Privacy Policy.
Social Networks Privacy Policy
We maintain an online presence on various social networks and platforms. In the following, we would like to inform you about the data collected by them and by us, about their purposes, the legal basis, recipients, and your rights.
Section 1 Responsible persons and data protection officers
Jointly responsible persons in terms of Art. 26 of the Basic Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations for our social platforms are
Sonnenpark Hotel GmbH & Co KG
Sonnenweg 4a
34508 Willingen
05632/4080
info@sonnenpark.de
www.sonnenpark.de
The data protection officer is Dieter Grohmann, 0831/5124-7030, info@akwiso.de
as well as the companies named below for the respective network
(a) Facebook: Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland Regulatory authority is the Data Protection Commission, Canal House, Station Road, Portarlington, R32 AP23 Co. Laois, https://www.dataprotection.ie/docs/Contact-us/b/11.htm. For more information on data protection, please visithttps://www.facebook.com/policy.php.
(b) Instagram: Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland Regulatory authority is the Data Protection Commission, Canal House, Station Road, Portarlington, R32 AP23 Co. Laois; For more information on data protection, please visit http://instagram.com/about/legal/privacy/.
(c) Pinterest: Pinterest Europe Ltd, Palmerston House, 2nd Floor, Fenian Street, Dublin 2, IRELAND; the supervisory authority is the Data Protection Commission, Canal House, Station Road, Portarlington, R32 AP23 Co. Laois, https://www.dataprotection.ie/docs/Contact-us/b/11.htm. Further information on data protection can be found at https://policy.pinterest.com/de/privacy-policy.
Section 2 Data collected by us in general
2.1 Facebook / Instagram
(1) We ourselves use the respective statistical evaluations that the social network makes available to us. We are currently unable to shut this down or modify it. We collect the following data as a result:
a) Demographic data (gender, age, country, residence, language): This data is collected by us in the context of our paid promotions, in the context of advertised events, and in the context of the static analysis of our fans, subscribers and people reached.
b) Statistical figures on the number of subscribers, reactions to our posts, the range of our posts, fans (people who like our site), access times (days, times), page views, actions on the site (comments, sub-actions, clicks, negative feedback), the performance of our posts and different types of posts (photo, video, etc.), events (tickets sold, people reached, interactions), entertainment and any stories posted.
We receive the evaluations anonymously in each case.
The legal basis for the collection of the above-mentioned data is Art. 6 para. 1 lit. f) DSGVO, so that we can provide our interested parties with events, information, etc. that are of interest to them and so that we know which measures are worthwhile on our part. This enables us to optimise our content. Because these evaluations are carried out anonymously by us and can only be used by the social network on a personal basis (within the framework of its terms of use), we believe that the interests of our fans, subscribers, etc. are protected.
(2) Furthermore, we collect data within the scope of our fans (I like it) or those persons who have commented or shared something. For this purpose, we learn the name (if applicable, the user name of the account), the profile picture, and, in turn, the information made publicly available by these persons. Through the comments, we also learn something about the opinion or the person itself.
The legal basis for the collection of the aforementioned data is Art. 6 para. 1 lit. a) DSGVO. Subscribers, fans, contributors, and commentators give their consent to the collection of data by accepting the terms of use of the respective social network and the contributions based on them (like-my-clicks, share-clicks, comments).
(3) You can also send us messages via the social network. In this case, the personal data transmitted with the message (name/user name; profile picture) will be stored. In this case, you agree that we may also contact you via this communication channel to answer your request. In this context, the data will not be passed on to third parties. The data will be used exclusively for processing the conversation.
The legal basis for the processing of data transmitted in the course of sending a message is Art. 6 para. 1 p.1 lit. f) DSGVO. The legitimate interest lies in the processing of your request. If the message/contact is aimed at the conclusion of a contract, the additional legal basis for processing is Art. 6 para. 1 sentence 1 lit. b) DSGVO.
(4) The statistical and demographic data according to paragraph (1) as well as the messages according to paragraph (3) are collected and processed by us. In addition, these data are processed by the social network and associated partners/companies, etc. (for this, see § 4). The data in accordance with paragraph (2) can be viewed not only by us and the social network and its associated partners/companies but also by all subscribers, fans, contributors, commentators, and other persons who click on our site or surf on the sites of our subscribers, fans, contributors and commentators.
(5) Our fan page on Facebook will also redirect you to our website where you can make purchases. For the data collected and processed there, we refer you to our privacy policy at www.sonnenpark.de. Facebook itself only receives the information that forwarding has taken place. We will not forward any data about the purchase to Facebook.
The legal basis for the collection of data by us regarding the Facebook Shop is Art. 6 para. 1 p. 1 lit. b) DSGVO, as far as it concerns contract negotiations or a contract is concluded.
(6) We regularly post company events. If you have clicked our fan page, we can invite you to events. You as a user can also link and share and comment on events, participate in them or be interested in them. The information can be obtained from the host of the event, i.e. from us, and
a) in the context of public events by all persons on and outside Facebook
(b) in the context of private events by all invited persons
to be seen. The legal basis for the collection of this data is Art. 6 Para. 1 S. 1 lit. a) DSGVO as well as Art. 6 Para. 1 S. 1 lit. f) DSGVO, as far as the communication of participation or interest in an event to us is concerned, as this enables us to better plan the event or to evaluate the interest in the topic of the event, etc. in order to orientate our event marketing in the future. This is also our legitimate interest.
(7) If we have posted offers or discounts, both Facebook and we may collect information about the person who saved the offer or discount as interesting. You will then receive a notification from Facebook before the offer expires. The legal basis for the collection of this data is Art. 6 para. 1 sentence 1 lit. a) DSGVO.
(8) Information about our job advertisements:
a) We publish job ads on our fan page. You can apply accordingly by e-mail or via the websitewww.mycrew-sonnenpark.de. If you apply via the websitewww.mycrew-sonnenpark.de, we refer to the data protection declaration mentioned there.
b) If you apply to us, we process the information we receive from you in the course of the application process, i.e. information from the
- Letter of application
- Curriculum vitae
- Photo
- Certificates
- Correspondence
If you apply via e-mail, we will additionally process
- E-mail address
- If necessary, further information, which is transmitted via e-mail
We do not carry out research about you on the Internet (so-called background checks).
c) If you send us a photograph of yourself, information on your racial or ethnic origin may be derived from it. We would like to point out that we do not have the photos explicitly examined with regard to such information, biometric data, or health data, but that sometimes clues can only be obtained by looking at the picture.
d) Your data will initially be processed exclusively for the purpose of carrying out the application procedure. If your application is successful, the data will become part of the personnel file and can be used to carry out and terminate the employment relationship. If we are currently unable to offer you employment, we will process your data in order to defend ourselves against possible legal claims, in particular, due to an alleged disadvantage in the application procedure. The legal basis for data processing is therefore Art. 6 Para. 1 letter b) DSGVO, insofar as the data processing serves to decide on the establishment of an employment relationship and insofar as the data are then included in the employment relationship. If the storage serves to secure claims, the legal basis is Art. 6 para. 1 lit. f) DSGVO. A legitimate interest here is the receipt of evidence documents for possible defense. We process information and documents which are not required for the above-mentioned purposes on the basis of your implied consent in accordance with Art. 6 Para. 1 lit. a) DSGVO, which you have given us by sending us.
(9) The statistical data according to paragraph (1) will be deleted after 7 days (actions on the site, page views) or after 2 months. The other data according to paragraph (2) will be irrevocably removed when our site is deleted or temporarily removed when deactivated. The data from the message according to paragraph (3) will be deleted when the respective conversation is finished. However, if the conversation is aimed at the conclusion of a contract, the data will be deleted after the legal retention periods; these are usually 10 years.
We store the data required for the successful application and for the employment relationship until the end of the employment relationship and for up to 3 years thereafter. We will continue to process the data relating to an application for which we had to decide to reject it for a period of 6 months after the rejection has been sent in order to protect our legitimate interests. If we are called upon in the course of a process, we will store the data until the process is completed. This also applies accordingly to data received voluntarily.
(10) As already communicated, the statistical data is collected without any possibility of us currently being able to opt out. For this reason, we cannot comply with your right of objection for technical reasons. We, therefore, ask you to contact the social network directly at the addresses mentioned in § 1. There is a possibility of revocation of the messages according to paragraph (3), as far as the message does not serve the preparation or execution of a contract. Please note that in this case the request may not be processed. You can also delete your connections to us by deactivating the Like-Buttons again. If we receive a revocation and we have the possibility to delete your data (e.g. comments on our pinboard, application documents, etc.), we will take the necessary steps to do so. This revocation does not affect the legality of the processing of your data that has taken place on the basis of your consent until a possible revocation.
2.2 Pinterest
(1) We ourselves use the respective statistical evaluations that the social network makes available to us. We are currently not able to turn this off or modify it. We collect the following data as a result:
- Number of impressions, each related to pins and the profile
- Number of viewers, each related to pins and the profile
- Number of pins remembered
- Number of clicks
- Concerning my target group: information about country, area, language, gender, interests, brands
We receive the evaluations anonymously in each case. The legal basis for the collection of the above-mentioned data is section 6 paragraph 1 lit. f) DSGVO, so that we know which pins are worthwhile for us. This enables us to optimise our content. Because these evaluations are carried out anonymously by us and can only be used by the social network on a personal basis (within the framework of their terms of use), we believe that the interests of our users are protected.
(2) Furthermore, we collect data from people who comment, share, or follow our profile. For this purpose, we learn the name (or the user name) and can access the profile of the person with all associated data. Through the comments, we also learn something about the opinion or the person himself. The legal basis for the collection of the aforementioned data is Art. 6 para. 1 lit. a) DSGVO. The consent to the collection is given by the followers, contribution dividers, and commentators by accepting the terms of use of the respective social network and the contributions based on them.
(3) Furthermore, you can send us news via the social network. In this case, the personal data transmitted with the message (name/user name) will be stored. In this case, you agree that we may also contact you via this communication channel to answer your request. In this context, the data will not be passed on to third parties. The data will be used exclusively for processing the conversation. The legal basis for the processing of data transmitted in the course of sending a message is section 6 paragraph 1 p.1 lit. f) DSGVO. The legitimate interest lies in the processing of your request. If the message/contact is aimed at the conclusion of a contract, the additional legal basis for processing is section 6 paragraph 1 sentence 1 lit. b) DSGVO.
(4) If we operate a secret bulletin board together with users, the activities of all participating users on this secret bulletin board are processed by us. The legal basis for the collection of the aforementioned data is Art. 6 Para. 1 lit. a) DSGVO. The consent to the collection is given by the followers, contributors, and commentators by accepting the terms of use of the respective social network and the contributions based on them.
(5) The statistical data according to paragraphs (1), (4), as well as the news according to paragraph (3), are collected and processed by us. In addition, these data are processed by the social network and associated partners/companies, etc. (see § 4). The data in accordance with paragraph (2) can be viewed not only by us and the social network and its associated partners/companies but also by all followers, contributors, commentators, and other persons who click on our site or surf on the pages of our followers, contributors and commentators.
(6) The statistical data according to paragraph (1) will be deleted after 30 days. The data according to paragraph (2), (4) will be removed when the pin is deleted. The data from the message according to paragraph (3) are deleted when the respective conversation is finished. However, if the conversation is aimed at the conclusion of a contract, the data will be deleted after the legal retention period; this is usually 10 years.
(7) As already communicated, the statistical data is collected without any possibility of opting out by us at this time. For this reason, we cannot comply with your right of objection for technical reasons. We, therefore, ask you to contact the social network directly at the addresses mentioned in § 1. There is a possibility of revocation of the messages according to paragraph (3), as far as the message does not serve the preparation or execution of a contract. Please note that in this case the request may not be processed. The legality of the processing of your data based on your consent up to a possible revocation is not affected by the revocation.
Section 3 Rights of the data subject against us
(1) In the following we would like to point out your rights. Please note that we can unfortunately only provide limited information because the data collected by the social network is received by us in anonymized form, i.e. we only collect anonymized data in this sense. Therefore we cannot assign a request to a person. However, the social network has not yet taken any implementation measures, so that we can currently only advise you to assert the following rights against the social network. Facebook Ireland Ltd. has assumed the primary responsibility for the processing of the Insights data in accordance with § 2 paragraph 1 and has assured to fulfill all obligations regarding the processing of the data, in particular the rights of the persons concerned. However, we can assign your identity and guarantee your rights to the extent that we collect your data directly, e.g. due to an inquiry, like, etc.
(2) You have the right to request information about the personal data stored about you (Art. 15 DS-GVO) at any time. This also applies to the recipients or categories of recipients to whom this data is passed on and the purpose of the storage. In addition, you have the right to demand correction under the conditions of section 16 DS-GVO and/or deletion under the conditions of section 17 DS-GVO and/or restriction of processing under the conditions of section 18 DS-GVO. Furthermore, you can request data transmission at any time under the conditions of section 20 DS-GVO. For more detailed information, please refer to the full text of the DS-GVO.
(3) If personal data are processed to perform tasks in the public interest (section 6 (1) sentence 1 lit. e DS-GVO) or to protect legitimate interests (section 6 (1) sentence 1 lit. f DS-GVO), you can object to the processing of your personal data at any time with effect for the future. In the event of such an objection, any further processing of your data for the above-mentioned purposes must be omitted, unless
(a) there are compelling legitimate reasons for the processing which override your interests, rights, and freedoms; or
(b) processing is necessary for the purpose of pursuing, exercising, or defending legal claims.
(4) All requests for information, requests for disclosure, revocations, or objections to data processing should be addressed by e-mail to our data protection officer at the address stated in section 1, paragraph 2, or to the address stated in section 1, paragraph 1. You also have the possibility of complaining to the responsible supervisory authority about data protection issues. The authority responsible for us is the Hessian Commissioner for Data Protection and Freedom of Information, Gustav-Stresemann-Ring 1, 65189 Wiesbaden, www.datenschutz-hessen.de.
(5) Regarding Facebook, we will forward your request with the name and e-mail address of the requesting person to Facebook Ireland Ltd. who will assist us in answering or implementing the request.
Section 4 Processing of data by the social network
(1) The social network collects various information from you, which we cannot present below. We, therefore, refer to the data and the purposes for which the data is collected, as well as the recipients of this data, to the privacy policy of the respective network.
a) Facebook: Further information on data protection is available at https://www.facebook.com/policy.php.
b) Instagram: For more information on data protection, please visit http://instagram.com/about/legal/privacy/.
c) Pinterest: For more information on data protection, please visit https://policy.pinterest.com/de/privacy-policy.
(2) Data will also be passed on to partners and companies in third countries.
(3) The user's data will be stored until the account is deleted or as required to provide the services of the social network - whichever comes first. However, only the content that the user has posted or made himself will be deleted, but not the content that others provide via the user. If data is the subject of an inquiry or a legal obligation, official investigation, etc., the data may be stored for a longer period of time, but at most until its completion. To prevent abuse, the social network also stores information about accounts that have been deactivated due to violations of the terms of use for at least 1 year.
If the data serves the fulfillment of a contract, the data will be stored according to the legal requirements (at least 10 years) due to tax, commercial, or other storage obligations. Data from address uploads of users, which are used for the purpose of inviting non-users, will be deleted as soon as the non-user rejects the invitation.
(4) You can revoke your consent to the processing of certain data in the social networks by making the appropriate settings or object to this. For this purpose, however, we refer you to the corresponding providers:
a) Facebook: Settings and objections to the use of data for advertising purposes are possible within the profile settings at https://www.facebook.com/settings?tap=ads.
b) Instagram: Settings and objections to data used for advertising purposes are possible within the profile settings at https://help.instagram.com/116024195217477/?helpref=hc_fnav&bc[0]=36839....
c) Pinterest: Settings and objections to the use of data for advertising purposes are possible within the profile settings athttps://www.pinterest.com/settings/.
Section 5 Rights of the data subject against the social network
(1) You have the right to request information about the personal data stored about you (Art. 15 DS-GVO) at any time. This also applies to the recipients or categories of recipients to whom this data is passed on and the purpose of the storage. In addition, you have the right to demand correction under the conditions of Art. 16 DS-GVO and/or deletion under the conditions of Art. 17 DS-GVO and/or restriction of processing under the conditions of Art. 18 DS-GVO. Furthermore, you can request data transmission at any time under the conditions of Art. 20 DS-GVO. For more detailed information, please refer to the full text of the DS-GVO.
(2) If personal data are processed to perform tasks in the public interest (Art. 6 (1) sentence 1 lit. e DS-GVO) or to protect legitimate interests (Art. 6 (1) sentence 1 lit. f DS-GVO), you can object to the processing of your personal data at any time with effect for the future. In the event of such an objection, any further processing of your data for the aforementioned purposes must be omitted, unless
(a) there are compelling legitimate reasons for the processing which override your interests, rights, and freedoms; or
(b) processing is necessary for the purpose of pursuing, exercising, or defending legal claims.
(3) All requests for information, requests for disclosure, revocations, or objections to data processing should be sent by e-mail to the addresses listed under section 1. You also have the possibility to complain to the responsible supervisory authority about data protection issues. These are also - if known - mentioned under section 1.
Section 6 Amendments to the privacy policy
We reserve the right to modify our privacy practices and this policy to reflect changes in relevant laws or regulations, as appropriate, or to better meet your needs. Any changes to our privacy practices will be posted here accordingly. Please note the current version date of the Privacy Policy.