Privacy policy according to GDPR

Familotel Sonnenpark

The protection of personal data is an important concern for us. Therefore, the processing of personal data is carried out in accordance with the applicable European and national laws.

You can of course revoke your declaration(s) of consent at any time with effect for the future. Please contact the person responsible according to Section 1.

The following declaration provides an overview of the type of data collected, the way in which this data is used and passed on, the security measures we take to protect your data and the way in which you can obtain information about the data given to us.

Legal basis for the processing of personal data
Insofar as we obtain the consent of the data subject for processing of personal data, GDPR 6, paragraph 1, sentence 1 lit. a) of the EU General Data Protection Regulation (GDPR)) serves as the legal basis. When processing personal data which is necessary for the performance of a contract to which the data subject is a party, GDPR 6 (1) sentence 1 lit. b) of the GDPR serves as the legal basis. This also applies to processing operations which are necessary for the implementation of pre-contractual measures. Insofar as processing of personal data is necessary to fulfil a legal obligation to which we are subject, GDPR 6, paragraph 1, sentence 1 lit. c) GDPR serves as the legal basis. If the processing is necessary to safeguard a legitimate interest of our company or of a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest, GDPR 6, paragraph 1, sentence 1 lit. f) GDPR serves as the legal basis for the processing.

Data erasure and storage period
The personal data of the person concerned will be deleted or blocked as soon as the purpose of the storage is no longer applicable. Furthermore, data may be stored if this has been provided for by the European or national legislator in Union regulations, laws or other regulations to which we are subject. Data will also be blocked or deleted if a storage period prescribed by the standards referred to above expires, unless there is a need to continue storing the data for the purpose of concluding or fulfilling a contract.

 

1 The responsible person and the data protection officer

(1) Name and address of the person responsible
The responsible person in terms of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is:

Sonnenpark Hotel GmbH & Co. KG
Sonnenweg 4a
34508 Willingen (Upland)
Germany
Phone: +49 (0) 5632 - 4080
Fax: +49 (0) 5632 – 69599

e-mail: info@sonnenpark.de
Website: www.sonnenpark.de

(2) Name and address of the data protection officer
The data protection officer of the controller is:

Dieter Grohmann
Akwiso Datenschutz & Audit
Beethovenstraße 23
87435 Kempten
Germany
Phone: +49 (0) 831 / 5124-7030
E-mail: info@akwiso.de
Website: www.akwiso.de


2 Definitions

The privacy policy is based on the terms used by the European legislator when the EU General Data Protection Regulation (hereinafter referred to as: "GDPR") was adopted. The privacy policy should be easy to read and understand. To ensure this, the most important terms are explained below:

a) Personal data is any information relating to an identified or identifiable natural person (hereinafter referred to as "data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, on-line identification, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

(b) Data subject means any identified or identifiable natural person whose personal data are processed by the controller.

(c) Processing means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, sorting, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

(d) Profiling means any automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating to the performance of work, economic situation, health, personal preferences, interests, reliability, conduct, location or movement of that natural person

(e) Pseudonymisation is the processing of personal data in such a way that the personal data cannot be attributed to a specific data subject without the use of additional information, provided that this additional information is kept separately and is subject to technical and organisational measures which ensure that the personal data is not attributed to an identified or identifiable natural person.

(f) Controller shall mean the natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data. If the purposes and means of such processing are determined by Union law or by the law of the Member States, the controller or the specific criteria for his nomination may be provided for by Union law or by the law of the Member States.

(g) Processor means any natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

(h) Recipient means any natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether a third party or not However, authorities which may receive personal data in the context of a specific investigation mandate under Union or national law shall not be considered as recipients.

(i) Third party means any natural or legal person, public authority, agency or body other than the data subject, the controller, the processor and the persons who, under the direct authority of the controller or the processor, are authorized to process the personal data

j) Consent shall mean any freely given and informed unequivocal expression of the data subject's wishes in the specific case, in the form of a statement or any other unequivocal affirmative act by which the data subject signifies his or her consent to the processing of personal data relating to him or her.

 

3 Provision of the website and creation of log files

(1) In the case of purely informational use of the website, i.e. if you do not register or provide us with information in any other way, we automatically collect the following data and information from the computer system of the calling computer each time the website is called up:

a) The IP address and host name of the user
b) Time of access
c) Browser used by the visitor
d) The operating system used by the visitor
e) The link or URL of origin
f) Search engine used, including keywords used
g) Retention period
h) Number of sites viewed
i) Last opened site before leaving the website
 
The data is also stored in the log files of our system. These data are not stored together with other personal data of the user.
 
(2) The legal basis for the temporary storage of log files is GDPR 6, paragraph 1, sentence f) GDPR.
 
(3) Temporary storage of the IP address by the system is necessary in order
 
a) to enable the website to be delivered to the user's computer. For this purpose, the user's IP address must be stored for the duration of the session.
b) to optimise the contents of our website and the advertising for it
c) to ensure the functionality of our information technology systems and the technology of our website
d) to provide law enforcement authorities with information necessary for law enforcement purposes in the event of a cyber attack
 
The storage in log files is done to ensure the functionality of the website. In addition, the data is used to optimise the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.
These purposes also include our legitimate interest in data processing in accordance with GDPR 6, paragraph 1, sentence 1 lit. f) GDPR.

(4) The data will be deleted as soon as they are no longer required for the purpose of their collection - in this case at the end of the usage process. In the case of storage of the data in log files, this is the case after seven days at the latest. Storage beyond this period is possible. In this case, the IP addresses are deleted or made anonymous, so that an assignment of the calling client is no longer possible.

(5) The collection of data for the provision of the website and the storage of the data in log files is mandatory for the operation of the website, which is why there is no possibility of objection.

 

4 Use of cookies

(1) This website uses so-called cookies. Below you will find a list of cookies with a description of which ones are used. Cookies are small text files which, as soon as you visit a website, are sent from a web server to your browser and stored locally on your end device (PC, notebook, tablet, smartphone, etc.) and are stored on your computer and provide the user (i.e. us) with certain information. Cookies are used to make the website more customer-friendly and safer, particularly to collect usage-related information, such as frequency of use and number of users of the sites as well as the behaviour of the site usage. Cookies do not cause any damage to the computer and do not contain viruses. This cookie contains a characteristic string of characters (so-called Cookie-ID), which enables a clear identification of the browser when the website is called up again.

 (2) Cookies remain stored even if the browser session is terminated and can be called up again when the site is visited again. However, cookies are stored on your computer and transmitted from there to our site. Therefore, you have full control over the use of cookies. If you do not wish data to be collected via cookies, you can set your browser via the menu under "Settings" so that you are informed about the setting of cookies or you can generally exclude the setting of cookies or delete cookies individually. Please note, however, that if you deactivate cookies, the functionality of this website may be limited. As far as session cookies are concerned, they will be deleted automatically after leaving the website.

5 Newsletter

(1) With your consent you can subscribe to our free newsletter, with which we inform you about our current interesting offers. The advertised goods and services are named in the declaration of consent.
For the registration to our newsletter we use the so-called double-opt-in procedure. This means that after your registration we will send you an e-mail to the specified e-mail address in which we ask you to confirm that you wish to receive the newsletter. If you do not confirm your registration within 30 days, your information will be blocked and automatically deleted. In addition, we store your IP address and the time of registration and confirmation. The purpose of this procedure is to be able to prove your registration and, if necessary, to clarify any possible misuse of your personal data.
Your e-mail address is the only mandatory information for sending the newsletter. The provision of further data such as title, first name, surname is voluntary and is used to address you personally. The data will be used exclusively for sending the newsletter.

 

(2) The legal basis for the processing of the data after registration for the newsletter by the user is, if consent has been given, GDPR 6, paragraph 1, sentence 1 lit. a) GDPR.

(3) The collection of the user's e-mail address is used to send the newsletter. The collection of other personal data in the course of the registration process serves to prevent misuse of the services or the e-mail address used.

(4) The data will be deleted as soon as they are no longer required for the purpose of their collection. Your e-mail address will therefore be stored as long as the subscription to the newsletter is active. The other personal data collected during the registration process are usually deleted after a period of seven days.

(5) You can cancel the receipt of our newsletters at any time and thus revoke your consent by clicking on the link "Unsubscribe newsletter" in our newsletter subscriber or by sending us an e-mail to info@sonnenpark.de or a message to the contact data given in the imprint. This also allows you to revoke your consent to the storage of personal data collected during the registration process.  

6 E-Commerce

(1) If you want to order in our web shop it is necessary for the conclusion of the contract that you provide your personal data that we need to process your order. Mandatory data required for the processing of contracts are marked separately, further information is voluntary. The data will be entered into an input mask, transmitted to us and stored. The following data are collected within the framework of the web shop:

- Name
- Address
- Names and dates of birth of all persons travelling with you
- Arrival and departure date
- Booked room/service
- E-mail address
- IP address
- Date and time of the order

The data will only be passed on to third parties if the transfer is necessary for the purpose of processing the contract, or for invoicing purposes, or for the collection of the fee, or if you have expressly consented. In this regard, we only pass on the data required in each case. The data recipients are

- Collection companies, as far as the payment has to be collected (disclosure of name, address, order details)'.

- Credit inquiry agencies for checking creditworthiness (passing on name, address, date of birth etc.). In this case, the information is only passed on if we make advance payments for orders (e.g. purchase on account).

- The bank to collect the payment if the payment is made by direct debit

(2) The legal basis is GDPR 6(1)(b) of the GDPR. Regarding voluntary data, the legal basis for the processing of data is GDPR 6, paragraph 1, sentence 1 lit. a) GDPR.

(3) The compulsory data collected is necessary for the performance of the contract with the user (for the purpose of sending the goods and confirming the content of the contract). We therefore use the data to answer your enquiries, to process your order, to check creditworthiness or to recover a debt, if necessary, and for the purpose of technical administration of the websites. The voluntary information is provided to prevent misuse and, if necessary, to clarify criminal offences. We may also process the data you provide in order to inform you about other interesting products from our portfolio or to send you e-mails with technical information.

(4) The data will be deleted as soon as they are no longer required for the purpose of their collection. Due to commercial and tax law requirements, we are obliged to store your address, payment and order data for a period of ten years after execution of the contract. However, after two years we will restrict the processing, i.e. your data will only be used to comply with the legal obligations. If there is a continuing obligation between us and the user, we store the data for the entire term of the contract and for ten years thereafter (see above). With regard to data provided voluntarily, we will delete the data at the end of two years after the execution of the contract, provided that no further contract is concluded with the user during this period; in this case, the data will be deleted at the end of two years after the execution of the last contract.

(5) If the data is required for the fulfilment of a contract or for the implementation of pre-contractual measures, an early deletion of the data is only possible if there are no contractual or legal obligations preventing a deletion.

Otherwise, you are free to have the personal data provided during registration completely deleted from the data stock of the data controller. Upon request, the data controller will provide you at any time with information about the personal data stored about you. Furthermore, the data controller corrects or deletes personal data at the request or notice of the data subject if this does not conflict with any statutory storage obligations. You can contact the data controller or the data protection officer pursuant to section 1 at any time by e-mail or by post and request the deletion or modification of the data.

 

7 Transfer of personal data to third parties

1. Integration of YouTube videos
(1) We have integrated YouTube videos into our online offer, which are stored at http://www.YouTube.com and can be played directly from our website. These are all integrated in "extended data protection mode", i.e. no data about you as a user is transferred to YouTube if you do not play the videos. Only when you play the videos will the data mentioned in paragraph 2 be transferred. We have no influence on this data transfer. By visiting the website, YouTube receives the information that you have accessed the corresponding subsite of our website.

The following data are transmitted

- Device-specific information, such as the hardware used; the version of the operating system; unique device ID and information about the mobile network, including your telephone number.

- Log data in the form of server logs. This includes, but is not limited to, details of how the services were used, such as search queries; IP address; hardware settings; browser type; browser language; date and time of your query; originating site; cookies that uniquely identify your browser or Google Account

- Location related information. Google may collect information about your actual location. This may include your IP address, your wireless access points or cell phone towers

- Further information about the data collected by Google, INC can be found under the following link: https://policies.google.com/privacy?hl=de&gl=de

This is done regardless of whether YouTube provides a user account that you are logged in with or no user account exists. If you are logged in to Google, your information will be associated directly with your account.

(2) The legal basis for the processing of users' personal data is GDPR 6, paragraph 1, sentence 1 lit. f) GDPR. Google also processes your personal data in the USA and has submitted to the EU-US Privacy-Shield, https://www.privacyshield.gov/EU-US-Framework.

(3) The integration of the videos serves to make the website more descriptive for the user, to increase the search engine ranking of the website on Google and to refer more specifically to our own videos. YouTube stores your data as user profiles and uses them for purposes of advertising, market research and/or demand-oriented design of its website. Such an evaluation is carried out particularly (even for users who are not logged in) for the purpose of providing need-based advertising and to inform other users of the social network about your activities on our website.

(4) If you do not wish to be assigned with your profile on YouTube, you must log out before activating the button.

(5) You have a right of objection to the creation of these user profiles; you must contact YouTube to exercise this right.

(6) For further information on the purpose and scope of data collection and its processing by YouTube, please refer to the privacy policy. There you will also find further information on your rights and setting options to protect your privacy: https://www.google.de/intl/de/policies/privacy.

2. Links to external websites
This website contains links to external sites. We are responsible for our own content. We have no influence on the contents of external links and are therefore not responsible for them; we do not adopt their contents as our own. If you are directed to an external site, the privacy policy provided there applies. If you notice any illegal activities or contents on this site, you are welcome to point this out to us. In this case we will check the content and react accordingly (notice and take down procedure) 

3. Hedging of credit risk
In the event of a credit risk (name, address, e-mail address, details of the company and, if applicable, contractual and receivables data), we will transfer your data to IHD Gesellschaft für Kredit und Forderungsmanagement mbH, Augustinusstr. 11 B, 50226 Frechen, Germany, and, if applicable, to other cooperating credit agencies for the purpose of credit assessment and to check whether the address given can be delivered and for the purpose of debt collection processing. The legal basis for this transmission is GDPR 6 I b GDPR and GDPR 6 I f GDPR. Transmissions on the basis of GDPR 6 I f GDPR may only be made if this is necessary to safeguard the legitimate interests of our company and does not outweigh the interests or fundamental rights and freedoms of the person concerned, which require the protection of personal data.

Detailed information on our contractual partner, the IHD, in the sense of GDPR 14 GDPR, i.e. the business purpose, the purpose of data storage there, the legal basis, the data recipients of the IHD, the right of self-disclosure and the right to deletion and correction as well as profiling can be found at www.ihd.de/datenschutz/Artikel14.html.

The information on their contractual partners in the credit agency sector can be found at: www.ihd.de/datenschutz#vertragspartner

4.   Weitere Dienstleister

List of the services commissioned (scope, type, purpose of the collection, processing, use of data, type of data, circle of those affected)

Scope, type, purpose of the collection, processing, use of data

Delivery of advertising banners on selected publisher websites for display to site visitors who belong to the target group (targeting). The site visitors are identified by means of a cookie ID and assigned to the respective target group with the help of the user information stored for this purpose, if applicable. This controls how often a specific advertising banner is displayed to a specific site visitor (frequency capping). / Delivery of advertising banners on selected publisher websites for display to site visitors who have previously visited a website of the client (retargeting).

Data types

Cookie ID as well as further user information (if known or validly estimable e.g. age, gender, etc.), location data, postcode, profession, hobbies, interests, information on surfing behaviour (e.g. use of social media, apps or websites, etc.). / Frequency Capping (frequency with which a specific advertising banner is displayed to the site visitor) / information on the use of the client's websites.

Circle of persons affected

Visitors to the publisher's websites / Visitors to the client's websites (retargeting)

 

List of subcontractors including processing sites 

Subcontractors (including legal form)

Processing site

Type of services

AdForm Germany GmbH

Frankfurt (DE)

Digital Media & Advertising Technologie (AdServer, DMP, DSP)

Facebook Ireland Ltd.

Dublin (IE)

Digital Media & Advertising Technologie

ad agencyservcies GmbH

Düsseldorf (DE)

Operation and maintenance of internal servers, clients and network

Amazon EU S.à r.l.

Frankfurt (DE), Paris (FR), London (UK), Dublin (IE)

Storage, computing power (server, cloud storage)

Microsoft Inc. 

Amsterdam (NL), Dublin (IE)

Provision of Office programs and services, e-mail (Exchange/Outlook) and cloud storage (One Drive); (e-mail, sharepoint, cloud storage)

Proofpoint Inc. 

Frankfurt (DE), Amsterdam (NL)

SaaS in the area of email security, archiving and storage (file sharing platform)

The following opt-out links are available:

Adform: https://site.adform.com/datenschutz-opt-out/​
Facebook: http://de-de.facebook.com/privacy/explanation.php 

 

8 Contact / Inquiry / Catalogue form and e-mail contact

(1) On our website there are contact forms which can be used for electronic contact. If you use this option, the data entered in the input mask will be transmitted to us and stored. These are the following data on all forms at the time of sending:

- IP address of the user
- Date and time of registration

Further details can be found in the contact form: 

- First name
- Cash on delivery
- email address 

Further details can be found in the inquiry form:

- First name
- Cash on delivery
- email address
- Arrival/departure date
- Number of adults, number and age of children 

Further details can be found in the catalogue form:

- First name
- Cash on delivery
- Mailing address

For the processing of the data, your consent will be obtained during the sending process and reference will be made to this privacy policy. Alternatively, it is possible to contact us via the provided e-mail address. In this case the personal data transmitted with the e-mail will be stored. As far as this involves information on communication channels (e.g. e-mail address, telephone number), you also agree that we may contact you via this communication channel in order to answer your request. In this context, the data will not be passed on to third parties. The data will be used exclusively for processing the conversation.

(2) The legal basis for the processing of the data is GDPR 6, paragraph 1, sentence lit. a) GDPR if the user has given his consent. The legal basis for the processing of data transmitted in the course of sending an e-mail is GDPR 6, paragraph 1, sentence 1 lit. f) GDPR. If the e-mail contact is aimed at the conclusion of a contract, the additional legal basis for processing is GDPR 6, paragraph 1, sentence 1 lit. b) GDPR.

(3) The processing of the personal data from the input mask serves us solely to process the contact. We will of course use the data from your e-mail enquiries exclusively for the purpose provided by you when contacting us. If you contact us by e-mail, the necessary legitimate interest in the processing of the data is also based on the reply. The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.

(4) The data will be deleted as soon as they are no longer required for the purpose of their collection. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is terminated when it can be concluded from the circumstances that the matter in question has been finally clarified.  The personal data additionally collected during the sending process will be deleted after a period of seven days at the latest.

(5) You have the possibility to revoke your consent to the processing of personal data at any time. If you contact us by e-mail, you can object to the storage of his personal data at any time. In such a case the conversation cannot be continued. Regarding the revocation of the consent / objection to the storage, we ask you to contact the person responsible or the data protection officer according to section 1 via e-mail or by post. All personal data stored in the course of the contact will be deleted in this case.

 

9 Web analysis by Google Analytics (with pseudonymisation)

(1) We use on our website the service of Google Inc. (Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA) to analyse the surfing behaviour of our users. The software sets a cookie on your computer (for cookies see above). If individual sites of our website are called up, the following data is stored:

a) Two bytes of the IP address of the calling system of the user
b) The web site consulted
c) Entry sites, exit sites,
d) The length of time spent on the website and the abort rate
e) The frequency of access to the website
f) Country and regional origin, language, browser, operating system, screen resolution, use of Flash or Java
g) Search engines used and keywords used

The information generated by the cookie about the use of this website by the user is usually transferred to a Google server in the USA and stored there.

This website uses Google Analytics with the extension "_anonymizeIp()". The software is set so that IP addresses are not stored completely, but only in shortened form. In this way, it is no longer possible to assign the shortened IP address to the calling computer. Only in exceptional cases is the full IP address transferred to a Google server in the USA and shortened there. However, the IP address transmitted by your browser within the scope of Google Analytics is not merged with other Google data.

(2) The legal basis for the processing of personal data is Article 6, paragraph 1 sentence 1 lit. f) GDPR. For the exceptional cases in which personal data is transferred to the USA, Google has subjected itself to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

(3) On our behalf, Google will use this information to evaluate your use of the website and to compile reports on website activity. The evaluation of the data obtained allows us to compile information on the use of the individual components of our website. This helps us to constantly improve our website and its user-friendliness. These purposes also include our legitimate interest in processing the data in accordance with GDPR 6, paragraph 1 lit. f) GDPR. By making the IP address anonymous, the interest of the users in their protection of personal data is sufficiently considered.

(4) The data is deleted as soon as it is no longer required for our recording purposes. In our case this is after 48 months.

(5) The cookies used are stored on your computer and transmitted from there to our site. If you do not agree with the collection and evaluation of the usage data, you can prevent this by adjusting your browser software accordingly, by deactivating or restricting the use of cookies. Cookies already stored can be deleted at any time. In this case, however, it is possible that you may not be able to use all the functions of this website to their full extent.

You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plugin available under the following link The current link is: "http://tools.google.com/dlsite/gaoptout?hl=de."

(6) Third party provider is Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. For further information, please refer to the User Terms and Conditions at http://www.google.com/analytics/terms/de.html, the privacy policy overview at http://www.google.com/intl/de/analytics/learn/privacy.html and the privacy policy at http://www.google.de/intl/de/policies/privacy.

 

10 Use of Google Web Fonts

(1) This site uses so-called web fonts provided by Google for the uniform display of fonts. When you call up a site, your browser loads the required web fonts into your browser cache in order to display text and fonts correctly. When you visit our website, your browser sends requests to the Google server. The following data is logged by Google:

a.    IP address
b.    Browser information (name, version)
c.    Website
d.    Operating system of the user
e.    Screen resolution of the user
f.     Language settings of the user's browser or operating system
g.    Font file

This happens regardless of whether Google provides a user account through which you are logged in or whether no user account exists. If you are logged in at Google, your data will be assigned directly to your account. The use of Google Web Fonts is in the interest of a uniform and attractive presentation of our online offers. This represents a legitimate interest within the meaning of GDPR 6, paragraph 1, sentence 1 lit. f GDPR.

(2) The legal basis for the processing of personal data is GDPR 6, paragraph 1 lit. p.1 f) GDPR. Google also processes your personal data in the USA and has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

(3) Google stores your data as user profiles and uses them for the purposes of advertising, market research and/or demand-oriented design of its website. Such an evaluation is carried out particularly (even for users who are not logged in) for the purpose of providing needs-based advertising and to inform you about your activities on our website.

(4) You have a right of objection to the creation of these user profiles; you must contact Google in order to exercise this right.

(5) Further information on the purpose and scope of data collection and its processing by the plug-in provider can be found in the provider's privacy policies. There you will also find further information on your rights in this regard and setting options for protecting your privacy: http://www.google.de/intl/de/policies/privacy.

 

11 Rights of the data subject

If personal data is processed by you, you are a data subject within the meaning of the GDPR and you are entitled to the following rights in relation to the data controller:

1. Right to information,
2. Right to rectification
3. Right to restrict processing,
4. Right to deletion
5. Right to notification
6. Right to data portability.
7. Right to object
8. Right to revoke consent under data protection law
9. Automated decision in individual cases, including profiling
10. Right to appeal to a supervisory authority 

1. Right to information
(1) You may request confirmation from the data controller as to whether personal data concerning you is being processed by us. If such processing has taken place, you may at any time request from the data controller free of charge information about the personal data stored about you and about the following information:

a) The purposes for which the personal data are processed
b) The categories of personal data which are processed;
c) The recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed;
d) The planned duration of storage of the personal data relating to you or, if it is not possible to give specific details, criteria for determining the duration of storage; © The existence of a right of rectification or erasure of personal data concerning you, a right to have the processing limited by the controller or a right to object to such processing;
f) The existence of a right of appeal to a supervisory authority;
g) Any available information as to the origin of the data where the personal data are not collected from the data subject;
h) The existence of automated decision-making, including profiling in accordance with GDPR 22, paragraphs 1 and 4 DPA and – at least in these cases – meaningful information on the logic involved and the scope and intended consequences of such processing for the data subject.

(2) You have the right to request information as to whether the personal data concerning you are being transferred to a third country or to an international organisation. In this context, you may request to be informed of the appropriate safeguards pursuant to GDPR 46 GDPR in connection with the transfer.

2. Right to rectification
You have the right to obtain from the data controller the rectification and/or integration without delay if the personal data processed concerning you is incorrect or incomplete.

3. Right to restrict processing
(1) You may request the controller to restrict without delay the processing of personal data relating to you under the following conditions:
a) If you dispute the accuracy of the personal data relating to you for a period enabling the controller to verify the accuracy of the personal data
b) If the processing is unlawful and you object to the deletion of the personal data and request instead the restriction of the use of the personal data; © The controller no longer needs the personal data for the purposes of the processing, but you need them in order to assert, exercise or defend legal claims; or
d) If you have lodged an objection to the processing in accordance with GDPR 21, paragraph 1 GDPR and it is not yet clear whether the legitimate reasons of the controller outweigh your reasons.

(2) If the processing of personal data relating to you has been restricted, such data may be processed, with the exception of storage, only with your consent or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person or on grounds of an important public interest of the Union or a Member State. If the restriction on processing has been restricted in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.

4. Right to deletion
(1) You may request the controller to delete the personal data relating to you without delay if one of the following reasons applies:
a) The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed
b) you revoke your consent on which the processing was based pursuant to GDPR 6, paragraph 1 lit. a or GDPR 9, paragraph 2 lit. a GDPR and there is no other legal basis for the processing.
c) You object to the processing pursuant to GDPR 21, paragraph 1 GDPR and there are no overriding legitimate reasons for the processing, or you object to the processing pursuant to GDPR 21, paragraph 2 GDPR.
d) The personal data concerning you have been processed unlawfully.
e) Deletion of the personal data concerning you is necessary to comply with a legal obligation under Union or national law to which the controller is subject.
f) The personal data concerning you have been collected in relation to information society services offered, in accordance with GDPR 8, paragraph 1 of the GDPR.

(2) If the controller has made the personal data concerning you public and is obliged to delete them pursuant to GDPR 17, paragraph 1 GDPR, he shall take reasonable measures, including technical measures, taking into account the available technology and the implementation costs, to inform data controllers who process the personal data that you, as a data subject, have requested them to delete all links to these personal data or copies or replications of these personal data.

(3) The right of deletion shall not apply where the processing is necessary
a) To exercise the right to freedom of expression and information
'b) To comply with a legal obligation requiring processing under Union or national law to which the controller is subject or in the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
c) For reasons of public interest in the field of public health pursuant to GDPR 9, paragraph 2 lit. h and i and GDPR 9, paragraph 3 GDPR;
d) For archival, scientific or historical research purposes in the public interest or for statistical purposes pursuant to GDPR 89, paragraph 1 GDPR, insofar as the right referred to under a) is likely to render impossible or seriously prejudice the attainment of the objectives of such processing, or
e) To assert, exercise or defend legal claims

5. Right to notification
If you have asserted the right to rectification, erasure or limitation of processing vis-à-vis the controller, the controller is obliged to notify all recipients to whom the personal data concerning you have been disclosed of this rectification/deletion/limitation of processing, unless this proves impossible or involves a disproportionate effort. You have the right vis-à-vis the controller to be informed of these recipients.

 6. Right to data portability
1) You have the right to obtain the personal data concerning you which you have provided to the controller in a structured, common and machine-readable format. You also have the right to have this data communicated to another controller without hindrance by the controller to whom the personal data has been made available, provided that
a) the processing is based on a consent pursuant to GDPR 6, paragraph 1 lit. a GDPR or GDPR 9, paragraph 2 lit. a GDPR or on a contract pursuant to GDPR 6, paragraph 1 lit. b GDPR and
b) the processing is carried out by means of automated procedures.

(2) In exercising this right, you shall also have the right to obtain that personal data concerning you be transferred directly from one controller to another controller, in so far as this is technically feasible. The freedoms and rights of other persons may not be affected thereby.

 

(3) The right to data transferability shall not apply to the processing of personal data which is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

(4) In order to exercise the right to data transferability, the data subject may at any time have recourse to the controller.

7. Right to object
(1) You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you which is carried out pursuant to GDPR 6 (1) lit. e or f GDPR; this also applies to profiling based on these provisions.

 

(2) The controller shall no longer process the personal data concerning you unless he can demonstrate compelling legitimate reasons for processing which outweigh your interests, rights and freedoms, or unless the processing is carried out for the purpose of asserting, exercising or defending legal claims.

(3) Where personal data relating to you are processed for the purpose of direct marketing, you shall have the right to object at any time to the processing of personal data relating to you for the purpose of such marketing, including profiling, insofar as it is linked to such direct marketing. If you object to processing for the purposes of direct marketing, the personal data concerning you will no longer be processed for those purposes.

(4) Notwithstanding Directive 2002/58/EC, you may exercise your right to object in relation to the use of information society services by means of automated procedures using technical specifications.

(5) In order to exercise the right to object, the data subject may contact the controller directly.

8. Right to revoke consent under data protection law
You have the right to revoke your declaration of consent regarding data protection at any time. Revocation of your consent does not affect the legality of the processing that has taken place based on your consent until revocation. You can contact the controller about this.

9. Automated decision in individual cases, including profiling
(1) You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects vis-à-vis you or significantly affects you in a similar way. This shall not apply if the decision
a) is necessary for the conclusion or performance of a contract between you and the person responsible
b) is authorised by Union or national law to which the person responsible is subject and that law provides for appropriate measures to safeguard your rights and freedoms and your legitimate interests; or
c) with your express consent.

 

(2) However, such decisions may not be based on special categories of personal data in accordance with GDPR 9, paragraph 1 GDPR, unless GDPR 9, paragraph 2 lit. a or g GDPR applies and appropriate measures have been taken to protect rights and freedoms and your legitimate interests.

(3) With regard to the cases referred to in (1) and (3), the controller shall take appropriate measures to safeguard the rights and freedoms and your legitimate interests, which shall include at least the right to obtain the intervention of a person from the controller, to express his or her point of view and to contest the decision.

(4) If the data subject wishes to exercise rights relating to automated decisions, he or she may at any time consult the controller.

10. Right to appeal to a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State in which you are domiciled, your place of work or the place where the alleged violation occurred, if you consider that the processing of personal data relating to you is in breach of the GDPR. The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under GDPR 78 GDPR.

 

12 Amendments to the Data Protection Directive

We reserve the right to modify our privacy practices and this policy to reflect changes in relevant laws or regulations, as appropriate, or to better meet your needs. Any changes to our privacy practices will be posted here accordingly. Please note the current version date of the privacy policy. 

Social Networks Privacy Policy

 

Privacy Policy Social Networks

We maintain online presences at various social networks and platforms. In the following we would like to inform you about the data collected by them and by us, about their purposes, the legal basis, recipients and your rights.

§ 1 Controllers and data protection officers

Joint controllers in the sense of Article 26 of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations for our social platforms are

Sonnenpark Hotel GmbH & Co. KG
Sonnenweg 4a
34508 Willingen
05632/4080
info@sonnenpark.de
www.sonnenpark.de

The data protection officer is Dieter Grohmann, 0831/5124-7030, info@akwiso.de

as well as the companies named below for the respective network

a) Facebook: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. Regulatory authority is the Data Protection Commission, Canal House, Station Road, Portarlington, R32 AP23 Co. Laois, https://www.dataprotection.ie/docs/Contact-us/b/11.htm. Further information on data protection can be found at https://www.facebook.com/policy.php.

b) Instagram: Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. Regulatory authority is the Data Protection Commission, Canal House, Station Road, Portarlington, R32 AP23 Co. Laois; for more information on data protection, please visit http://instagram.com/about/legal/privacy/.

c) Pinterest: Pinterest Europe Ltd, Palmerston Hpuse, 2nd Floor, Fenian Street, Dublin 2, IRELAND; the Data Protection Commission, Canal House, Station Road, Portarlington, R32 AP23 Co. Laois, https://www.dataprotection.ie/docs/Contact-us/b/11.htm. Further information on data protection can be found at https://policy.pinterest.com/de/privacy-policy.

§ 2 Data collected by us in general

2.1 Facebook / Instagram

(1) We ourselves use the respective statistical evaluations that the social network makes available to us. We are currently unable to turn this off or modify it. We collect the following data as a result:
a) Demographic data (gender, age, country, residence, language): This data is collected by us in the context of our paid promotions, in the context of advertised events and in the context of the static analysis of our fans, subscribers and persons reached.
b) Statistical data on the number of subscribers, reactions to our posts, the range of our posts, fans (people who like our site), access times (days, times), site views, actions on the site (comments, sub-actions, clicks, negative feedback), the performance of our posts and different types of posts (photo, video, etc.), events (tickets sold, people reached, interactions), entertainment and any stories posted. We receive the evaluations anonymously.

The legal basis for the collection of the above-mentioned data is Article 6, paragraph 1 lit. f) GDPR, so that we can provide our interested parties with interesting events, information etc. in a personalised manner and so that we know which measures are worthwhile for us. This enables us to optimise our content. Because these evaluations are carried out anonymously by us and can only be used by the social network on a personal basis (within the framework of its terms of use), we believe that the interests of our fans, subscribers, etc. are protected.

(2) Furthermore, we collect data within the scope of our fans (Like) or those persons who have commented or shared something. For this purpose, we learn the name (if applicable, the username of the account), the profile picture and, in turn, the information publicly provided by the persons. Through the comments we also learn something about the opinion or the person itself.

The legal basis for the collection of the aforementioned data is Article 6, paragraph 1 lit. a) GDPR. Subscribers, fans, contributors and commentators give their consent to the collection by accepting the terms of use of the respective social network and the contributions based on them (like-my-clicks, share-clicks, comments).

(3) You can also send us news via the social network. In this case, the personal data transmitted with the message (name/username; profile picture) will be saved. In this case, you agree that we may also contact you via this communication channel to answer your request. In this context, the data will not be passed on to third parties. The data will be used exclusively for processing the conversation.

The legal basis for the processing of data transmitted in the course of sending a message is Article 6, paragraph 1, sentence 1, lit. f) GDPR. The legitimate interest lies in the processing of your request. If the message/contact is aimed at the conclusion of a contract, the additional legal basis for processing is Article 6, paragraph 1, sentence 1, lit. b) GDPR.

(4) The statistical and demographic data according to paragraph (1) and the messages according to paragraph (3) are collected and processed by us. In addition, these data are processed by the social network and its associated partners/companies etc. (for this, see section 4). The data according to paragraph (2) can be viewed not only by us and the social network and its associated partners/companies, but also by all subscribers, fans, contributors, commentators and other persons who click on our site or surf on sites of our subscribers, fans, contributors and commentators.

(5) Our fan site on Facebook will also redirect you to our website where you can make purchases. For the data collected and processed there, we refer you to our privacy policy at www.sonnenpark.de. Facebook itself only receives the information that a forwarding has taken place. We will not forward any data about the purchase to Facebook.

The legal basis for the collection of data by us regarding the Facebook Shop is Article 6, paragraph 1, sentence 1, lit. b) GDPR, as far as contractual negotiations are concerned or a contract is concluded.

(6) We regularly post company events. If you have licked our fan site, we can invite you to events. You as a user can also link and share and comment on events, participate in them or be interested in them. The information can be obtained from the host of the event, i.e. from us, and
a) in the context of public events by all persons on and outside Facebook
b) in the context of private events by all invited persons to be seen. The legal basis for the collection of this data is Article 6, Paragraph 1, sentence 1, lit. a) GDPR as well as Article 6, paragraph 1, sentence 1, lit. f) GDPR, as far as the communication of participation or interest in an event to us is concerned, as this enables us to better plan the event or to evaluate the interest in the topic of the event etc. in order to orient our event marketing in the future. This is also our legitimate interest.

(7) If we have posted offers or discounts, both Facebook and we can collect information about the person who has saved the offer or discount as interesting. You will then receive a notification from Facebook before the offer expires. The legal basis for the collection of this data is Article 6, paragraph 1, sentence 1, lit. a) GDPR.

(8) Information about our job advertisements:
a) We publish job ads on our fan site. You can apply accordingly by e-mail or via the website www.mycrew-sonnenpark.de. If you apply via the website www.mycrew-sonnenpark.de, we refer to the privacy policy mentioned there.
b) If you apply for a job with us, we process the information we receive from you during the application process, i.e. information from the

- Cover letter
- Curriculum vitae
- Photo
- Certificates
- Correspondence 

If you apply via e-mail, we will additionally process

- e-mail address

- If necessary, further information, which is transmitted via e-mail

We do not carry out research about you on the Internet (so-called background checks).

c) If you send us a photo of yourself, we may be able to derive information about your racial or ethnic origin from it. We would like to point out that we do not have the photos explicitly examined regarding such information, biometric data or health data, but that sometimes clues can only be obtained by looking at the picture.

d) Your data will initially be processed exclusively for the purpose of carrying out the application procedure. If your application is successful, the data will become part of the personnel file and may be used to carry out and terminate the employment relationship. If we are currently unable to offer you employment, we will process your data in order to defend ourselves against possible legal claims, particularly due to an alleged disadvantage in the application procedure. The legal basis for data processing is therefore Article 6, Paragraph 1 lit. b) GDPR, insofar as the data processing serves to decide on the establishment of an employment relationship and insofar as the data are then included in the employment relationship. If the storage serves to secure claims, the legal basis is GDPR 6 Paragraph 1 lit. f) GDPR. A legitimate interest here is the receipt of evidence documents for possible defense. We process information and documents that are not required for the above-mentioned purposes based on your implied consent in accordance with Article 6, paragraph 1, lit. a) GDPR, which you have given us by sending them.

(9) The statistical data according to paragraph (1) will be deleted after 7 days (actions on the site, site views) or after 2 months. The other data in accordance with paragraph (2) will be irrevocably removed when our site is deleted or temporarily removed when deactivated. The data from the message according to paragraph (3) will be deleted when the respective conversation is finished. However, if the conversation is aimed at the conclusion of a contract, the data will be deleted after the legal retention periods; these are usually 10 years.

We store the data required for the successful application and for the employment relationship until the end of the employment relationship and for up to 3 years thereafter. We will continue to process the data relating to an application in respect of which we have had to decide to reject it for a period of 6 months after the rejection has been sent in order to safeguard our legitimate interests. If we are called upon in the course of a process, we store the data until the process is completed. This also applies accordingly to data received voluntarily.

(10) As already communicated, statistical data is collected without any possibility of deselection by us at present. For this reason, we cannot comply with your right of objection for technical reasons. We therefore ask you to contact the social network directly at the addresses listed in section 1. There is a possibility of revocation of the messages according to paragraph (3), unless the message serves the preparation or implementation of a contract. Please note that in this case the request may not be processed. You can also delete your connections to us by deactivating the Like-Buttons again. If we receive a revocation and we have the possibility to delete your data (e.g. comments on our pinboard, application documents etc.), we will take the necessary steps to do so. This revocation does not affect the legality of the processing of your data that has taken place based on your consent until a possible revocation.

2.2 Pinterest

(1) We ourselves use the respective statistical evaluations that the social network makes available to us. We are currently unable to turn this off or modify it. We collect the following data as a result:

- Number of impressions, each related to pins and the profile
- Number of viewers, each related to pins and the profile
- Number of pins remembered
- Number of clicks
- Concerning my target group: information about country, area, language, gender, interests, brands

We receive the evaluations anonymously in each case. The legal basis for the collection of the above-mentioned data is Article 6, paragraph 1, lit. f) GDPR, so that we know which pins are worthwhile for us. This enables us to optimise our content. Because these evaluations are carried out anonymously by us and can only be used by the social network in a personalised manner (within the framework of its terms of use), we believe that the interests of our users are protected.

(2) Furthermore, we collect data from people who comment, share or follow our profile. For this purpose, we learn the name (or username) and can access the profile of the person with all associated data. Through the comments, we also learn something about the opinion or the person himself. The legal basis for the collection of the aforementioned data is Article 6, paragraph 1, lit. a) GDPR. The consent to the collection is given by the followers, contributors and commentators by accepting the terms of use of the respective social network and the contributions based on them.

(3) You can also send us messages via the social network. In this case, the personal data (name/username) transmitted with the message will be stored. In this case, you agree that we may also contact you via this communication channel to answer your request. In this context, the data will not be passed on to third parties. The data will be used exclusively for processing the conversation. The legal basis for the processing of data transmitted in the course of sending a message is Article 6, paragraph 1, sentence 1, lit. f) GDPR. The legitimate interest lies in the processing of your request. If the message/contact is aimed at the conclusion of a contract, the additional legal basis for processing is Article 6, paragraph 1, sentence 1, lit. b) GDPR.

(4) If we operate a secret bulletin board together with users, the activities of all users involved in this secret bulletin board will be processed by us. The legal basis for the collection of the aforementioned data is Article 6, paragraph 1, lit. a) GDPR. The consent to the collection is given by the followers, contribution dividers and commentators by accepting the terms of use of the respective social network and the contributions based on them.

(5) The statistical data according to paragraphs (1), (4) and the news according to paragraph (3) are collected and processed by us. In addition, these data are processed by the social network and associated partners/companies etc. (for this, see section 4). The data according to paragraph (2) can be viewed not only by us and the social network and its associated partners/companies, but also by all followers, contributors, commentators and other persons who click on our site or surf on sites of our followers, contributors and commentators.

(6) The statistical data according to paragraph (1) will be deleted after 30 days. The data according to paragraph (2), (4) will be removed when the pin is deleted. The data from the message according to paragraph (3) are deleted when the respective conversation is finished. However, if the conversation is aimed at the conclusion of a contract, the data will be deleted after the legal retention periods; these are usually 10 years.

(7) As already communicated, the statistical data is collected without any possibility of deselection by us at present. For this reason, we cannot comply with your right of objection for technical reasons. We therefore ask you to contact the social network directly at the addresses listed in section 1. There is a possibility of revocation of the messages according to paragraph (3), unless the message serves the preparation or execution of a contract. Please note that in this case the request may not be processed. The lawfulness of the processing of your data based on your consent up to a possible revocation is not affected by the revocation.

§ 3 Rights of the data subject towards us

(1) In the following we would like to point out your rights. Please note that unfortunately we can only provide limited information, because the data collected by the social network are received by us in an anonymous form, i.e. we only collect anonymous data in this sense. Therefore, we cannot assign a request to a person. However, the social network has not yet taken any implementation measures, so that we can currently only advise you to assert the following rights against the social network. Facebook Ireland Ltd. has assumed the primary responsibility for the processing of the Insights data according to § 2 paragraph 1 and has assured to fulfil all obligations regarding the processing of the data, particularly the rights of the persons concerned. However, we can assign your identity and guarantee your rights to the extent that we collect your data directly, e.g. due to an inquiry, a Like etc.

(2) You have the right to request information about the personal data stored about you (Article 15 GDPR) at any time. This also applies to the recipients or categories of recipients to whom this data is passed on and the purpose of the storage. In addition, you have the right to demand correction under the conditions of Article 16 GDPR and/or deletion under the conditions of Article 17 GDPR and/or restriction of processing under the conditions of Article 18 GDPR. Furthermore, you can request data transmission at any time under the conditions of Article 20 GDPR. For more detailed information, please refer to the full text of the GDPR.

(3) In the case of processing of personal data for the performance of tasks in the public interest (Article 6, (1) sentence 1 lit. e GDPR) or for the performance of legitimate interests (Article 6, (1) sentence 1 lit. f GDPR), you can object to the processing of personal data concerning you at any time with effect for the future. In the event of an objection, any further processing of your data for the above-mentioned purposes must be omitted, unless

(a) there are compelling legitimate reasons for processing which outweigh your interests, rights and freedoms; or
(b) the processing is necessary for the purpose of asserting, exercising or defending legal claims

(4) All requests for information, requests for disclosure, revocations or objections to data processing should be addressed by e-mail to our data protection officer at the address stated under No. 1, paragraph 2 or to the address stated under No. 1, paragraph 1. You also have the possibility to complain to the responsible supervisory authority about data protection issues. The authority responsible for us is the Hessian Commissioner for Data Protection and Freedom of Information, Gustav-Stresemann-Ring 1, 65189 Wiesbaden, www.datenschutz-hessen.de.

(5) Concerning Facebook, we will forward your request with the name and e-mail address of the requesting person to Facebook Ireland Ltd. who will assist us in answering or implementing the request.

§ 4 Processing of data by the social network

(1) The social network collects various information from you, which we cannot present below. We therefore refer to the data and the purposes for which the data is collected, as well as the recipients of this data, to the privacy policy of the respective network.

a) Facebook: Further information on data protection is available at https://www.facebook.com/policy.php.
b) Instagram: For more information about privacy, please visit http://instagram.com/about/legal/privacy/.
c) Pinterest: For more information about privacy, please visit https://policy.pinterest.com/de/privacy-policy.

(2) The social networks cite Article 6, paragraph 1, lit. a) to f) GDPR as the legal basis for the collection of data. For further details see

a) Facebook: https://www.facebook.com/about/privacy/legal_bases.Facebook is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=A..).

b) Instagram: https://www.facebook.com/about/privacy/legal_bases; the provider Facebook is certified under the Privacy-Shield-Agreement and thereby offers a guarantee to comply with the European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=A...).

c) Pinterest: https://policy.pinterest.com/de/privacy-policy; Pinterest is certified under the Privacy-Shield-Agreement and thus offers a guarantee to comply with the European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=A...)

(3) Data is also passed on to partners and companies in third countries.

(4) The user's data will be stored until the account is deleted or as needed to provide the social network services, whichever comes first. However, only the content that the user has posted and made himself will be deleted, but not the content that others provide via the user. If data is the subject of an inquiry or a legal obligation, official investigation, etc., the data may be stored for a longer period, but at most until its completion. To prevent misuse, the social network also stores information about accounts that have been deactivated due to violations of the terms of use for at least 1 year.

If the data serves the fulfillment of a contract, the data will be stored according to the legal requirements (at least 10 years) due to tax, commercial or other storage obligations. Data from address uploads of users, which are used for the purpose of an invitation to non-users, will be deleted as soon as the non-user rejects the invitation.

(5) In the social networks you can revoke or contradict your consent to the processing of certain data by making the appropriate settings. For this purpose, however, we refer you to the corresponding providers:

a) Facebook: Settings and objections to the use of data for advertising purposes are possible within the profile settings at https://www.facebook.com/settings?tap=ads.

b) Instagram: Settings and objections to the use of data for advertising purposes are possible within the profile settings at https://help.instagram.com/116024195217477/?helpref=hc_fnav&bc[0]=368390....

c) Pinterest: Settings and objections to the use of data for advertising purposes are possible within the profile settings at https://www.pinterest.com/settings/.

§ 5 Rights of the person concerned towards the social network

(1) You have the right to request information about the personal data stored about you (Article 15 GDPR) at any time. This also applies to the recipients or categories of recipients to whom this data is disclosed and the purpose of the storage. In addition, you have the right to demand correction under the conditions of Article 16 GDPR and/or deletion under the conditions of Article 17 GDPR and/or restriction of processing under the conditions of Article 18 GDPR. Furthermore, you can request data transmission at any time under the conditions of Article 20 GDPR. For more detailed information, please refer to the full text of the GDPR.

(2) In the case of processing of personal data for the performance of tasks in the public interest (Article 6, (1) sentence 1, lit. e GDPR) or for the performance of legitimate interests (Article 6, (1) sentence 1, lit. f GDPR), you can object to the processing of personal data concerning you at any time with effect for the future. In the event of an objection, any further processing of your data for the above-mentioned purposes must be omitted, unless

(a) there are compelling legitimate reasons for processing which outweigh your interests, rights and freedoms; or

(b) the processing is necessary for the purpose of asserting, exercising or defending legal claims

(3) All requests for information, requests for disclosure, revocations or objections to data processing should be sent by e-mail to the addresses listed under section 1. You also have the possibility to complain to the responsible supervisory authority about data protection issues. These are also - as far as known - mentioned under section 1.

§ 6 Changes to the data protection directive

We reserve the right to modify our privacy practices and this policy to reflect changes in relevant laws or regulations, as appropriate, or to better meet your needs. Any changes to our privacy practices will be posted here accordingly. Please note the current version date of the Privacy Policy.

 

 

360°
PANORAMA
ALL-INCLUSIVE
KATALOG ANFORDERN