General information about the processing of your data
We are legally obliged to inform you about the processing of your personal data (hereinafter referred to as "data") when you use our website. This data protection notice informs you about the details of the processing of your data and your legal rights in this regard. For terms such as "personal data" or "processing", the legal definitions from Art. 4 GDPR are authoritative. We reserve the right to adapt the privacy policy with effect for the future, in particular in the event of further development of the website, the use of new technologies or changes to the legal basis or the corresponding case law. We recommend that you read the privacy policy from time to time and take a printout or copy for your records.
Scope of application
This data protection information applies to all pages of www.living-hotels.com. It does not extend to any linked websites or internet presences of other providers. Insofar as reference is made in this data protection information to the Telecommunications and Digital Services Privacy Protection Act (hereinafter: TDDDG), this applies accordingly to the national laws of other member states with which Art. 5 Para. 3 of the ePrivacy Directive (Directive 2002/58/EC) was implemented.
Controller
Responsible for the processing of personal data within the scope of this privacy policy is
Derag Livinghotels AG + Co KG
Hotel Headquarters
Fraunhoferstraße 2
80469 Munich
Phone: +49 (0)89-23701-250
Email: info@living-hotels.com
Questions about data protection
If you have any questions about data protection with regard to our company or our website, you can contact our data protection officer:
SPIRIT LEGAL Fuhrmann Hense Partnerschaft von Rechtsanwälten
Lawyer and data protection officer
Peter Hense
Postal address:
Data Protection Officer
c/o Derag Living Hotels AG + Co KG
Hotel Headquarters
Fraunhoferstraße 2
80469 Munich
Contact us via the encrypted online form:
Contact data protection officer
If you have any questions regarding our hotels in Vienna (Austria), you can contact our data protection officer appointed for these hotels:
Clever data GmbH
Data Protection Officer: DI Kurt Berthold
Postal address:
c/o Derag Living Hotels AG + Co. KG, Fraunhoferstraße 2, 80469 Munich, Germany
Contact data protection officer
Security
We have taken comprehensive technical and organizational precautions to protect your personal data from unauthorized access, misuse, loss and other external interference. To this end, we regularly review our security measures and adapt them to the state of the art.
Your rights
You have the following rights with regard to the personal data concerning you, which you can assert against us:
- Right to information: You can request information in accordance with Art. 15 GDPR about your personal data that we process.
- Right to rectification: If the information concerning you is not (or no longer) accurate, you can request rectification in accordance with Art. 16 GDPR. If your data is incomplete, you can request that it be completed.
- Right to erasure: You can request the erasure of your personal data in accordance with Art. 17 GDPR.
- Right to restriction of processing: In accordance with Art. 18 GDPR, you have the right to request that the processing of your personal data be restricted.
- Right to object to processing: You have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data which is based on point (e) or (f) of Article 6(1) GDPR pursuant to Article 21(1) GDPR. In this case, we will no longer process your data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms. Further processing will also take place if the processing serves the assertion and exercise of or defense against legal claims (Art. 21 para. 1 GDPR). You also have the right to object at any time to the processing of your personal data for the purpose of direct marketing in accordance with Art. 21 para. 2 GDPR; this also applies to any profiling insofar as it is associated with such direct marketing. We draw your attention to the right to object in this privacy policy in connection with the respective processing.
- Right to withdraw your consent: If you have given your consent for processing, you have the right to withdraw your consent in accordance with Art. 7 (3) GDPR.
- Right to data portability: You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format ("data portability") and the right to transmit those data to another controller where the requirements of Art. 20 (1) (a), (b) GDPR are met (Art. 20 GDPR).
You can assert your rights by sending a message to the contact details given in the "Controller" section or to the data protection officer appointed by us.
If you believe that the processing of your personal data violates data protection law, you also have the right under Art. 77 GDPR to lodge a complaint with a data protection supervisory authority of your choice. This also includes the data protection supervisory authority responsible for the controller:
Bavarian State Office for Data Protection Supervision, Promenade 18, 91522 Ansbach, postal address: P.O. Box 1349, 91504 Ansbach, telephone: 0981/180093-0, e-mail: poststelle@lda.bayern.de, https://www.lda.bayern.de.
Use of our website
In principle, you can use our website for purely informational purposes without disclosing your identity. When accessing the individual pages of the website in this sense, only access data is transmitted to our web space provider so that the website can be displayed to you. The following data is processed:
- Protocols (browser type/browser version),
- Date and time of access,
- Host name of the accessing end device,
- IP address (anonymized),
- Content of the request (specific web pages accessed),
- Access status/HTTP status code,
- Websites that are accessed via the website,
- Referrer URL (the previously visited website),
- Message as to whether the call was successful (error logs),
- User Agent and
- Amount of data transferred.
The temporary processing of this data is necessary to technically enable the course of a website visit and delivery of the website to your end device. The access data is not used to identify individual users and is not merged with other data sources. Further storage in log files takes place in order to ensure the functionality of the website and the security of the information technology systems. The legal basis for processing is Art. 6 para. 1 sentence 1 lit. f) GDPR. Our legitimate interests lie in ensuring the functionality of the website and the integrity and security of the website. Storing access data in log files, in particular the anonymized IP address, for a longer period of time enables us to detect and prevent misuse. This includes, for example, the defense against requests that overload the service or any bot usage. The access data is deleted as soon as it is no longer required to achieve the purpose for which it was processed. In the case of the collection of data for the provision of the website, this is the case when you end your visit to the website. The log data is always stored directly and only accessible to administrators and is deleted after seven days at the latest. After that, it is only available indirectly via the reconstruction of backup tapes and is permanently deleted after a maximum of four weeks. The anonymized IP addresses are deleted by the hosting service provider after 60 days at the latest.
You can object to the processing. You have the right to object on grounds relating to your particular situation. You can send us your objection using the contact details provided in the "Controller" section.
Website support by digital agency
We use the services of a digital agency (Puetter GmbH, Lichtstr. 25, 50825 Cologne, Germany) to support our website. As part of this support, the digital agency may process the access data mentioned in the section "Use of our website" (e.g. for backups), in particular your IP address and the data provided when using the online store.
The legal basis for the processing is Art. 6 para. 1 sentence 1 lit. f) GDPR. By using the services of our external digital agency, we aim to provide our website efficiently and securely.
You can object to the processing. You have the right to object on grounds relating to your particular situation. You can send us your objection using the contact details provided in the "Controller" section.
End device information
In addition to the aforementioned access data, technologies are used when using the website that store information in your end device (e.g. desktop PC, laptop, tablet and smartphone) or access information that is already stored in your end device. These technologies may include cookies, pixels, LocalStorage, SessionStorage, IndexedDB or browser fingerprinting technologies. These technologies can be used to recognize you across devices and websites.
Pursuant to Section 25 (1) TDDDG, we generally require your consent to use these technologies. According to Section 25 (2) TDDDG, such consent is only not required if the technologies either enable the transmission of a message via a public telecommunications network or if they are absolutely necessary in order to provide a telemedia service expressly requested by you:
Technically necessary end device information
Some elements of our website serve the sole purpose of transmitting a message (§ 25 para. 2 no. 1 TDDDG) or are absolutely necessary to make our website or individual functionalities of our website available to you (§ 25 para. 2 no. 2 TDDDG):
- Language settings,
- User preferences
- Item in shopping cart,
- Online forms
- Load balancer
- Log-in information.
The elements are deleted after storage is no longer required.
You can prevent processing by making the appropriate settings in your browser software. In the case of elements whose storage duration is not limited to the session, you can delete the elements in the settings of your browser software after your session has expired.
Technically unnecessary end device information
We also use elements on the website that are not technically necessary. We only use these technologies with your consent in accordance with the legal requirements. Information on the individual technologies and functions can be found in our "Privacy settings" within the consent management platform ("cookie banner") and sorted by individual functions in the following information.
Consent management platform
We use a consent management platform ("cookie banner") to request consent for the processing of your device information and personal data using cookies or other tracking technologies on our website. This gives you the option of consenting to or rejecting the processing of your end device information and personal data using cookies or other tracking technologies for the purposes listed. Such processing purposes may include the integration of external elements, integration of streaming content, statistical analysis, reach measurement, individualized product recommendations or individualized advertising.
You can give or refuse your consent for all processing purposes or give or refuse your consent for individual purposes or individual third-party providers.
The settings you have made within the consent management platform can also be changed by you retrospectively. The purpose of integrating the consent management platform is to allow users of our website to decide on the setting of cookies and similar functionalities and to offer the option of changing settings already made during the further use of our website.
In the course of using the Consent Management Platform, we process personal data and information about the end devices used. The information about the settings you have made is also stored on your device. The recipient of the personal data processed in this context is also the provider of the consent management platform we use: consentmanager GmbH (Eppendorfer Weg 183, 20253 Hamburg with regard to the consent management platform "consentmanager"). In addition, we have activated the Transparency & Consent Framework (TCF) function of IAB Europe (Rond-Point Robert, Schuman 11, 1040 Brussels, Belgium; hereinafter referred to as "IAB Europe") in our consent management platform: IAB Europe) is activated. As a result, a specific consent signal is transmitted to IAP Europe to verify user preferences in the consent management platform and the IP address is processed. Further information on the processing operations in connection with the Transparency & Consent Framework can be found at https://iabeurope.eu/transparency-consent-framework/ and https://iabeurope.eu/tcf-for-cmps/ and https://iabeurope.eu/privacy-policy/.
The legal basis for the processing is Art. 6 para. 1 sentence 1 lit. c) GDPR in conjunction with Art. 7 para. 1 GDPR. Art. 7 para. 1 GDPR, insofar as the processing serves to fulfil the legally standardized obligations to provide evidence for the granting of consent. Otherwise, Art. 6 para. 1 sentence 1 lit. f) GDPR is the relevant legal basis. Our legitimate interests in the processing lie in the storage of user settings and preferences in relation to the use of cookies and the evaluation of consent rates.
A new request for consent will be made twelve months after the user settings have been made. The user settings made will then be saved again for this period, unless you delete the information about your user settings in the terminal device capacities provided for this purpose yourself beforehand.
You can object to the processing if the processing is based on Art. 6 para. 1 sentence 1 lit. f) GDPR. You have the right to object on grounds relating to your particular situation. You can send us your objection using the contact details provided in the "Controller" section.
Contacting our company
When you contact our company, e.g. by email or via the contact forms on the website, the personal data you provide will be processed by us in order to respond to your inquiry. To process inquiries via the contact form, you must provide a title, your first name and surname and a valid email address. You can also provide us with a telephone number, your company name, location, the date of your request and other information in the free text field, e.g. in the case of a request for conference and event rooms. At the time the message is sent to us, your IP address and the date and time of registration are also processed. The legal basis for the processing is Art. 6 para. 1 sentence 1 lit. f) GDPR or Art. 6 para. 1 sentence 1 lit. b) GDPR if the contact is aimed at concluding a contract. If the request is aimed at concluding a contract, the provision of your data is required and mandatory. If the data is not provided, it will not be possible to conclude or execute a contract or process the request. The other data processed during the sending process is used to prevent misuse of the contact form and to ensure the security of our information technology systems. We delete the data collected in this process after processing is no longer necessary - usually two years after the end of communication - or, if necessary, restrict processing to compliance with existing statutory retention obligations.
You can object to the processing if it is based on Art. 6 para. 1 sentence 1 lit. f) GDPR. You have the right to object on grounds relating to your particular situation. You can send us your objection using the contact details provided in the "Controller" section.
DialogShift
In order to provide you with an additional opportunity to ask questions about our hotels, accommodation, leisure activities, your booking or our company, we use the chat application "DialogShift" (provider: DialogShift GmbH, Torstraße 201, 10115 Berlin ; hereinafter referred to as: DialogShift). When using the chat application, your contact details (such as first and last name and email address) as well as other information provided via the chat are processed by us and DialogShift in order to answer your request or forward it for further processing. DialogShift also uses cookies and similar tracking technologies, in particular to provide us with statistical analyses of the frequency and use of the chat. For this purpose and to ensure the proper processing of your chat requests, your end device is assigned a unique ID in order to recognize it for subsequent requests and to retrieve past chat logs if necessary. Some of the data mentioned in the section "Using our website" as well as your device information is transmitted to DialogShift, in particular your selected language settings. We use "DialogShift" to be able to communicate with you better and more easily and to provide you with an additional communication channel. We delete the data collected in this context after processing is no longer necessary or restrict processing to compliance with existing statutory retention obligations. With regard to the storage of and access to information in your terminal device, your consent is the legal basis pursuant to Section 25 (1) TDDDG; for further processing, your consent is also the legal basis pursuant to Art. 6 (1) sentence 1 lit. a) GDPR. DialogShift stores the personal data and end device information processed via the cookies and other tracking technologies for 90 days from the time of the last use of the chat application and then deletes it. Further information on data protection in relation to DialogShift can be found at https://www.dialogshift.com/datenschutz.
You can withdraw your consent to processing at any time by moving the slider in the "Privacy settings" of the consent tool. The legality of the processing remains unaffected until the revocation is exercised.
Application process
As part of the application process, we process the personal data you provide in the application form, such as your name, address, e-mail address, telephone number(s), data from your application documents and attached documents, e.g. in particular certificates, CV, cover letter, date of birth and the information provided in the free text field and other information. The purpose of the processing is to check your suitability for a position in our company and to consider your application as part of the application process. In the case of an (unsolicited) application by e-mail, we also process metadata from your e-mail, such as the date and time of receipt on our e-mail server, to ensure quality and to secure communication as part of the application process. If you apply via our application form on our website, the access data mentioned in the section "Use of our website" will also be processed in order to enable us to process your application documents and other documents digitally during the application process.
The legal basis for the processing is Art. 6 para. 1 sentence 1 lit. b) GDPR in conjunction with § 26 para. 1 BDSG, insofar as the data processing is necessary for the establishment and execution of the employment relationship The provision of your data is necessary and mandatory for the conclusion and execution of the contract. If you do not provide your data, we cannot guarantee that your application will be considered.
When processing special categories of personal data that may be the subject of your application or that you send us via the contact form on the website, the legal basis is Art. 9 para. 2 lit. b) GDPR in conjunction with Section 26 para. 3 BDSG.
We store your data for as long as it is required in connection with the application process. As a rule, we delete your personal data as soon as it is no longer required for the above-mentioned purposes and unless otherwise required by law. In particular, we retain personal data for as long as we need it to assert legal claims or defend against claims. Accordingly, we delete the data of applicants in the event of rejection six months after sending the rejection notification. The legal basis for processing for the purposes of legal prosecution is Art. 6 para. 1 lit. b) GDPR in conjunction with Section 26 para. 1 BDSG. When processing special categories of personal data, in particular any disabilities, the legal basis is Art. 9 para. 2 lit. b) GDPR in conjunction with Section 26 para. 3 BDSG or Art. 9 para. 2 lit. f) GDPR.
If an application is accepted, we store your data for the subsequent employment relationship within our employee administration.
Applicant pool
If we do not have a vacancy to fill, but are generally interested in working with you, we will process your application documents in our applicant pool with your consent so that we can contact you in the event of a vacancy. We will contact you separately to obtain your consent. The legal basis is your consent pursuant to Art. 6 para. 1 sentence 1 lit. a) GDPR. The data in the applicant pool will be deleted after two years, unless you have consented to a longer storage period.
You can withdraw your consent to processing at any time by sending a message to us using the contact details provided under "Controller". The lawfulness of the processing remains unaffected until the revocation is exercised.
Establishment, exercise or defense of legal claims
We also process personal data for the establishment, exercise or defense of legal claims. The legal basis for the processing is Art. 6 para. 1 lit. c) GDPR and Art. 6 para. 1 lit. f) GDPR. In these cases, we have a legitimate interest in asserting or defending against claims.
You can object to the processing. You have the right to object on grounds relating to your particular situation. You can send us your objection using the contact details provided in the "Controller" section.
Fulfillment of other legal obligations
We may also process the aforementioned personal data to fulfill other legal obligations, in particular if we have an enforceable official or court order or if we are required to do so by law. The legal basis in these cases is Art. 6 para. 1 sentence 1 lit. c) GDPR.
Online booking/reservation system
If you use our online booking system on the website, for example, to initiate the booking of accommodation or a room in one of our Living Hotels or to find out about the availability of accommodation, it is necessary and mandatory for the initiation and conclusion of the contract that you provide personal data such as title, your first and last name, country and your contact details (e-mail address), the travel period and the number of people traveling with you; further details such as your address (street, zip code, city) or other details, e.g. your telephone number, are provided voluntarily. The mandatory information required for order and contract processing is marked separately, other information (such as the selection of additional services) is provided voluntarily. The legal basis for the processing of the contract or booking data provided by you for the preparation and execution of the booking process is Art. 6 para. 1 sentence 1 lit. b) GDPR. In this case, the provision of your personal data is necessary and mandatory, as otherwise it is not possible to conclude a contract.
We use the external booking system "Sabre" from the provider SynXis [Sabre GLBL Inc., 3150 Sabre Drive, Southlake, Texas 76092, USA; hereinafter referred to as "Sabre"] for the clear presentation of available accommodation and to carry out your booking or reservation request: Sabre]. The booking information you provide will therefore be processed both by us or "Sabre" and by the respective hotel operating companies of the accommodation you have selected as part of the booking. We process your data to process the booking and forward the data you provide to the respective hotel operating companies of the booked accommodation so that they can process or confirm the booking. If the necessary mandatory information is not provided, it will not be possible to conclude or execute the contract. "Sabre" also processes some of your data on servers in the USA. We have concluded standard data protection clauses with "Sabre" in order to commit "Sabre" to an appropriate level of data protection. You can obtain a copy of the standard contractual clauses on request at Privacy@sabre.com. Further information on data protection and the storage period at "Sabre" can be found at www.sabre.com/about/privacy/. We delete the data processed in connection with the booking after storage is no longer required, or restrict processing to compliance with statutory retention obligations. Due to mandatory commercial and tax regulations, we are obliged to store your booking and invoice data for a period of ten years. Two years after termination of the contract, we restrict the processing and reduce the processing to compliance with existing legal obligations.
Customer account
In connection with the booking of a hotel room via our online booking system, you also have the option of creating a customer account with "Sabre" (Sabre GLBL Inc., 3150 Sabre Drive, Southlake, Texas 76092, USA; hereinafter referred to as "Sabre"): Sabre] in order to be able to enter your personal data more quickly in the booking mask for future bookings in particular. There is no obligation to create a customer account, as you can also access your reservation by entering your reservation or booking number and e-mail address.
To create a customer account, you must register with the following details:
- E-mail address,
- self-chosen password,
- User name.
Furthermore, your IP address and the date and time of registration are processed at the time of registration.
Your data will be deleted as soon as it is no longer required to achieve the purpose of processing. This is the case for the data collected during the registration process if the registration on the website is canceled or modified.
The following functions are available in the login area:
- Change your profile data,
- Adding/changing credit card information,
- View reservations/bookings that have been made.
If you log in to your customer account at "Sabre", e.g. to transfer your profile data to an ongoing booking of a hotel room on our website and complete it more quickly or to view bookings made, we also process the data about your person required to initiate or fulfill the contract, in particular address data and information on the method of payment, e.g. credit card information to make the booking and process payments. The legal basis for processing is Art. 6 para. 1 sentence 1 lit. b) GDPR. The provision of your data is necessary and mandatory for the conclusion or execution of the contract. If you do not provide your data, it will not be possible to carry out the booking using the customer account. Of course, you can also make the booking without logging into a customer account. "Sabre" also processes some of your data on servers in the USA. We have concluded standard data protection clauses with "Sabre" in order to oblige "Sabre" to an appropriate level of data protection. You can obtain a copy of the standard contractual clauses on request at Privacy@sabre.com. Further information on data protection and the storage period at "Sabre" can be found at www.sabre.com/about/privacy/. Your data will be deleted as soon as it is no longer required for the purpose of processing. This is the case after deletion of the customer account, unless we are required by law to retain the data. In this case, we restrict the processing. Due to mandatory commercial and tax regulations, we are obliged to store your address, payment and order data for a period of up to ten years.
Ticket store
You can buy a ticket for various events via the "To the ticket store" section. We collect the personal data you provide, such as your first and last name, your address, your e-mail address and payment details. The mandatory information required for order and contract processing is marked separately, other information is provided voluntarily. We store your first and last name, your e-mail address and the booking number for the purpose of contract execution. In addition, the data mentioned in the section "Use of our website" is processed in the manner specified in this section when you access the "To the ticket store" section.
The legal basis for the processing is Art. 6 para. 1 sentence 1 lit. b) GDPR. The provision of your data is necessary and mandatory for the conclusion and/or performance of the contract. If you do not provide your data, it will not be possible to conclude and/or execute the contract.
We have integrated the ticket store widget "EVENTIM.Light" of CTS EVENTIM AG & Co. KGaA (Contrescarpe 75 A, 28195 Bremen; hereinafter: "EVENTIM") for ticket purchases. EVENTIM therefore also processes the above-mentioned data.
We reserve the right to use the e-mail address provided by you as part of the purchase in accordance with the statutory provisions to send you e-mails with the following content following the ticket purchase, unless and for as long as you have already objected to this processing of your e-mail address:
Information about the event in the run-up to the event, requests for customer feedback, information about the same or similar events to the one for which you have purchased a ticket. The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. f) GDPR. Our legitimate interests in the aforementioned processing lie in increasing and optimizing our services, sending direct advertising and ensuring customer satisfaction.
We would like to point out that you can object to the receipt of direct advertising and processing for the purpose of direct advertising at any time without incurring any costs other than the transmission costs according to the basic rates. You have a general right to object without giving reasons (Art. 21 (2) GDPR). To do this, click on the unsubscribe link in the respective email or send us your objection to the contact details given in the "Controller" section.
If you unsubscribe by exercising your right to object, we will process your data, in particular your e-mail address, to ensure that you do not receive any further e-mail advertising from us. For this purpose, we add your e-mail address to a so-called "block list", which ensures that you do not receive any further e-mail advertising from us.
The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. c) GDPR in order to comply with our obligations to provide evidence.
We are jointly responsible with EVENTIM for data processing for the following purposes: For the collection and use of the data entered during the purchase for the purpose of order processing and for sending e-mails relating to the organization of the event.
We have determined the purposes and means of processing together with EVENTIM and are therefore jointly responsible for the protection of your personal data (Art. 26 GDPR).
As part of this joint responsibility under data protection law, we have reached an agreement with EVENTIM as to who fulfills the existing obligations under the GDPR. This relates in particular to the exercise of the rights of the data subjects and the fulfillment of the information obligations pursuant to Articles 13 and 14 GDPR. This agreement is necessary because data processing is carried out both by us and by EVENTIM. We have jointly agreed that data subjects will be jointly informed about data processing in accordance with Articles 13 and 14 GDPR.
You can assert your data subject rights (see above in detail) against both controllers. The parties shall inform each other immediately of any legal positions asserted by data subjects. The parties shall provide each other with all information necessary to respond to requests for information.
EVENTIM is solely responsible for the following data processing: sending email advertising, statistical analysis of the data provided via the widget when accessing the website in accordance with the section "Use of our website", even if you do not purchase a ticket. Further information on data processing by EVENTIM can be found at https://www.eventim-light.com/de/a/63726b54ac0e1e3b430c347f/privacy.
We delete the data arising in connection with the ticket purchase after storage is no longer required, or restrict processing if statutory retention obligations exist. Due to mandatory commercial and tax regulations, we are obliged to store your address, payment and order data for a period of up to ten years. Two years after termination of the contract, we restrict processing and reduce processing to compliance with existing legal obligations.
Processing of personal data in accordance with Section 30 of the Federal Registration Act (BMG)
Accommodation establishments, which include us as hotels, are obliged under Section 30 of the Federal Registration Act (BMG) to process the following data from the guest, in particular on the day of arrival, as part of the registration form:
- Date of arrival and expected departure,
- First names and surnames,
- Date of birth,
- Nationality,
- Address,
- Number of fellow travelers and their nationality in the cases of § 29 para. 2 sentence 2 and sentence 3 BMG,
- Serial number of the recognized and valid passport or passport replacement document for foreign persons,
- If applicable, further data on the collection of tourism and spa fees.
We are legally obliged to keep registration forms available and to collect, process and pass on this data within the framework of the BMG. The legal basis for the processing results from Art. 6 para. 1 s. 1 lit. c) GDPR in conjunction with Art. 30 para. 1 BMG. You are legally obliged to provide your data. If you do not provide your data, it will not be possible to conclude a contract or carry out the stay. We will delete your registration data after 15 months at the latest, see § 30 para. 4 BMG.
E-mail marketing
Existing customer advertising / pre-/post-stay mailings
We reserve the right to use the e-mail address provided by you during the booking process in accordance with the statutory provisions to send you the following content by e-mail during or after your booking or before and after your stay, unless you have already objected to this processing of your e-mail address:
- Information on new online booking functions,
- Interesting advance information (pre-stay e-mails) regarding your arrival and your stay, e.g. excursion destinations, leisure activities,
- Special offers/temporary (booking) offers,
- New offers for our additional services during your stay,
- Location information,
- Invitations to events,
- Invitation to feedback surveys regarding the stay (post-stay),
- Sending of information material, e.g. our catalog,
- Overview of possible leisure activities and travel options.
The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. f) GDPR. Our legitimate interests in the aforementioned processing lie in increasing and optimizing our services, sending direct advertising and ensuring guest satisfaction.
We delete your data when you end the usage process, but no later than three years after termination of the contract. We use an external email marketing service provider or external service provider for customer feedback to send post-stay emails and to evaluate and analyze guest feedback. Further information can be found in the "Email marketing service(s)" section.
We would like to point out that you can object to the receipt of direct advertising and processing for the purpose of direct advertising at any time without incurring any costs other than the transmission costs according to the basic rates. You have a general right to object without giving reasons (Art. 21 (2) GDPR). To do this, click on the unsubscribe link in the respective email or send us your objection to the contact details given in the "Controller" section.
Newsletter
You have the option of subscribing to our e-mail newsletter on the website, which we use to inform you regularly about the following content:
- Information on new online booking functions,
- Interesting information regarding your arrival and your stay, e.g. leisure activities,
- Special offers/temporary (booking) offers,
- New offers for our additional services during your stay,
- Location information,
- Invitations to events organized by our company to present our houses & offers,
- Sending of information material, e.g. our catalog,
- Offers, activities and events from our partners, provided you have given your consent,
- Overview of possible travel options, e.g. by public transport.
To receive the newsletter, you must provide your name or pseudonym and a valid e-mail address. We process the e-mail address for the purpose of sending you our e-mail newsletter and for as long as you have subscribed to the newsletter. We use an external email marketing service to send the emails. Further information on this service provider can be found in the section "Email marketing service".
The legal basis for processing is Art. 6 para. 1 sentence 1 lit. a) GDPR. Your data will be processed until you withdraw your consent.
You can revoke your consent to the processing of your e-mail address for the receipt of the newsletter at any time, either by clicking directly on the unsubscribe link in the newsletter or by sending us a message using the contact details provided under "Controller". This will not affect the lawfulness of the processing carried out on the basis of your consent up to the time of your withdrawal.
Double opt-in procedure
In order to document your newsletter registration and prevent the misuse of your personal data, registration for our e-mail newsletter takes place in the form of the so-called double opt-in procedure. After entering the data marked as mandatory, we will send you an e-mail to the e-mail address you have provided, in which we ask you to expressly confirm your subscription to the newsletter by clicking on a confirmation link. In doing so, we process your IP address, the date and time of registration for the newsletter and the time of your confirmation. In this way, we ensure that you really want to receive our email newsletter. We are legally obliged to prove your consent to the processing of your personal data in connection with the registration for the newsletter (Art. 7 para. 1 GDPR). Due to this legal obligation, data processing is carried out on the basis of Art. 6 para. 1 sentence 1 lit. c) GDPR.
You are not obliged to provide your personal data during the registration process. However, if you do not provide the required personal data, we may not be able to process your subscription in full or at all. If you do not confirm your newsletter subscription within 24 hours, we will block the information sent to us and delete it automatically after one month at the latest. After your confirmation, your data will be processed for as long as you have subscribed to the newsletter.
Newsletter tracking
We also statistically evaluate newsletter opening rates, the number of clicks on links contained in the newsletter and the reading time in aggregated form and also measure the reach of our newsletters. For this purpose, the usage behavior on our websites and within the newsletters sent by us is evaluated on the basis of device-specific information (e.g. email client used and software settings). For this analysis, the emails sent contain so-called web beacons or tracking pixels, which are one-pixel image files that are also embedded on our website.
For the purpose of reach measurement, we measure the number of visitors who have reached our websites by clicking on links and carry out certain actions there, such as redeeming vouchers and making bookings via our online booking route. The legal basis for processing is Art. 6 para. 1 sentence 1 lit. a) GDPR. We delete your data when you unsubscribe from the newsletter.
You can withdraw your consent at any time, either by sending us a message (see the contact details in the "Controller" section) or by clicking directly on the unsubscribe link contained in the newsletter. This will not affect the lawfulness of the processing carried out on the basis of your consent up to the time of your withdrawal.
Email marketing service(s):
We use the following email marketing services or providers to manage guest feedback:
- "CENDYN" of the provider Cendyn Group LLC (980 N. Federal Highway, 2nd Floor, Boca Raton, FL 33432, USA; hereinafter referred to as: Cendyn). Cendyn also processes some of your data on servers in the USA, which is considered a third country under data protection law. The EU Commission has issued an adequacy decision for data transfers to the USA. Cendyn is certified under this. In addition, standard data protection clauses have been concluded with Cendyn in order to commit Cendyn to an appropriate level of data protection. You can view a copy of these standard data protection clauses at https://www.cendyn.com/scc/. Further information can be found in Cendyn's privacy policy at https://www.cendyn.com/privacy-policy/ and at https://www.cendyn.com/wp-content/uploads/2022/01/Cendyn-Customer-Facing-DPA.pdf.
- We use the pre-stay mailing service of the provider SIHOT (GUBSE AG, Bahnhofstr. 26-28, 66578 Schiffweiler, Germany; hereinafter: SIHOT) to send the pre-stay emails and the invitation to the online check-in. SIHOT processes your e-mail address and the date of arrival. Further information can be found at https://sihot.com/rechtliche-informationen/datenschutzerklaerung/.
- We use the services of the external provider TrustYou (TrustYou GmbH, Steinerstr. 15, 81369 Munich; hereinafter: "TrustYou") to send feedback and post-stay emails. If you have made a booking, the data processed, in particular your e-mail address and, if applicable, your first and last name, length of stay (arrival/departure date), language, nationality and place of residence, will be transmitted to "TrustYou". "TrustYou" processes this information in order to send you a personalized feedback email and to statistically evaluate the feedback received. We then receive the information that a rating has been made by guests so that we can contact you if necessary. You are not obliged to carry out a rating. For the purpose of optimizing our marketing strategy, the reviews submitted to us, in particular the top reviews, will also be published on our website, stating your first name or pseudonym and, in some cases, your abbreviated surname. Your entry will be checked by us before publication in order to prevent spam. We reserve the right to remove entries at any time if they are found to be unlawful. Further information on data protection at "TrustYou" can be found at https://www.trustyou.com/de/wp-content/uploads/2023/02/Datenschutzerklaerung.pdf.
If you have registered to receive the newsletter, the data provided during registration and the data processed during the use of our newsletter service will also be processed on the servers of the aforementioned email marketing services. These email marketing services act as our processors and are contractually limited in their authority to use your personal data for purposes other than providing services to us in accordance with the applicable data processing agreement.
Block list
If you unsubscribe by withdrawing your declaration of consent or by exercising your right to object in the case of existing customer advertising, we will process your data, in particular your e-mail address, to ensure that you do not receive any further newsletters from us. For this purpose, we add your email address to a so-called "blacklist", which prevents you from receiving any further newsletters from us. The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. c) GDPR in order to comply with our obligations to provide evidence, otherwise Art. 6 para. 1 sentence 1 lit. f) GDPR. In this case, our legitimate interests consist in complying with our legal obligations to reliably stop sending you newsletters.
You can object to the processing. You have the right to object on grounds relating to your particular situation. You can send us your objection using the contact details provided in the "Controller" section.
Newsletter registration as part of the "Living Stage" event series
If you have registered for our newsletter and the newsletter of our respective sponsors as part of our "Living Stage" series of events, we will also transmit the personal data provided when registering to receive the newsletter to the respective sponsors named therein. The respective sponsors/companies are separately responsible for processing your personal data and for sending the respective newsletter. We have no influence on further data processing once the data has been transmitted. Further information on data processing and the storage period of our sponsors can be found on the respective sponsor's website.
Payment processing
We offer various payment methods on our website. After selecting one of the payment methods offered ("Pay now", "Pay later"), the payment data provided by you (e.g. as part of the booking process/bank transfer) will be processed together with information about your order as well as first and last name, purpose, order/invoice/customer number for the purpose of payment processing. In order to be able to allocate your payment, we process your delivery/invoice address, e-mail address and the selected payment method. If the data required for payment processing is transmitted, this is done via the secure "SSL" procedure.
For payment processing, we sometimes also use external payment service providers who are considered recipients of your personal data. Further information on these payment service providers can be found in the section "Integration of payment service providers".
The legal basis for processing is Art. 6 para. 1 sentence 1 lit. b) GDPR. The provision of your payment data is necessary and mandatory for the conclusion or execution of the contract. If the payment data is not provided, it will not be possible to conclude and/or execute the contract using the selected payment method.
We delete the data arising in this context after storage is no longer required, or restrict processing if there are statutory retention obligations. Due to mandatory commercial and tax regulations, we are obliged to store your address, payment and order data for a period of up to ten years. Two years after termination of the contract, we restrict processing and reduce processing to compliance with existing legal obligations.
Integration of payment service providers
The payment options offered as part of the online booking ("Paypal", "Alipay", "credit card payment") are integrated with the help of the payment service provider "SaferPay" (Worldline S.A, Tour Voltaire, 1 Place des Degrés, CS 81162, 92059 Paris la Défense Cedex, France; hereinafter referred to as "Saferpay") used by us to ensure fast, secure and smooth payment processing: Saferpay) in order to ensure fast, secure and smooth payment processing. If you select one of the aforementioned payment option(s), the payment data you provide during the booking process, together with information about your booking, will be forwarded to "Saferpay" for the purpose of payment processing. The data required for payment processing is transmitted securely via the "SSL" procedure and processed exclusively for payment processing. The processing is carried out on the basis of Art. 6 para. 1 sentence 1 lit. b) GDPR. The provision of payment data is necessary and mandatory for the conclusion and execution of the contract. If the payment data is not provided, it will not be possible to conclude and/or execute the contract with the specified payment method(s). Stripe processes your data in particular for the purpose of fraud prevention.
PayPal
On our website we offer you payment via "PayPal" (PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg and PayPal Holdings, Inc., 2211 North First Street - 95131 San José, California, USA; hereinafter: "PayPal"). You must log into your PayPal account to pay. The payment data you provide to PayPal will be processed by PayPal for the purpose of payment processing. The processing is carried out on the basis of Art. 6 para. 1 sentence 1 lit. b) GDPR. Further information on data processing by PayPal can be found here: https://www.paypal.com/de/webapps/mpp/ua/privacy-full. PayPal also processes your data in part on servers in the USA. Standard data protection clauses have been concluded with PayPal Holdings, Inc. in order to commit PayPal Holdings, Inc. to an appropriate level of data protection. You can view a copy of the standard data protection clauses at PayPal at https://www.paypal.com/de/smarthelp/contact-us/privacy. Further information, including on the storage period, can be found in PayPal's privacy policy at https://www.paypal.com/de/smarthelp/contact-us/privacy.
Alipay
On our website, we offer you payment via "Alipay" from the provider Alipay (Europe) Limited S.A. (9 Rue du Laboratoire Luxembourg L-1911, Luxembourg; hereinafter: Alipay). To pay, you must log into your Alipay account in advance. Your payment data provided to "Alipay" will be processed by "Alipay" for the purpose of payment processing. In order to assign your payment, we process your delivery/billing address, e-mail address and the selected payment method. We delete the data arising in this context after storage is no longer required, or restrict processing if there are statutory retention obligations. Due to mandatory commercial and tax regulations, we are obliged to store your address, payment and order data for a period of up to ten years. Two years after termination of the contract, we restrict the processing and reduce the processing to compliance with existing legal obligations. The legal basis is Art. 6 para. 1 sentence 1 lit. b) GDPR. The provision of your payment data is necessary and mandatory for the conclusion and performance of the contract. If the payment data is not provided, it will not be possible to conclude and/or execute a contract with the payment method "Alipay". "Alipay" also processes some of your data in China. There is no adequacy decision by the EU Commission for a data transfer to China. So-called standard data protection clauses have been concluded with "Alipay" in order to oblige "Alipay" to an appropriate level of data protection. We will be happy to provide you with a copy on request. Further information, including on the storage period, can be found in the data protection provisions of "Alipay" at https://global.alipay.com/docs/ac/platform/privacy.
Credit card payment
For the purpose of payment processing, we pass on the payment data required for the credit card payment to the credit institution commissioned with the payment or to the payment and billing service provider commissioned by us, if applicable. The processing is carried out on the basis of Art. 6 para. 1 sentence 1 lit. b) GDPR. The provision of your payment data is necessary and mandatory for the conclusion or execution of the contract. If the payment data is not provided, it will not be possible to conclude and/or execute the contract by means of a credit card payment. The data required for payment processing is transmitted securely via the SSL procedure and processed exclusively for payment processing. We delete the data arising in this context after storage is no longer required, or restrict processing if there are statutory retention obligations. Due to mandatory commercial and tax regulations, we are obliged to store your address, payment and order data for a period of up to ten years. Two years after termination of the contract, we restrict processing and reduce processing to compliance with existing legal obligations.
Hosting
We use external hosting services from the provider "Mittwald" (Mittwald CM Service GmbH & Co. KG, Königsberger Str. 4-6, 32339 Espelkamp, Germany) to provide the following services: Infrastructure and platform services, computing capacity, storage resources, security and technical maintenance services. For these purposes, all data - including the access data mentioned under "Use of our website" - that is required for the operation and use of our website is processed. The legal basis for the processing is Art. 6 para. 1 sentence 1 lit. f) GDPR. By using hosting services, we are pursuing our legitimate interests in the efficient and secure provision of our website.
You can object to the processing. You have the right to object on grounds relating to your particular situation. You can send us your objection using the contact details provided in the "Controller" section.
Integration of third-party content
Honeypot
We use "Honeypot" on our website. The provider of the service is Nocean (Nocean, Ryan McLaughlin, 74 Hooker St. Welland, Ontario, L3C 5H1, Canada, https://www.nocean.ca/contact/, hereinafter: "Honeypot"). The purpose of "Honeypot" is to check whether the data input on the website (e.g. in a contact form and booking) is carried out by a human or by an automated program. For this purpose, "Honeypot" analyzes the behavior of the visitor when entering data in the data entry form based on various characteristics in order to achieve spam protection. This analysis begins automatically as soon as the user starts entering data. For the purpose of the analysis, "Honeypot" evaluates the input in the data fields. The data collected during the analysis is forwarded to "Honeypot". Data processing is carried out on the basis of Art. 6 para. 1 sentence 1 lit. f) GDPR. We have a legitimate interest in protecting our website from abusive automated spying and unsolicited email advertising (spam). "Honeypot" also processes your personal data in Canada. The EU Commission has issued an adequacy decision for the transfer of data to Canada Further information on "Honeypot" and the storage period of the data can be found on the website of "Honeypot ": https://www.nocean.ca/.
You can object to the processing if it is based on Art. 6 para. 1 sentence 1 lit. f) GDPR.You have the right to object on grounds relating to your particular situation. You can send us your objection using the contact details provided in the "Controller" section.
Google Tag Manager
We use the "Google Tag Manager" from "Google" (Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland and Google, LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA; hereinafter: "Google" and "Google Tag Manager") on our website. Google Tag Manager is a solution with which website tags and other elements from third-party providers can be managed via an interface.
On the one hand, an http request is sent to Google when you access the website with Google Tag Manager. This transmits end device information and personal data such as your IP address and information about your browser settings to Google. We use Google Tag Manager for the purpose of facilitating electronic communication by transferring information to third-party providers via programming interfaces, among other things. The respective tracking codes of the third-party providers are implemented in the Google Tag Manager without us having to make extensive changes to the source code of the website ourselves. Instead, the integration takes place via a container that places a so-called "placeholder" code in the source code. In addition, Google Tag Manager allows the data parameters of users to be exchanged in a specific order, in particular by ordering and systematizing the data packets. In some cases, your data is also transferred to the USA. The EU Commission has issued an adequacy decision for data transfer to the USA. Google, LLC is certified under this. In addition, so-called standard contractual clauses have been concluded with Google, LLC in order to commit Google, LLC to an appropriate level of data protection. You can obtain a copy of the standard contractual clauses at https://cloud.google.com/terms/sccs. The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. f) GDPR. Our legitimate interests in the processing lie in the facilitation and execution of electronic communication by identifying communication endpoints, control options, exchanging data elements in a defined sequence and identifying transmission errors. The Google Tag Manager does not initiate any data storage. Further information on data protection at Google can be found at: http://www.google.de/intl/de/policies/privacy.
You can object to the processing if it is based on Art. 6 para. 1 sentence 1 lit. f) GDPR. You have the right to object on grounds relating to your particular situation. You can send us your objection using the contact details provided in the "Controller" section.
You can prevent processing by deleting the history and website data in the settings of your browser software or by opening the browser used in "private mode".
On the other hand, Google Tag Manager integrates third-party tags such as tracking codes or counting pixels on our website. The tool triggers other tags, which in turn collect your data; we will inform you about this separately in this privacy policy. The Google Tag Manager itself does not evaluate the end device information and personal data of users collected by the tags. Rather, your data is forwarded to the respective third-party service for the purposes specified in our consent management tool. We have adapted the Google Tag Manager to our consent management tool in such a way that the triggering of certain third-party services in the Google Tag Manager is made dependent on your selection in our consent management tool, so that only those third-party tags trigger data processing for which you have given your consent. The use of Google Tag Manager is covered by the consent for the respective third-party service. The legal basis for the processing is your consent in accordance with Art. 6 para. 1 sentence 1 lit. a) GDPR. Google also processes some of the data in the USA. There is an adequacy decision by the EU Commission for data transfer to the USA. Google, LLC is certified under this. In addition, so-called standard contractual clauses have been concluded with Google, LLC in order to commit Google, LLC to an appropriate level of data protection. You can obtain a copy of the standard contractual clauses at https://cloud.google.com/terms/sccs. The storage period of your data can be found in the following descriptions of the individual third-party services. Further information on data protection at Google can be found at: http://www.google.de/intl/de/policies/privacy.
You can withdraw your consent to processing at any time by moving the slider in the "Privacy settings" of the consent tool. The legality of the processing remains unaffected until the revocation is exercised.
TrustYou
To integrate guest feedback on our website, we also use the "TrustYou" widget from the provider TrustYou GmbH (Steinerstr. 15, 81369 Munich; hereinafter referred to as "TrustYou") to make our website and our services more attractive for website visitors and guests and to show you rating results from other guests. In doing so, we incorporate the “Trust Score” and the number of reviews received in relation to our Living Hotels via the “TrustYou” API. When you visit our website, your IP address is transmitted to „TrustYou“. „TrustYou“ processes your IP address solely to deliver the external content and to respond in the event of an IT security incident. The legal basis for this processing is Art. 6 para. 1 sentence 1 lit. f) GDPR. Our legitimate interests lie in the efficient integration and user-friendly presentation of guest reviews on our website. For more information on data protection and the storage duration at “TrustYou,” please visit https://www.trustyou.com/de/wp-content/uploads/2023/02/Datenschutzerklaerung.pdf and https://www.trustyou.com/downloads/privacy-policy.pdf.
You can object to the processing. You have the right to object on grounds relating to your particular situation. You can send us your objection using the contact details provided in the "Controller" section.
Services for statistical, analytical and marketing purposes
We use third-party services for statistical, analytical and marketing purposes. This enables us to provide you with a user-friendly, optimized use of the website. The third-party providers use cookies, pixels, browser fingerprinting or other tracking technologies to control their services. We will inform you below about the services of external providers currently used on our website as well as about the respective processing in individual cases and about your existing revocation options.
Google Analytics 4
We use "Google Analytics", a web analysis service from "Google" (Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland and Google, LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA; hereinafter: "Google" and "Google Analytics 4") in order to be able to optimally tailor our website to user interests. Google Analytics 4 uses so-called "cookies", which are stored on your end device for recognition, as well as similar tracking methods for recognizing end devices such as tracking pixels, device fingerprinting and programming interfaces (e.g. APIs and SDKs) to process information from your end device. For this purpose, your end device is assigned a randomly generated identification number (cookie ID/device ID).
With the help of these technologies, Google processes the information generated about the use of our website by your end device as well as access data for the purpose of statistical analysis - e.g. access to a specific website, number of unique visitors, entry and exit pages, length of stay, click, swipe and scroll behavior, activation of buttons, registration for the newsletter, bounce rate and similar user interactions. For this purpose, it can also be determined whether different end devices belong to you or your household. The access data includes, in particular, the IP address, browser and device information, cookie ID/device ID, the previously visited website and the date and time of the server request.
No individual IP addresses are logged or stored in Google Analytics 4 systems. At the moment the IP address is recorded by Google in special local data centers in the EU, your IP address is used to determine location information. The IP address is then deleted before the access data is stored in a data center or on a server for Google Analytics. Google Analytics 4 does not provide precise data on the geographical location, but only general location information such as the region and city of the end device's location, which is derived from the IP address. Google will process this information for the purpose of evaluating your use of the website, compiling reports on website activity for us and, where we indicate otherwise, providing us with other services relating to website activity and internet usage. If you are registered with a Google service, Google can assign the website visit to your user account and create and evaluate cross-application user profiles.
There is also a cross-platform analysis of user behavior on websites and apps that use Google Analytics 4 technologies. This allows user behavior in different environments to be recorded, measured and compared in the same way. For example, user scroll events are automatically recorded to enable a better understanding of the use of websites and apps. Different cookie IDs/device IDs are used for different end devices for this purpose. We are then provided with anonymized statistics on the use of the various platforms, compiled according to selected criteria.
Google Analytics 4 is used to automatically create target groups for specific cookie IDs/device IDs or mobile advertising IDs, which are later used for individualized advertising. Target group criteria include, for example: Users who have viewed products but not added them to a shopping cart or added them to a shopping cart but not completed the purchase OR users who have purchased certain items. A target group comprises at least 100 users. The Google Ads tool can then be used to display interest-based ads in search results. Users of websites can also be recognized on other websites within the Google advertising network (in Google search, on YouTube, so-called Google ads or on other websites) and presented with tailored advertisements based on the defined target group criteria.
With regard to the storage of and access to information in your terminal device, your consent is the legal basis pursuant to Section 25 (1) TDDDG; for further processing, your consent is also the legal basis pursuant to Art. 6 (1) sentence 1 lit. a) GDPR. Google also processes some of the data in the USA. There is an adequacy decision by the EU Commission for data transfer to the USA. Google, LLC is certified under this. In addition, so-called standard contractual clauses have been concluded with Google, LLC in order to commit Google, LLC to an appropriate level of data protection. You can obtain a copy of the standard contractual clauses at https://cloud.google.com/terms/sccs. Your data in connection with Google Analytics 4 will be deleted after 26 months at the latest. Further information on data protection at Google can be found at: http://www.google.de/intl/de/policies/privacy.
You can withdraw your consent to processing at any time by moving the slider in the "Privacy settings" of the consent tool. The legality of the processing remains unaffected until the revocation is exercised.
Google Ads Remarketing
We use the "Google Ads" tool with the "Dynamic Remarketing" function from "Google" (Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland and Google, LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA; hereinafter: "Google" and "Google Ads"). With the "Dynamic Remarketing" function, we can recognize users of our website on other websites within the Google advertising network (in Google search or on YouTube, so-called Google ads or on other websites) and present advertisements tailored to their interests. The advertisements may also relate to products and services that you have already viewed on our website. For this purpose, the interaction of users on our website is analyzed, e.g. which offers the user was interested in, in order to be able to display targeted advertising to users on other sites even after they have visited our website. If you visit our website, Google Ads will store a cookie on your end device. With the help of cookies, Google processes the information generated by your device about the use of our website and interactions with our website as well as the data mentioned in the section "Use of our website", in particular your IP address, browser information, the previously visited website and the date and time of the server request, for the purpose of displaying personalized advertisements. For this purpose, it can also be determined whether different end devices belong to you or your household. If users are registered with a Google service, Google can assign the visit to the user account and create and evaluate cross-application user profiles. With regard to the storage of and access to information in your end device, your consent is the legal basis in accordance with Section 25 (1) TDDDG; for further processing, your consent is also the legal basis in accordance with Art. 6 (1) sentence 1 lit. a) GDPR. Google also processes some of the data in the USA. The EU Commission has issued an adequacy decision for data transfer to the USA. Google, LLC is certified under this. In addition, so-called standard contractual clauses have been concluded with Google, LLC in order to commit Google, LLC to an appropriate level of data protection. You can obtain a copy of the standard contractual clauses at https://cloud.google.com/terms/sccs. The maximum storage period at Google is 24 months. Further information on data protection and the storage period at Google can be found at: https://policies.google.com/privacy.
You can withdraw your consent to processing at any time by moving the slider in the "Privacy settings" of the consent tool. The legality of the processing remains unaffected until the revocation is exercised.
Google Ads Conversion
We use the "Google Ads" service from "Google" (Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland and Google, LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA; hereinafter: "Google" and "Google Ads") to draw attention to our attractive offers on external websites with the help of advertising material (formerly known as "Google AdWords"). We can determine how successful the individual advertising measures are in relation to the advertising campaign data. These advertising materials are delivered by Google via so-called ad servers. For this purpose, we use ad server cookies, through which certain parameters for measuring reach, such as the display of ads or clicks by users, can be measured. If you access our website via a Google ad, Google Ads will store a cookie on your end device. With the help of cookies, Google processes the information generated by your device about interactions with our advertising media (accessing a specific website or clicking on an advertising medium), the data mentioned in the section "Use of our website", in particular your IP address, browser information, the previously visited website and the date and time of the server request, for the purpose of analyzing and visualizing the reach measurement of our advertisements. For this purpose, it can also be determined whether different end devices belong to you or to your household. Due to the marketing tools used, your browser automatically establishes a direct connection with the Google server. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, it is possible that the provider will find out your IP address and process it. We only receive statistical evaluations from Google to measure the success of our advertising material. With regard to the storage of and access to information in your terminal device, your consent is the legal basis in accordance with Section 25 (1) TDDDG; for further processing, your consent is also the legal basis in accordance with Art. 6 (1) sentence 1 lit. a) GDPR. Google also processes some of the data in the USA. There is an adequacy decision by the EU Commission for data transfer to the USA. Google, LLC is certified under this. In addition, so-called standard contractual clauses have been concluded with Google, LLC in order to commit Google, LLC to an appropriate level of data protection. You can obtain a copy of the standard contractual clauses at https://cloud.google.com/terms/sccs. The storage period at Google is a maximum of fourteen months. Further information on data protection and the storage period at Google can be found at: https://policies.google.com/privacy.
You can withdraw your consent to processing at any time by moving the slider in the "Privacy settings" of the consent tool. The legality of the processing remains unaffected until the revocation is exercised.
Facebook Analytics
We use the "Facebook Analytics" tool from "Facebook" (provider is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, and Meta Platforms Inc. 1601 Willow Rd, Menlo Park, California, USA; hereinafter: "Facebook" and "Facebook Analytics"). For the use of Facebook Analytics, we use the so-called "Facebook pixel" to analyze the use of our website and Internet presence, e.g. in social networks such as Facebook and Instagram, the interactions made by users on our website and Internet presence and the reach measurement of our advertisements. Your browser automatically establishes a direct connection to the Facebook server with the help of Facebook pixels - small graphics that are also integrated into our website, are automatically loaded when you visit our website and allow us to track user behavior. By integrating the Facebook pixel, Facebook processes information generated by cookies about the use of our website by your end device - e.g. that you have accessed a certain web page - and processes, among other things, the data mentioned in the section "Use of our website", in particular your IP address, browser information, the previously visited website, the Facebook ID and the date and time of the server request, for the purpose of analyzing our website and Internet presence, analyzing user interactions and measuring the reach of our advertisements. For these purposes, it can also be determined whether different end devices belong to you or your household. The information obtained with the help of the Facebook pixel is used solely for statistical purposes, is transmitted to us anonymously by Facebook as statistics and does not provide any information about the person of the user. If you are registered with a Facebook service, Facebook can assign the information collected to your account. Even if a user is not registered with Facebook or is not logged in, it is possible for Facebook to find out and process the IP address and other identifying features. We can also use the Facebook Conversion API to tailor our ads and advertising material on the website to user interests and measure the success of our ads.
In the context of the use of Facebook Analytics, we have jointly determined the purposes and means of processing with Facebook and are therefore jointly responsible for the protection of your personal data (see Art. 26 GDPR). As part of this joint responsibility under data protection law, we have reached an agreement with Facebook as to who fulfills the existing obligations under the GDPR. This relates in particular to the exercise of the rights of the data subjects and the fulfillment of the information obligations pursuant to Articles 13 and 14 GDPR. This agreement is necessary because data processing is carried out both by us and by Facebook. You can assert your data subject rights (see above in detail) against both controllers. The parties shall inform each other immediately of any legal positions asserted by data subjects. The parties shall provide each other with all information necessary to respond to requests for information. Further information can be found at https://de-de.facebook.com/legal/terms/page_controller_addendum.
With regard to the storage of and access to information in your terminal device, your consent is the legal basis pursuant to Section 25 (1) TDDDG; for further processing, your consent is also the legal basis pursuant to Art. 6 (1) sentence 1 lit. a) GDPR. Facebook also processes some of the data in the USA. There is an adequacy decision by the EU Commission for data transfer to the USA. Meta Platforms, Inc. is certified under this. In addition, standard data protection clauses have been concluded with Meta Platforms, Inc. to commit Meta Platforms Inc. to an appropriate level of data protection. You can request a copy of the standard data protection clauses from Facebook at https://www.facebook.com/help/contact/341705720996035. The storage period of the information in the Facebook cookies is 90 days. Further information on data protection and the storage period at Facebook can be found at: https://www.facebook.com/privacy/explanation andhttps://www.facebook.com/policies/cookies/.
You can withdraw your consent to processing at any time by moving the slider in the "Privacy settings" of the consent tool. The legality of the processing remains unaffected until the revocation is exercised.