DATA PROTECTION DECLARATION ACCORDING TO THE REQUIREMENTS OF THE GDPR

CookieBox Settings

Name and address of the person responsible
The controller within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is:
Alpenhotel Krone GmbH & Co. KG
DECKEL MAHO-Straße 1
87459 Pfronten Deutschland
Tel.: +49 8363 69050
Fax: +49 8363 6905555
info@alpenhotelkrone.de
Hotel location: Tiroler Straße 29, 87459 Pfronten
Contact person and management: Katrin Heinz
Personally liable partner: DECKEL MAHO Pfronten GmbH, District Court: Kempten (General); HRB: 7148
Managing Director: Dipl.-oec. Steffen Burghoff, Dipl.-Ing. (FH) Alfred Geißler

Rights of the data subject
If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller:
1. Right to information
You can request confirmation from the controller as to whether personal data concerning you is being processed by us.
If such processing exists, you can request information from the controller about the following information:
1. the purposes for which the personal data are processed;
2. the categories of personal data that are processed;
3. the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed;
4. the planned duration of the storage of the personal data concerning you or, if specific information on this is not possible, criteria for determining the storage period;
5. the existence of a right to rectification or erasure of personal data concerning you, a right to restriction of processing by the controller or a right to object to such processing;
6. the existence of a right of appeal to a supervisory authority;
7. all available information on the origin of the data, if the personal data are not collected from the data subject;
8. the existence of automated decision-making, including profiling, pursuant to Article 22(1) and (4) of the GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and envisaged consequences of such processing for the data subject.
You have the right to request information as to whether the personal data concerning you is transferred to a third country or to an international organisation. In this context, you can request to be informed about the appropriate guarantees pursuant to Art. 46 GDPR in connection with the transfer

2. Right to rectification
You have a right to rectification and/or completion vis-à-vis the controller if the processed personal data concerning you is incorrect or incomplete. The controller must make the correction without delay.

3. Right to restriction of processing
Under the following conditions, you can request the restriction of the processing of your personal data:
1. the processing is unlawful and you oppose the erasure of the personal data and instead request the restriction of the use of the personal data;
2. the controller no longer needs the personal data for the purposes of the processing, but you need them to assert, exercise or defend legal claims, or
3. if you have objected to the processing pursuant to Article 21 (1) GDPR and it has not yet been determined whether the legitimate reasons of the controller outweigh your reasons.
If the processing of your personal data has been restricted, this data may only be processed – apart from its storage – with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State.
If the restriction of processing has been restricted in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.

4. Right to erasure
a) Obligation to delete
You may request from the controller that the personal data concerning you be deleted without undue delay and the controller is obliged to delete this data without undue delay if one of the following reasons applies:
1. The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
2. You revoke your consent on which the processing was based in accordance with Art. 6 para. 1 sentence 1 lit. a or Art. 9 para. 2 lit. a GDPR, and there is no other legal basis for the processing.
3. You object to the processing pursuant to Article 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21 (2) GDPR.
4. The personal data concerning you have been unlawfully processed.
5. The deletion of personal data concerning you is necessary to fulfil a legal obligation under Union law or the law of the Member States to which the controller is subject.
6. The personal data concerning you have been collected in relation to information society services offered in accordance with Article 8 (1) GDPR.
b) Information to third parties
If the controller has made the personal data concerning you public and is obliged to delete it in accordance with Article 17 (1) GDPR, taking into account available technology and the cost of implementation, they shall take reasonable steps, including technical measures, to inform controllers processing the personal data that you, as the data subject, have requested from them the erasure of all links to, or copy or replication of, those personal data.
c) Exceptions
The right to erasure does not exist if the processing is necessary
1. to exercise the right to freedom of expression and information;
2. to comply with a legal obligation requiring processing under Union or Member State law to which the controller is subject, or to carry out a task carried out in the public interest or in the exercise of official authority conferred on the controller;
3. for reasons of public interest in the field of public health in accordance with Art. 9 para. 2 lit. h and i as well as Art. 9 para. 3 GDPR;
4. for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes pursuant to Article 89 (1) GDPR, insofar as the right referred to in Section a) is likely to make the achievement of the objectives of this processing impossible or seriously impaired, or
5. to assert, exercise or defend legal claims.

5. Right to information
If you have asserted the right to rectification, erasure or restriction of processing vis-à-vis the controller, the controller is obliged to inform all recipients to whom the personal data concerning you have been disclosed of this correction or deletion of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort. You have the right vis-à-vis the controller to be informed about these recipients.

6. Right to data portability
You have the right to receive the personal data concerning you that you have provided to the controller in a structured, commonly used and machine-readable format. In addition, you have the right to transmit this data to another controller without hindrance from the controller to whom the personal data have been provided, provided that
1. the processing is based on consent pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR or on a contract pursuant to Art. 6 para. 1 sentence 1 lit.b GDPR and
2. the processing is carried out by automated means.
In exercising this right, you also have the right to have the personal data concerning you transmitted directly from one controller to another, insofar as this is technically feasible. The freedoms and rights of other persons must not be affected by this.
The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority conferred on the controller.

7. Right to object
You have the right, for reasons arising from your particular situation, to object at any time to the processing of personal data concerning you on the basis of Art. 6 para. 1 lit. e or f GDPR; this also applies to profiling based on these provisions.
The controller shall no longer process the personal data concerning you unless it can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims.
If the personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; this also applies to profiling insofar as it is related to such direct advertising.
If you object to the processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes. In connection with the use of information society services, you have the possibility – notwithstanding Directive 2002/58/EC – to exercise your right to object by automated means using technical specifications.

8. Right to revoke the declaration of consent under data protection law
You have the right to revoke your declaration of consent under data protection law at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

9. Automated individual decision-making, including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which has legal effects vis-à-vis you or similarly significantly affects you. This does not apply if the decision:
1. is necessary for the conclusion or performance of a contract between you and the controller,
2. is permitted by Union or Member State law to which the controller is subject and that legislation contains appropriate measures to safeguard your rights and freedoms and your legitimate interests, or
3. with your express consent.
However, these decisions may not be based on special categories of personal data pursuant to Article 9 (1) GDPR, unless Article 9 (2) (a) or (g) GDPR applies and appropriate measures have been taken to protect your rights and freedoms and your legitimate interests.
With regard to the cases referred to in (1) and (3), the controller shall take appropriate measures to safeguard the rights and freedoms and your legitimate interests, including at least the right to obtain human intervention on the part of the controller, to express his or her point of view and contest the decision.

10. Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work or place of the alleged infringement, if you believe that the processing of your personal data infringes the GDPR.
The supervisory authority with which the complaint has been lodged shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy pursuant to Article 78 GDPR.

General information on data processing

  1. Scope of processing of personal data
    In principle, we process personal data of our users only to the extent necessary to provide a functional website as well as our content and services. The processing of personal data of our users takes place regularly only with the consent of the user. An exception applies in those cases in which it is not possible to obtain prior consent for factual reasons and the processing of the data is permitted by law.
  2. Legal basis for the processing of personal data
    Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 para. 1 sentence 1 lit. a EU General Data Protection Regulation (GDPR) serves as the legal basis.
    For the processing of personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 para. 1 sentence 1 lit.b GDPR serves as the legal basis. This also applies to processing operations that are necessary for the implementation of pre-contractual measures.
    Insofar as the processing of personal data is necessary to fulfil a legal obligation to which our company is subject, Art. 6 para. 1 sentence 1 lit.c GDPR serves as the legal basis. In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 sentence 1 lit. d GDPR serves as the legal basis. If the processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 para. 1 sentence 1 lit. f GDPR serves as the legal basis for the processing.
  3. Data deletion and storage period
    The personal data of the data subject will be deleted or blocked as soon as the purpose of storage no longer applies. Storage may also take place if this has been provided for by the European or national legislator in EU regulations, laws or other regulations to which the controller is subject. The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfilment of a contract.

Provision of the website and creation of log files

  1. Description and scope of data processing
    Each time our website is accessed, our system automatically collects data and information from the computer system of the calling computer.
    The following data is collected:
  1. Information about the browser type and version used
  2. The user’s operating system
  3. The User’s Internet Service Provider
  4. The IP address of the user
  5. Date and time of access
  6. Websites from which the user’s system reaches our website
  7. Websites accessed by the user’s system via our website
  8. The data is also stored in the log files of our system. A storage of this data together with other personal data of the user does not take place.

2. Legal basis for data processing
The legal basis for the temporary storage of data and log files is Art. 6 para. 1 sentence 1 lit. f GDPR.

3. Purpose of data processing
The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user’s computer. For this purpose, the IP address of the user must remain stored for the duration of the session. The storage in log files takes place to ensure the functionality of the website. In addition, the data serves us to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.
These purposes also constitute our legitimate interest in data processing in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR.

4. Duration of storage
The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.
If the data is stored in log files, this is the case after seven days at the latest. Further storage is possible. In this case, the IP addresses of the users are deleted or alienated, so that an assignment of the calling client is no longer possible.

5. Possibility of objection and removal
The collection of data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility of objection on the part of the user. Use of cookies
a) Description and scope of data processing
Our website uses cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user’s computer system. When a user accesses a website, a cookie can be stored on the user’s operating system. This cookie contains a characteristic string of characters that allows the browser to be uniquely identified when the website is called up again.
We use cookies to make our website more user-friendly. Some elements of our website require that the calling browser can be identified even after a page change.
The following data is stored and transmitted in the cookies:
1. Language settings
2. Items in the shopping cart
3. Log-in information
We also use cookies on our website that enable an analysis of the surfing behavior of users.
In this way, the following data can be transmitted:
1. Entered search terms
2. Frequency of page views
3. Use of website functions
The user data collected in this way is pseudonymized by technical precautions. Therefore, an assignment of the data to the calling user is no longer possible. The data is not stored together with other personal data of the users. When accessing our website, users are informed by an information banner about the use of cookies for analysis purposes and referred to this data protection declaration. In this context, there is also an indication of how the storage of cookies can be prevented in the browser settings.
b) Legal basis for data processing
The legal basis for the processing of personal data using cookies is Art. 6 para. 1 sentence 1 lit. f GDPR.
c) Purpose of data processing
The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary that the browser is recognized even after a page change.
We need cookies for the following applications:
1. Adoption of language settings
2. Shopping cart
The analysis cookies are used for the purpose of improving the quality of our website and its contents. Through the analysis cookies, we learn how the website is used and can thus constantly optimize our offer.
These purposes also include our legitimate interest in the processing of personal data in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR.
d) Duration of storage, possibility of objection and removal
Cookies are stored on the user’s computer and transmitted to our site by the user. Therefore, as a user, you also have full control over the use of cookies. By changing the settings in your Internet browser, you can deactivate or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all functions of the website to their full extent.
The transmission of Flash cookies cannot be prevented via the settings of the browser, but by changing the setting of the Flash Player.

Newsletter

  1. Description and scope of data processing
    On our website it is possible to subscribe to a free newsletter. When registering for the newsletter, the following data from the input mask will be transmitted to us.
    Email
    Name
    Forename
    Salutation
    Interests
    IP address of the calling computer
    Date and time of registration
    In connection with data processing for the dispatch of newsletters, the data is not passed on to third parties. The data will be used exclusively for sending the newsletter.
  2. Legal basis for data processing
    The legal basis for the processing of the data after registration for the newsletter by the user is Art. 6 para. 1 sentence 1 lit. a GDPR if the user has given his consent.
  3. Purpose of data processing
    The collection of the user’s email address serves to deliver the newsletter. The collection of other personal data as part of the registration process serves to prevent misuse of the services or the e-mail address used.
  4. Duration of storage
    The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. The user’s email address is therefore stored as long as the subscription to the newsletter is active.
    The other personal data collected during the registration process will usually be deleted after a period of seven days.
  5. Possibility of objection and removal
    The subscription to the newsletter can be cancelled by the user concerned at any time. For this purpose, a corresponding link can be found in each newsletter.
    This also enables a revocation of the consent to the storage of the personal data collected during the registration process.

Online booking/inquiry via the website

  1. Description and scope of data processing
    On our website there is the possibility to book and/or request rooms and arrangements. If a user makes use of this option, the data entered in the input mask will be transmitted to us and stored. These can be: salutation, first name, surname, e-mail address, telephone, address, number of fellow travelers, wishes, date, time, room selection, package, price. If you make an online booking from our websites, this is done through the online reservation system of websLINE Internet- & Marketing GmbH, Sägewerkstrasse 24, 83395 Freilassing, Germany. All booking data entered by you will be transmitted in encrypted form. websLINE has committed itself to the privacy-compliant handling of your transmitted data. It takes all organizational and technical measures to protect your data. In this context, no further transfer of the data to third parties takes place. The data will be used exclusively for the processing of the booking and for communication.
  2. Legal basis for data processing
    The legal basis for the processing of the data is the conclusion of an accommodation contract with the user.
  3. Purpose of data processing
    The processing of the personal data from the input mask serves us solely to process the booking request and to process the payment transactions.
  4. Duration of storage
    The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. In the case of a contractual relationship, we will delete the data received as soon as national, commercial, statutory or contractual retention regulations have been met.
  5. Possibility of objection and removal
    The user has the possibility to object to the processing of his personal data at any time.
    We would like to point out that in the event of an objection, the booking cannot be completed or the conversation cannot be continued.

Job application in our company

  1. Description and scope of data processing
    You have the option of applying for a job advertisement or sending us an unsolicited application. You can preferably do this by e-mail or in paper. From our website you can access our job advertisements. If you take advantage of this option, we store general information about you in an administration program. This data is:
    • Salutation
    • First name, surname
    • Address
    • Date of birth
    • E-mail address
    • Telephone
    • Application date
    • Advertised as
    • For which department advertised
    • As advertised (by email, via HotelCareer, HogastJobbörse, FairJobHotels, by post)
    In addition, we may forward your application internally to the responsible department head. A further transfer of the data to third parties does not take place in this context. The data will be used exclusively for the processing of the application and for communication.
  2. Legal basis for data processing
    The legal basis for the processing of the data is otherwise the processing for a contractual relationship or contractual relationship.
  3. Purpose of data processing
    The processing of personal data serves us solely to process the application.
  4. Duration of storage
    The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected.
  5. Possibility of objection and removal
    As an applicant, you have the option of objecting to the processing of your personal data at any time.
    We would like to point out that in the event of an objection, the application cannot be completed or the conversation cannot be continued.

Online Assessment

  1. Description and scope of data processing
    Former guests can leave a review at our hotel after check-out. For this purpose, we would like to send you an e-mail within 14 days of departure to ask you to submit a hotel review. Each review can be published anonymously on request. If you have not felt comfortable in our hotel, we would like to take the opportunity to contact you. If you submit an online review on our website, the data will be stored in the evaluation tool of TrustYou GmbH, Agnes-Pockels-Bogen 1, D-80992 Munich, Germany. TrustYou GmbH has committed itself to the privacy-compliant handling of your transmitted data. It takes all organizational and technical measures to protect your data. If a former guest makes use of this possibility of online evaluation, data from the former guest will be stored in the evaluation mask. These data are: e-mail address as well as voluntary information such as first name, surname, language and the information on the evaluation.
    In this context, no further transfer of the data to third parties takes place. The data will only be used for the publication of the review and for arbitration in the event of bad reviews.
  2. Legal basis for data processing
    The legal basis for the processing of the data is otherwise our legitimate interest in data processing.
  3. Purpose of data processing
    The purpose of the hotel review is to communicate and summarize the opinions of hotel guests via our website so that interested parties can get their own picture of our services and services. In addition, the results serve our internal quality management.
  4. Duration of storage
    The data will not be deleted.
  5. Possibility of objection and removal
    There is always the possibility to have the publication of the review deleted (right to be forgotten). Please let us know which review is involved.

Contact form and email contact

  1. Description and scope of data processing
    A contact form is available on our website, which can be used for electronic contact. If a user makes use of this option, the data entered in the input mask will be transmitted to us and stored. For the processing of the data, your consent will be obtained as part of the sending process and reference will be made to this data protection declaration.
    Alternatively, it is possible to contact us via the email address provided. In this case, the user’s personal data transmitted with the email will be stored.
    In this context, the data will not be passed on to third parties. The data will be used exclusively for the processing of the conversation.
  2. Legal basis for data processing
    The legal basis for the processing of the data is Art. 6 para. 1 sentence 1 lit. a GDPR if the user has given his consent.
    The legal basis for the processing of data transmitted in the course of sending an email is Art. 6 para. 1 sentence 1 lit. f GDPR. If the e-mail contact is aimed at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 sentence 1 lit.b GDPR.
  3. Purpose of data processing The processing of the personal data from the input mask serves us solely to process the contact. In the case of contact by e-mail, this also constitutes the necessary legitimate interest in the processing of the data.The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.
  4. Duration of storage
    The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. For the personal data from the input mask of the contact form and those sent by email, this is the case when the respective conversation with the user has ended. The conversation is terminated when it can be inferred from the circumstances that the facts in question have been conclusively clarified. The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.
  5. Possibility of objection and removal
    The user has the possibility to revoke his consent to the processing of personal data at any time. If the user contacts us by email, he can object to the storage of his personal data at any time. In such a case, the conversation cannot be continued.

Use of Facebook Pixel

  1. Scope of processing of personal data We use the so-called “Facebook Pixel” of the social network Facebook, Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025 United States or, if you are based in the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. With this analysis tool, Facebook can determine the users of our website as a target group for the presentation of advertisements.
  2. Legal basis for the processing of personal data
    The legal basis for the processing of personal data is Art.6 (1) sentence 1 lit. f GDPR.
  3. Purpose of data processing
    The use of Facebook pixels serves to evaluate the effectiveness of Facebook ads for statistical and market research purposes. As a result, future advertising measures can be optimized.
  4. Duration of storage
    We do not have any information about the duration of storage.
  5. Possibility of objection and removal
    The data collected remains anonymous to us. They are stored and processed by Facebook. There is a possibility that a connection to your Facebook profile can be established. Facebook may use this data for its own advertising purposes within the framework of the Facebook Data Use Policy. If you do not want Facebook to be able to link the use of our website to your Facebook profile, please log out of your Facebook user account. You can object to the collection by Facebook pixels and the use of your data to display Facebook ads under the following link.
    In addition, you can object to the use of Facebook pixels via our opt-out link:
    Tracking via the Facebook Pixel on this website is activated. Click here to disable tracking.

Use of Facebook Plugin

  1. Scope of processing of personal data
    We use the plug-in of Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025 United States or if you are located in the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. By activating this plug-in, your browser establishes a connection to the Facebook servers. Facebook learns that you are visiting our website with your IP address. In addition, Facebook receives information about the date, time, browser type and version, operating system and version as well as Facebook cookies already stored in the browser. From this, Facebook can recognize which websites with Facebook content you have been on. The plug-in is part of Facebook and is only displayed on our site. Any interaction with the plug-in is an interaction on “facebook.com”.
    If you are logged in to Facebook, your Facebook login number will also be transmitted when the plug-in is activated. Visiting our website can therefore be associated with your Facebook account. Depending on the setting of your Facebook account, clicking on the plug-in will also be published on Facebook. You can avoid this by logging out of your Facebook account before activating the plug-in and deleting all Facebook cookies after visiting websites with Facebook plug-ins.
  2. Legal basis for the processing of personal data
    The legal basis for the processing is Art.6 (1) sentence 1 lit.a GDPR.
  3. Purpose of data processing
    Facebook processes this data to find errors in its own system, to improve its own products and adapt them to user behavior, to control, place and individualize advertising. In addition, the processing also serves the localization, the recording of the way of using websites with Facebook content and the purpose of market research.
  4. Duration of storage
    According to its own information, Facebook stores the data for up to 90 days. After that, the data will only be used in anonymous form.
  5. Possibility of objection and removal
    Further information on the use and collection of data can be found in Facebook’s privacy policy at: www.facebook.com/about/privacy .

Use of Google AdWords

  1. Scope of processing of personal data
    On our website we use Google AdWords from Google Inc., 1600 Amphiteatre Parkway, Mountain View, CA 94043, United States. This is an online advertising program that uses conversion tracking. If you reach our website via a Google ad, Google AdWords places a cookie on your computer. Each Google AdWords customer is assigned a different cookie.
  2. Legal basis for the processing of personal data
    The legal basis for the processing is Art.6 para. 1 sentence 1 lit. f GDPR.
  3. Purpose of data processing
    We only know the total number of users who have responded to our ad. No information will be passed on with which we could identify you. The use is not for traceability.
  4. Duration of storage
    The cookie loses its validity after 30 days.
  5. Possibility of objection and removal
    You can prevent Google conversion tracking by deactivating the tracking procedure in your browser. Further information can be found on www.google.com/intl/de/policies/privacy.

Use of Google Analytics

  1. Scope of processing of personal data On our website we use Google Analytics, a web analysis service of Google Inc., 1600 Amphiteatre Parkway, Mountain View, CA 94043, United States. (“Google”). Google Analytics uses “cookies”, which are text files that are stored on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of this website is transmitted to a Google server in the USA and stored there. However, if IP anonymisation is activated on this website, your IP address will be shortened by Google beforehand within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. IP anonymization is active on this website. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services related to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. You can prevent the storage of cookies by setting your browser software accordingly; however, we would like to point out that in this case you may not be able to use all the functions of our website to their full extent.
  2. Legal basis for the processing of personal data
    The legal basis for the processing is Art.6 para. 1 sentence 1 lit. f GDPR.
  3. Purpose of data processing The purpose of the processing of personal data lies in the targeted addressing of a target group that has already expressed an initial interest by visiting the site.
  4. Duration of storage
    Advertising data in server logs is anonymized by Google deleting parts of the IP address and cookie information after 9 or 18 months.
  5. Possibility of objection and removal
    You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available under the following link. Further information can be found on www.google.com/intl/de/policies/privacy.

Use of Google Analytics Remarketing

  1. Scope of processing of personal data
    We use the remarketing function Google Inc., 1600 Amphiteatre Parkway, Mountain View, CA 94043, United States on our website. Together with Google, we offer you suitable and interest-based advertisements. Google Analytics Remarketing uses cookies. These are stored on your computer. According to Google, no personal data is collected. According to their own information, there is also no connection to the other Google services.
  2. Legal basis for the processing of personal data
    The legal basis for the processing is Art.6 para. 1 sentence 1 lit. f GDPR.
  3. Purpose of data processing
    The purpose of the processing of personal data lies in the targeted addressing of a target group. The cookies stored on your computer recognize you when you visit a website and can therefore show you interest-based advertising.
  4. Duration of storage Advertising data in server logs is anonymized by Google deleting parts of the IP address and cookie information after 9 or 18 months.
  5. Possibility of objection and removal
    You can prevent the use of the remarketing function by making the settings of the following link. Further information can be found on www.google.com/intl/de/policies/privacy.

Use of Google Maps Plugin

  1. Scope of processing of personal data
    On our website we use the online map service Google Maps of Google Inc., 1600 Amphiteatre Parkway, Mountain View, CA 94043, United States. By using Google Maps on our website, information about the use of our website, your IP address and addresses entered in the route plan function are transmitted to a Google server in the USA and stored there. By using our website, you agree to the processing of your data collected by Google Maps.
  2. Legal basis for the processing of personal data
    The legal basis for the processing is Art.6 (1) sentence 1 lit. f GDPR.
  3. Purpose of data processing
    We have no knowledge of the purpose of the data collection, nor of the use of the data by Google.
  4. Duration of storage We do not have any information about the duration of storage.
  5. Possibility of objection and removal
    Further information can be found on www.google.com/intl/de/policies/privacy.

Use of Instagram Plugin

  1. Scope of processing of personal data
    Plugins of the Instagram service are integrated on our pages. These are offered by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. The integrated Instagram buttons are used by us to enable a link to our Instagram profile. A widget is also integrated, which allows us to display certain photos and videos of our Instagram profile on our website. When you visit a page of ours that contains such a plug-in, your browser establishes a direct connection to an Instagram server. The contents of the plug-ins are transmitted directly to your browser and integrated into the website. Data is automatically transmitted to Instagram and stored on its servers. This transmitted data includes connection data (such as.B. Your IP address, date and time, the URL accessed) as well as the browser and operating system used. Your visit to our pages can thus be tracked by Instagram, even if you do not actively use the plug-in functions. If you are logged in to your Instagram account, you can link the contents of our pages to your Instagram profile by clicking on the Instagram button. This allows Instagram to assign the visit to our pages to your user account. If you want to prevent this direct assignment, you must log out of Instagram before visiting our website. For more information, see Instagram’s Privacy Policy.
  2. Legal basis for the processing of personal data The legal basis for the processing of users’ personal data is Art. 6 para. 1 sentence 1 lit. f GDPR.
  3. Purpose of data processing
    For information on the purpose of processing personal data, please refer to Instagram’s privacy policy.
  4. Duration of storage
    We do not have any information about the duration of storage.
  5. Possibility of objection and removal
    Further information can be found under the following link.

Use of Bing Adwords

  1. Scope of processing of personal data
    On our pages we use the Conversion Tracking Tool of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. Microsoft Bing Ads stores a cookie on your computer if you have reached our website via a Microsoft Bing ad. We only learn the total number of users who clicked on a Bing ad and were then redirected to the conversion page. No personal information about the identity of the user is provided.
  2. Legal basis for the processing of personal data
    The legal basis for the processing of users’ personal data is Art. 6 para. 1 sentence 1 lit. f GDPR.
  3. Purpose of data processing
    In this way, Microsoft Bing and we can recognize that someone has clicked on an ad, has been redirected to our website and has reached a previously determined landing page (conversion page).
  4. Duration of storage
    The duration of storage depends on the respective browser settings and cannot be influenced by us. If you do not want information about your behaviour to be used as explained above, you can refuse the setting of a cookie required for this purpose.
  5. Possibility of objection and removal
    Further information can be found under the following link. With the following link you can deactivate the use by Microsoft (blacklist).

Use of CleverReach

  1. Scope of processing of personal data
    We use the software CleverReach, which is operated by CleverReach GmbH & Co. KG, Mühlenstraße 43, 26180 Rastede, Germany, to send our newsletter. For this purpose, your data will also be stored by CleverReach. Your data will not be passed on to third parties for the subscription to the newsletter and CleverReach does not acquire any right to pass on your data.
  2. Legal basis for the processing of personal data
    The legal basis for the processing of users’ personal data is basically Art. 6 para. 1 sentence 1 lit. a GDPR. If contractually stipulated, then Art. 6 para. 1 sentence 1 lit.b GDPR also applies.
  3. Purpose of data processing
    CleverReach offers evaluation options for how the newsletters are opened and used by the recipients.
  4. Duration of storage
    The data will be stored and evaluated until the processing of the data is contradicted or the receipt of the newsletter by the recipient is discontinued.
  5. Possibility of objection and removal
    Further information can be found under the following link


Verwendung des Onlinebuchungstools DIRS21 der TourOnline AG
Our online presence uses the online booking tool DIRS21 (hereinafter “OBT”) of the company TourOnline AG, Borsigstraße 26, 73249 Wernau, Germany (www.dirs21.de, hereinafter “TOAG”) to enable online bookings of accommodation services and other travel services, as well as to process inquiries. Within the framework of the OBT, TOAG processes the data as the controller. The information and provisions on data protection can be found in TOAG’s data protection declaration on the OBT, which you can access at any time from the OBT or view it under www.dirs21.de/datenschutz