You are here:

Data protection information Köhlers Forsthaus - Frank Köhler e.K.

General information about the processing of your data

We are obliged by law to inform you about the processing of your personal data (hereinafter referred to as “data”) when you use our website. This data protection notice informs you about the details of the processing of your data and about your legal rights in this regard. For terms such as “personal data” and “processing”, the legal definitions pursuant to Art. 4 GDPR apply. We reserve the right to adapt the privacy policy with future effect, in particular in the event of further development of the website, the use of new technologies or changes to the legal bases or the corresponding case law. We recommend that you read this privacy policy from time to time and take a printout or a copy for your records.

Scope

This privacy policy applies to all pages of https://www.koehlers-forsthaus.de/. It does not cover any linked websites of other providers.

Controller

The following party is known as the controller under data protection law and therefore responsible for the processing of personal data within the scope of this privacy policy:

Köhlers Forsthaus
Frank Köhler e.K.
Hoheberger Weg 192
26605 Aurich
Phone: +49 (0) 49 41-1792-0
Fax: +49 (0) 49 41-179217
Email: hotel@koehlers-forsthaus.de

Questions about data protection

If you have any questions about data protection with regard to our company or our website, you can contact our data protection officer:

SPIRIT LEGAL Fuhrmann Hense Partnership of Lawyers
Attorney-at-law and data protection officer
Peter Hense
Postal address:
Data protection officer
c/o Köhlers Forsthaus
Frank Köhler e.K.
Hoheberger Weg 192
26605 Aurich

Contact via encrypted online form:

Contact data protection officer

Security

We have taken comprehensive technical and organisational precautions to protect your personal data from unauthorised access, abuse, loss and other external disruption. To this end, we regularly review our security measures and adapt them to the latest standards.

Your rights

You have the following rights with regard to the personal data concerning you that you can assert against us:

  • Right of access: You can request access to the personal data concerning you which we process, as set forth in Art. 15 GDPR.
  • Right to rectification: If the information concerning you is not (or no longer) correct, you can request its rectification in accordance with Art. 16 GDPR. If your data is incomplete, you can request that it be completed.
  • Right to erasure: You may request the erasure of your personal data in accordance with Art. 17 GDPR.
  • Right to restriction of processing: Pursuant to Art. 18 GDPR, you have the right to demand that the processing of your personal data be restricted.
  • Right to object to processing: Pursuant to Art. 21(1) GDPR, you have the right to object at any time, for reasons arising from your particular situation, to the processing of your personal data which occurs based on Art. 6(1) Sentence 1(e) or (f) GDPR. If you object, we will not process your data further, unless we can prove compelling legitimate reasons for the processing which override your interests, rights and freedoms. Processing will also continue if the processing serves to establish and exercise or defend against legal claims (Art. 21(1) GDPR). Furthermore, under Art. 21(2) GDPR you have the right to object at any time to the processing of your personal data for direct marketing purposes, which includes profiling to the extent that this is related to such direct marketing. In this privacy policy, we draw your attention to this right to object when describing each processing operation.
  • Right to withdraw your consent: If you have given your consent for processing, you have a right to withdraw that consent under Art. 7(3) GDPR.
  • Right to data portability: You have the right to receive the personal data you have given us in a structured, commonly used, machine-readable format (“data portability”) and the right to transfer this data to another controller, if the prerequisites of Art. 20(1)(a), (b) GDPR are fulfilled (Art. 20 GDPR).

You can assert your rights by informing us using the contact details specified under “Controller” above or by contacting the data protection officer designated by us.

If you believe that the processing of your personal data violates data protection law, then under Art. 77 GDPR you also have the right to lodge a complaint with a data protection supervisory authority of your choice. This includes the data protection supervisory authority responsible for the controller:

State Commissioner for Data Protection in Lower Saxony, Prinzenstraße 5, 30159 Hanover, phone: +49511/120-4500, email: poststelle@lfd.niedersachsen.de, https://www.lfd.niedersachsen.de

Using our website

In principle, you can use our website for purely informational purposes without disclosing your identity. When you access the individual pages of the website in this sense, this only results in access data being transferred to our web hosting service so that the website can be displayed to you. This involves the following data being processed:

  • Browser type/browser version
  • Operating system used
  • Language and version of the browser software
  • Date and time of access
  • Hostname of the accessing device
  • IP address
  • Content of the request (specific page)
  • Access status / HTTP status code
  • Websites accessed via the website
  • Referrer URL (website visited before)
  • Notification of whether the access was a success and
  • Volume of data transferred.

It is necessary for this data to be processed temporarily in order to make it technically possible for you to visit our website and to deliver the website to your device. The access data is not used to identify individual users and is not combined with other data sources. The data is also stored in log files, in order to ensure the functionality of the website and the security of the information technology systems. The legal basis for the processing is Art. 6(1) Sentence 1(f) GDPR. We have legitimate interests in ensuring the functionality, integrity and security of the website. Storing access data in log files, in particular the IP address, for a longer period of time enables us to detect and prevent misuse. This includes, for example, defending against requests that would overload the service as well as against bots. The access data will be erased as soon as it is no longer required for achieving the purpose of its processing. In the case of recording the data to provide the website, this is the case when you end your visit to the website. The log data is generally stored directly and in such a way that it can only be accessed by administrators, and it is erased after seven days at the latest. After that, it is only indirectly available by reconstructing backups, and is finally erased after a maximum of two weeks.

You may object to the processing. Your right of objection exists if you have reasons arising from your particular situation. You may send us your objection using the contact details specified under “Controller” above.

Device information

In addition to the aforementioned access data, technologies are used when you use the website which store information in your device (e.g. desktop PC, laptop, tablet or smartphone) or access information which is already stored on your device. These technologies may include, for example, cookies, pixels, local storage, session storage, IndexedDB or browser fingerprinting technologies. These technologies can be used to recognise you across devices and websites.

According to Sect. 25(1) of the German Telecommunications and Telemedia Data Protection Act (TTDSG), we generally require your consent for the use of these technologies. According to Sect. 25(2) TTDSG, this is only not required if the technologies either enable the transmission of a message via a public telecommunications network or if they are absolutely necessary to provide a telemedia service that you have expressly requested:

Technically necessary device information

Some elements of our website serve the sole purpose of transmitting a message (Sect. (2) No. 1 TTDSG) or are absolutely necessary to provide you with our website or individual features thereof (Sect. 25(2) No. 2 TTDSG):

  • Language settings
  • User preferences
  • Online forms
  • Load balancer.

The elements are erased after storage is no longer required.

You can prevent processing by adjusting your browser settings accordingly. For elements whose storage duration is not limited to the session, you can adjust your browser settings so that the elements are erased after your session has expired.

Technically non-essential device information

Our website also uses elements that are not technically necessary. We only use these technologies with your consent in accordance with legal requirements. Information about the individual technologies and features can be found in our “settings” as well as in the following information, which is sorted according to the individual features:

Klaro consent management platform

To make it easier for us to ask for your consent to the use of cookies or other tracking technologies so that we can process your device information and personal data when you visit our website, we use the consent tool Klaro, which is provided by KIProtect GmbH (Charlottenburger Innovationszentrum, Bismarckstr. 10-12, 10625 Berlin; hereinafter referred to as “Klaro”). Klaro gives you the opportunity to accept or decline the processing of your device information and personal data using cookies or other tracking technologies for the purposes listed in Klaro. Such processing purposes may include the integration of external elements, integration of streamed content, statistical analysis, reach measurement, personalised product recommendations, or personalised advertising. You can use Klaro to grant or refuse your consent for all processing purposes, or to grant or refuse your consent for individual purposes or third-party providers. You can change your settings again later on. The purpose of integrating Klaro is to allow users of our website to decide whether to allow cookies and similar technologies, and to offer them the opportunity to change settings that they have already made when they continue to use our website. When Klaro is used, we process personal data as well as information from the devices used. The information about the settings you have made is also stored on your device. The legal basis for the processing is Art. 6(1) Sentence 1(c) GDPR in conjunction with Art. 7(1) GDPR, insofar as the processing serves to fulfil the legally standardised obligations to provide evidence for the granting of consent. Otherwise, Art. 6(1) Sentence 1(f) GDPR is the relevant legal basis. Our legitimate interests in this processing lie in the storage of users’ settings and preferences with regard to the use of cookies and the evaluation of consent rates. A new request for your consent will be made twelve months after you saved your user settings. Your user settings will then be saved again for this period, unless you delete the information about your user settings yourself beforehand in your device settings.

You may object to the processing, insofar as processing is based on Art. 6(1) Sentence 1(f) GDPR. Your right of objection exists if you have reasons arising from your particular situation. You may send us your objection using the contact details specified under “Controller” above.

Contacting our company

When you contact our company, e.g. by email or using the contact form on the website, we will process the personal data you provide so that we can respond to your request. In order for us to process enquiries submitted via the contact form, it is essential that you provide a salutation, last name and valid email address. In addition, you can voluntarily provide your telephone number, title and first name. At the time the message is sent to us, the date and time of registration will be processed. The legal basis for this processing is Art. 6(1) Sentence 1(f) GDPR and Art. 6(1) Sentence 1(b) GDPR, if the contact is made with the intention of concluding a contract. If the request is aimed at concluding a contract, it is necessary for you to provide your data. If you do not provide your data, it will not be possible to conclude/execute a contract and process the request. The other data processed during the submission process serves to prevent any misuse of the contact form and to ensure the security of our information technology systems. As soon as processing is no longer necessary, we erase the data generated here – usually two years after the end of the communication – or, if statutory retention obligations apply, restrict processing of the data.

You may object to the processing. Your right of objection exists if you have reasons arising from your particular situation. You may send us your objection using the contact details specified under “Controller” above.

DialogShift chat

If you have any questions about our hotels, accommodation offers, leisure offers, your booking, or our company, you can contact us via the DialogShift chat window which appears (DialogShift GmbH, c/o Factory Works GmbH, Rheinsberger Straße 76/77, 10115 Berlin; hereinafter referred to as “DialogShift”) and send us a message. You will be able to find out about different aspects of your stay or make a booking. This involves processing the information provided via the chat. DialogShift uses cookies and similar tracking technologies to enable you to use the chat. Some of the data mentioned under “Using our website” is transmitted to DialogShift. We use DialogShift to communicate with you better and more easily. As soon as processing is no longer necessary, we will erase the data generated in this context or, if statutory retention obligations apply, restrict processing of the data accordingly. The legal basis for using DialogShift is Art. 6(1) Sentence 1(f) GDPR. Our legitimate interests in using DialogShift lie in offering a customer-friendly and speedy booking process and providing information about your stay. DialogShift erases your data after ninety days. For further information about data protection and how long your data is stored, please refer to: https://www.dialogshift.com/datenschutz

You may object to the processing. Your right of objection exists if you have reasons arising from your particular situation. You may send us your objection using the contact details specified under “Controller” above.

Application process

As part of the application process, we process your contact details such as your name, address, email address, telephone number(s), data from your application documents, in particular certificates, CV, cover letter, date of birth and gender, and, if applicable, special categories of personal data such as marital status and degree of disability. The purpose of this processing is to check your suitability for a position in our company and to conduct the application process. In the case of an (unsolicited) application by email, we also process metadata from your email, such as the date and time, in order to conduct the application process. If you apply via our careers portal on our website, the access data mentioned under “Using our website” will also be processed in order to be able to submit your application documents and other documents digitally to us within the application process.

The legal basis for this processing is Art. 6(1) Sentence 1(b) GDPR in conjunction with Sect. 26(1) of the German Federal Data Protection Act (BDSG), insofar as the data processing is necessary for hiring you and for carrying out the employment relationship. If we process special categories of personal data, the legal basis is Art. 9(2)(b) GDPR in conjunction with Sect. 26(3) BDSG. The provision of your data is necessary and obligatory in order to conclude and execute the contract. You will not be able to apply for a job with us if you do not provide your data.

We will store your data for as long as necessary in connection with the employment relationship. As a rule, we will erase your personal data as soon as it is no longer required for the purposes mentioned above and unless otherwise required by law. In particular, we store personal data for as long as we need it to establish legal claims or to defend against claims. Accordingly, in the event of a rejection we erase the data of applicants six months after sending the rejection notification. The legal basis for the processing for legal enforcement purposes is Art. 6(1) Sentence 1(b) GDPR in conjunction with Sect. 26(1) BDSG. If we process special categories of personal data, in particular data concerning disabilities, the legal basis is Art. 9(2)(b) GDPR in conjunction with Sect. 26(3) BDSG or Art. 9(2)(f) GDPR.

If you accept a job offer, we will store your data for the subsequent employment relationship within our employee data management system. Further details are available in the data protection information for employees.

If we do not have a vacancy but are in principle interested in working with you, then with your consent we will process your application documents in our talent poolso that we can contact you in the event of a vacancy. We will contact you separately to obtain your consent. The legal basis is your consent pursuant to Art. 6(1) Sentence 1(a) GDPR. Your data will be erased from the talent pool after two years, unless you have consented to a longer storage period.

You can withdraw your consent to the processing at any time by sending us a message using the contact details provided under “Controller”. Please note that this will not affect the lawfulness of the processing before your withdrawal.

Careers portal via compleet

We use the specialised software provider compleet GmbH (Hauptstraße 8, 82008 Unterhaching, Germany, hereinafter referred to as “compleet”) for talent acquisition and for the application process via the careers portal on our website. The purposes of the processing are providing a simple form for applicants and digitally organising and implementing job advertisements and recruitment. You can enter the personal data required for your application in the compleet form. When submitting your application via the careers portal, your data from the form and your IP address will also be processed by compleet. compleet acts as our processor and is contractually limited in its authority to use your personal data for purposes other than to provide services to us in accordance with the applicable data processing agreement. The legal basis of the processing is Art. 6(1) Sentence 1(f) GDPR. We have a legitimate interest in using the external service provider in order to optimise our digital application process.

You may object to the processing. Your right of objection exists if you have reasons arising from your particular situation. You may send us your objection using the contact details specified under “Controller” above.

Processing for contractual purposes

We process your personal data if and to the extent necessary for the initiation, creation, execution and/or termination of a legal transaction with our company. The legal basis for this results from Art. 6(1) Sentence 1(b) GDPR. It is necessary for you to provide your data in order to conclude the contract and you are contractually obliged to provide your data. If you do not provide your data, it will not be possible to conclude and/or execute a contract. Once the purpose has been achieved (e.g. contract processing), the personal data will be blocked for further processing or erased, unless we are entitled to keep processing the data on the basis of a consent granted by you (e.g. consent to the processing of your email address for sending promotional emails), a contractual agreement, a statutory authorisation (e.g. authorisation to send direct marketing) or on the basis of justified interests (e.g. retention for asserting claims).

Your personal data will be passed on to third parties if

  • It is necessary for the creation, execution or termination of legal transactions with our company (e.g. when transmitting data to a payment service provider/a shipping company to process a contract with you), in accordance with Art. 6(1) Sentence 1(b) GDPR), or
  • A subcontractor or party we use to perform our obligations, which we use exclusively within the framework of providing the offers or services requested by you, needs this data (unless you are expressly informed otherwise, such auxiliary parties are only entitled to process the data insofar as this is necessary for the provision of the offer or service), or
  • There is an enforceable official order (Art. 6(1) Sentence 1(c) GDPR), or
  • There is an enforceable court order (Art. 6(1) Sentence 1(c) GDPR), or
  • We are legally obliged to do so (Art. 6(1) Sentence 1(c) GDPR), or
  • The processing is necessary in order to protect the vital interests of the data subject or another natural person (Art. 6(1) Sentence 1(d) GDPR), or
  • This is necessary for the performance of a task carried out in the public interest or in the exercise of official authority (Art. 6(1) Sentence 1(e) GDPR), or
  • We can cite our overriding legitimate interests, or those of a third party, in the disclosure (Art. 6(1) Sentence 1(f) GDPR).

Your personal data will not be transmitted to other persons, companies or bodies unless you have effectively consented to such transmission. The legal basis for the processing is then Art. 6(1) Sentence 1(a) GDPR. In this privacy policy, we draw your attention to the respective recipients when describing each processing operation.

Voucher shop

If you wish to place an order in our voucher shop, it is necessary and obligatory for the initiation and conclusion of the contract that you provide personal data such as your first and last name, your address, your email address and your credit card details. The mandatory data required for order and contract processing is marked as such; further information is provided voluntarily. If you do not provide this information, it will not be possible to conclude a contract with you through our voucher shop. We will also process any data you may have provided for your message on the voucher. We process your data for order processing purposes. In particular, we will forward payment data to your chosen payment service provider or to our main bank. We use the Voucher Booking ordering system, which is provided by HotelNetSolutions GmbH (Genthiner Str. 8, 10785 Berlin), for the voucher shop in order to provide you with the best booking process. Your order data is processed on the servers of HotelNetSolutions GmbH in Germany. The legal basis for the data processing is Art. 6(1) Sentence 1(b) GDPR. To prevent unauthorised third parties from accessing your personal data, the order process on the website is encrypted using SSL technology. As soon as storage is no longer necessary, we erase the data generated in this context or, if statutory retention obligations apply, restrict processing of the data. Due to mandatory commercial and tax regulations, we are obliged to keep your address, payment and order data for a period of up to ten years. Two years after termination of the contract, we will restrict the processing and reduce it to compliance with our legal obligations.

Online shop; bookings

If you wish to make a booking or purchase a voucher on our website, it is necessary and obligatory for the initiation and conclusion of the contract that you provide personal data such as your first and last name, your address, your email address and your credit card details. The mandatory data required for order and contract processing is marked as such; further information is provided voluntarily. We process your data for order processing and will, in particular, forward payment data to your chosen payment service provider or our main bank for this purpose. The legal basis for the data processing is Art. 6(1) Sentence 1(b) GDPR. The provision of your data is necessary and obligatory in order to conclude and execute the contract. If you do not provide your data, it will not be possible to conclude and/or execute a contract. To prevent unauthorised third parties from accessing your personal data, the order process on the website is encrypted using SSL technology.

As soon as storage is no longer necessary, we erase the data generated in this context or, if statutory retention obligations apply, restrict processing of the data. Due to mandatory commercial and tax regulations, we are obliged to keep your address, payment and order data for a period of up to ten years. Two years after termination of the contract, we will restrict the processing and reduce it to compliance with our legal obligations.

OnePageBooking booking system

We process your data to carry out orders and bookings via the OnePageBooking booking system, which is provided by HotelNetSolutions GmbH (Genthiner Str. 8, 10785 Berlin; hereinafter referred to as “OnePageBooking”), which means that the data provided during booking, such as first and last name, address, email address and payment data, is also processed by OnePageBooking. The legal basis for using OnePageBooking is Art. 6(1) Sentence 1(f) GDPR. Our legitimate interests in using OnePageBooking lie in offering a customer-friendly and speedy booking process. The data processed in this context will be erased as soon as it is no longer required for the processing purpose. Further information about the purpose and scope of processing by OnePageBooking can be found at: https://hotelnetsolutions.de/datenschutz/

You may object to the processing, insofar as processing is based on Art. 6(1) Sentence 1(f) GDPR. Your right of objection exists if you have reasons arising from your particular situation. You may send us your objection using the contact details specified under “Controller” above.

Travel insurance

When booking via our website, you have the option of taking out ERGO travel insurance from the provider ERGO Reiseversicherung AG (Thomas-Dehler-Str. 2, 81737 Munich; hereinafter referred to as “ERGO”). For the purpose of taking out travel insurance, it is necessary to provide the first and last names of the persons travelling and their dates of birth, and to enter your IBAN and BIC in the ERGO form embedded on our website. The access data listed under “Using our website”, in particular your IP address and the referrer URL, is also processed in the process. Your above-mentioned data will be forwarded to ERGO after completion of the booking process. We do not receive any information about the travel cover finally concluded, as the contract is concluded with ERGO. The legal basis for the integration of ERGO is Art. 6(1) Sentence 1(f) GDPR. We have legitimate interests in the provision of travel insurance for our guests. The data processed in this context data will be erased as soon as it is no longer required for the processing purpose. For more information about how your data is processed and how long it is stored, please refer to: https://www.reiseversicherung.de/de/datenschutz.html

You may object to the processing. Your right of objection exists if you have reasons arising from your particular situation. You may send us your objection using the contact details specified under “Controller” above.

Price comparison

We have installed the “CbookingWidget” on our website, which is provided by HotelNetSolutions GmbH (Genthiner Str. 8, 10785 Berlin; hereinafter referred to as “CbookingWidget”) for the purpose of displaying the best possible price. In order to be able to show you the widget and thus the best price, the access data listed under “Using our website”, in particular your IP address and the referrer URL, is processed.

The legal basis for the integration of the CbookingWidget is Art. 6(1) Sentence 1(f) GDPR. We have legitimate interests in providing the best possible price when our guests make bookings. The data processed in this context data will be erased as soon as it is no longer required for the processing purpose. For more information about how your data is processed and how long it is stored, please refer to: https://hotelnetsolutions.de/datenschutz/

You may object to the processing. Your right of objection exists if you have reasons arising from your particular situation. You may send us your objection using the contact details specified under “Controller” above.

Email marketing

Advertising to existing customers

We reserve the right to use the email address you provide when ordering in accordance with the statutory provisions in order to send you the following content by email at the time of or after your order, unless you have already objected to this processing of your email address:

  • Interesting aspects from our portfolio, especially regarding offers in the wellness and sports/leisure sector as well as on classic car tours
  • New offers involving our products and services
  • Invitations to company events
  • Special/time-limited offers
  • Overview of possible leisure offers.

The legal basis of the data processing is Art. 6(1) Sentence 1(f) GDPR. Our legitimate interests in the processing described lie in enhancing and optimising our services, conducting direct marketing and ensuring customer satisfaction. We will erase your data when you stop using the service, but no later than three years after termination of the contract. We use an external email marketing service to send the emails. For more information on this service provider, please refer to the “Email marketing service” section.

We would like to point out that you can object to receiving direct marketing and to the processing of the data for direct marketing purposes at any time without incurring any costs other than the transmission costs according to the basic rates. Here you have a general right of objection without giving reasons (Art. 21(2) GDPR). To do this, click on the unsubscribe link in the relevant email or send us your objection to the contact details provided under “Controller”.  

Newsletter

You have the possibility to subscribe to our email newsletter on the website, which we use to inform you regularly about the following content:

  • Interesting aspects from our portfolio, especially regarding offers in the wellness and sports/leisure sector as well as on classic car tours
  • New offers involving our products and services
  • Invitations to company events
  • Special/time-limited offers
  • Overview of possible leisure offers
  • Customer feedback/satisfaction queries.

In order to receive the newsletter, you will need to provide your name or a pseudonym as well as a valid email address. We process the email address for the purpose of sending our email newsletter and for as long as you have subscribed to the newsletter. We use an external email marketing service to send the newsletter. For more information about this service provider, please refer to the “Email marketing” and “Customer feedback management” sections.

The legal basis for the processing is Art. 6(1) Sentence 1(a) GDPR.

You can withdraw your consent to the processing of your email address for the purpose of sending you the newsletter at any time, either by clicking directly on the unsubscribe link in the newsletter or by sending us a message using the contact details provided under “Controller”. This will not affect the lawfulness of the processing carried out on the basis of the consent prior to the withdrawal.

In order to document your newsletter registration and to prevent abuse of your personal data, we use what is known as a double opt-in procedure for email newsletter registrations. Once you have entered the data marked as mandatory, we will send you an email to the email address you have provided, in which we ask you to expressly confirm your subscription to the newsletter by clicking on a confirmation link. We process your IP address, the date and time of your registration for the newsletter and the time of your confirmation. This is how we ensure that you really want to receive our email newsletter. We are legally obliged to be able to demonstrate that you have consented to the processing of your personal data in connection with registering for the newsletter (Art. 7(1) GDPR). Due to this legal obligation, this data processing is carried out on the basis of Art. 6(1) Sentence 1(c) GDPR.

You are not obliged to provide your personal data during the registration process. However, if you do not provide the required personal data, we may not be able to process your subscription or process it in full. If you do not confirm your newsletter subscription within 24 hours, we will block the information transmitted to us and erase it automatically after one month at the latest. Once you confirm your registration, we will process your data for as long as you have subscribed to the newsletter.

We will also process the aforementioned data for the establishment, exercise or defence of legal claims. The legal basis for this processing is Art. 6(1) Sentence 1(c) GDPR and Art. 6(1) Sentence 1(f) GDPR. In these cases, we have a legitimate interest in the assertion or defence of claims.

You may object to the processing. Your right of objection exists if you have reasons arising from your particular situation. You may send us your objection using the contact details specified under “Controller” above.

Email marketing service

We use the email marketing service CleverReach, which is provided by CleverReach GmbH & Co. KG (CRASH Building Schafjückenweg 2, 26180 Rastede, Germany, hereinafter referred to as “CleverReach”).

If you have subscribed to the newsletter, the data provided when registering as well as the data processed when you use our newsletters are processed on the servers of the aforementioned email marketing service. CleverReach acts as our processor and is contractually limited in its authority to use your personal data for purposes other than to provide services to us in accordance with the applicable data processing agreement.

The legal basis of the processing is Art. 6(1) Sentence 1(f) GDPR. Our legitimate interest in using an external email marketing service lies in the optimisation and more targeted control and monitoring of our newsletter content.

You may object to the processing, insofar as it is based on Art. 6(1) Sentence 1(f) GDPR. Your right of objection exists if you have reasons arising from your particular situation. You may send us your objection using the contact details specified under “Controller” above.   

Customer feedback management

For managing customer feedback and the centralised sending of feedback emails, we use the Customer Alliance software provided by CA Customer Alliance GmbH (Ullsteinstr. 130, Tower B, 12109 Berlin, Germany; hereinafter referred to as “Customer Alliance”). If you have placed an order or booking in our web shop, the relevant data (in particular product, name and email address) will be transmitted to Customer Alliance and stored and processed on its servers in Germany. Customer Alliance acts as our processor and is contractually limited in its authority to use your personal data for purposes other than to provide services to us in accordance with the applicable data processing agreement. The legal basis of the processing is Art. 6(1) Sentence 1(f) GDPR. We have a legitimate interest in using a service provider to optimise and target the sending and management of customer feedback. For more information, including about the storage period, please refer to the Customer Alliance privacy policy at: https://www.customer-alliance.com/en/resources/blog/user-guide-gdpr-compliant-customer-alliance/

You may object to the processing. Your right of objection exists if you have reasons arising from your particular situation. You may send us your objection using the contact details specified under “Controller” above.

Payment service providers (PSPs)

Klarna

Sofortüberweisung by Klarna

If you select the payment method “Sofortüberweisung by Klarna” when ordering or booking, we will forward your data for payment processing purposes to Sofort GmbH (Theresienhöhe 12, 80339 Munich, Germany; hereinafter referred to as “Klarna” and “Sofortüberweisung”). Sofortüberweisung is a direct transfer method that allows a transfer to be completed and executed in real time during the order process. To this end, you will be redirected to the website of the payment service provider. Sofort GmbH processes your personal data, such as your name, account number or IBAN, bank code or BIC, payment reference, amount and date, and also passes this on to us by way of payment confirmation. The legal basis for the processing is Art. 6(1) Sentence 1(b) GDPR. The provision of your payment data is necessary and obligatory in order to conclude and execute the contract. If you do not provide payment data, it will not be possible to conclude and/or execute a contract by means of the Sofortüberweisung payment method. The data required for payment processing is transmitted securely using SSL encryption and processed exclusively for payment processing. As soon as storage is no longer necessary, we erase the data generated in this context or, if statutory retention obligations apply, restrict processing of the data. Due to mandatory commercial and tax regulations, we are obliged to keep your address, payment and order data for a period of up to ten years. Two years after termination of the contract, we will restrict the processing and reduce it to compliance with our legal obligations. For more information about how Klarna processes your data, please refer to https://www.klarna.com/sofort/ and https://www.sofort.com/payment/wizard/getCmsContent/data_protection/DE/0/de.

PayPal

On our website we give you the option of paying via PayPal (PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg and PayPal Holdings, Inc., 2211 North First Street · 95131 San José, California, US; hereinafter referred to as “PayPal”). For payment you have to log in to your PayPal account. The payment details you provide to PayPal will be processed by PayPal for the purpose of payment processing. For more information about data processing by PayPal, please refer to: https://www.paypal.com/de/webapps/mpp/ua/privacy-full  

In order to be able to identify your payment, we process your delivery/invoice address, email address and the selected payment method. As soon as storage is no longer necessary, we erase the data generated in this context or, if statutory retention obligations apply, restrict processing of the data. Due to mandatory commercial and tax regulations, we are obliged to keep your address, payment and order data for a period of up to ten years. Two years after termination of the contract, we will restrict the processing and reduce it to compliance with our legal obligations.  

The legal basis is Art. 6(1) Sentence 1(b) GDPR. The provision of your payment data is necessary and obligatory in order to conclude and execute the contract. If you do not provide payment data, it will not be possible to conclude and/or execute a contract using the PayPal payment method.  

PayPal also processes your data in the US. No EU Commission adequacy decision exists for data transfers to the US. Standard data protection clauses have been concluded with PayPal Holdings, Inc. in order to commit PayPal Holdings, Inc. to an appropriate level of data protection. You can view a copy of the standard data protection clauses on the PayPal website at: https://www.paypal.com/de/smarthelp/contact-us/privacy For more information about the storage period, please refer to the PayPal privacy policy at: https://www.paypal.com/de/smarthelp/contact-us/privacy

PAYONE

The credit card payment option is integrated via PAYONE (PAYONE GmbH, Lyoner Straße 9, 60528 Frankfurt am Main; hereinafter referred to as “PAYONE”). If you select the aforementioned payment option, your payment data provided during the booking process together with information about your booking will be passed on to PAYONE for the purpose of payment processing. This processing occurs on the basis of Art. 6(1) Sentence 1(b) GDPR. The provision of your payment data is necessary and obligatory in order to conclude and execute the contract. If you do not provide payment data, it will not be possible to conclude and/or execute a contract using the aforementioned payment method. PAYONE also processes your data for the purpose of fraud prevention. To this end, PAYONE uses cookies or other technologies to track specific user behaviour on our website. PAYONE uses the cookies and other tracking technologies to process the information generated about the use of our website by your device – e.g. the fact that you have visited a certain page – and processes, among other things, the data mentioned under “Using our website”, in particular your IP address, browser information, the website visited before and the date and time of the server request. The processing occurs on the basis of Art. 6(1) Sentence 1(f) GDPR. We have legitimate interests in fraud prevention. The information collected can be used to identify potentially harmful or illegal activities. For further information about the protection of your data and how long PAYONE stores your data, please refer to: https://www.payone.com/DE-de/datenschutz

You may object to the processing of your data for fraud prevention. Your right of objection exists if you have reasons arising from your particular situation. You may send us your objection using the contact details specified under “Controller” above.

Credit card payment

For the purpose of payment processing, we transmit the payment data required for the credit card payment to the bank commissioned with the payment or, if applicable, to the payment and invoicing service provider commissioned by us. This processing occurs on the basis of Art. 6(1) Sentence 1(b) GDPR. The provision of your payment data is necessary and obligatory in order to conclude and execute the contract. If you do not provide payment data, it will not be possible to conclude and/or execute a contract by means of credit card payment. The data required for payment processing is transmitted securely using SSL encryption and processed exclusively for payment processing. As soon as storage is no longer necessary, we erase the data generated in this context or, if statutory retention obligations apply, restrict processing of the data. Due to mandatory commercial and tax regulations, we are obliged to keep your address, payment and order data for a period of up to ten years. Two years after termination of the contract, we will restrict the processing and reduce it to compliance with our legal obligations.

Enforcement of rights, address investigation, debt collection

In the event of non-payment, we reserve the right to pass on the data provided at the time of ordering to a lawyer and/or to external companies (e.g. Verband der Vereine Creditreform e.V., Hellersbergstraße 12, 41460 Neuss, Germany) in order to ascertain an address and/or enforce our rights. The legal basis of the processing is Art. 6(1) Sentence 1(f) GDPR. Our legitimate interests lie in fraud prevention and avoiding default risks. In addition, we may pass on your data to the extent necessary in order to safeguard our rights, as well as the rights of our affiliates, our partners, our employees and/or users of our website. Under no circumstances will we sell or rent your data to third parties. The legal basis for the processing is Art. 6(1) Sentence 1(f) GDPR. We have a legitimate interest in the processing for the purpose of enforcing our rights. As soon as storage is no longer necessary, we erase the data generated or, if statutory retention obligations apply, restrict processing of the data.

You may object to the processing. Your right of objection exists if you have reasons arising from your particular situation. You may send us your objection using the contact details specified under “Controller” above.

Hosting

We use external hosting services provided by Onepage GmbH (Neue Rothofstr. 13-19 60313 Frankfurt am Main), which serve to provide storage resources and database services. For these purposes, all of the data required for the operation and use of our website – including the access data mentioned under “Using our website” – is processed. The legal basis for this processing is Art. 6(1) Sentence 1(f) GDPR. By using external hosting services, our aim is to make providing our website efficient and secure.

You may object to the processing. Your right of objection exists if you have reasons arising from your particular situation. You may send us your objection using the contact details specified under “Controller” above.

Website management by a digital agency

We use the services of the digital agency Timme Hosting GmbH & Co. KG (KG Ovelgönner Weg 43, 21335 Lüneburg) to manage our website. As part of this management, the digital agency may process the access data mentioned under “Using our website” (e.g. when making backups), in particular your IP address and the data provided when using our web shop.

The legal basis for this processing is Art. 6(1) Sentence 1(f) GDPR. By using the services of our external digital agency, our aim is to make the provision of our website efficient and secure.

You may object to the processing. Your right of objection exists if you have reasons arising from your particular situation. You may send us your objection using the contact details specified under “Controller” above.

Content delivery network

Onepage

We use the services of the Onepage content delivery network, which is provided by Onepage GmbH (Neue Rothofstr. 13-19, 60313 Frankfurt am Main; hereinafter referred to as “Onepage”) for the purpose of allowing our website to be displayed more quickly. When you visit our website, a library is loaded and temporarily stored on your device in order to avoid reloading the content. This involves your IP address being processed by the provider. The legal basis of the data processing is Art. 6(1) Sentence 1(f) GDPR. By using Onepage, we are pursuing our legitimate interest in faster website retrieval as well as a more effective and improved presentation of our website. Further information, in particular on the storage period, can be found at: https://onepage.io/de/datenschutzerklarung

You may object to the processing, insofar as it is based on Art. 6(1) Sentence 1(f) GDPR. Your right of objection exists if you have reasons arising from your particular situation. You may send us your objection using the contact details specified under “Controller” above.

Integration of third-party content

The website integrates third-party content such as videos and map material from other websites. This integration always requires that the providers of this content (“third-party providers”) perceive the IP addresses of users. This is because without the IP address they would not be able to send the content to the browser of the respective user. As such, the IP address is required to display this content. In the following, we inform you about the services from external providers currently in use on our website, about the related processing in each case, and about how you can object or withdraw your consent.

Google Maps

This website uses Google Maps, which is a service provided by Google (Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland and Google, LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, US; hereinafter referred to as “Google” and “Google Maps”) to display maps or sections of maps, thus enabling you to conveniently use the map function on the website. By visiting the website, Google receives the information that you have retrieved the corresponding subpage of our website. In addition, some of the data mentioned under “Using our website” is transmitted to Google. This occurs regardless of whether Google provides a user account that you are logged in with or whether no user account exists. If you are logged in to Google, your data will be directly associated with your account. If you do not wish for this data to be associated with your Google profile, you must log out before activating the button. Google stores your data as usage profiles and processes it, regardless of whether you have a Google account, for purposes of advertising, market research and/or the demand-oriented design of its website. With regard to the storage of and access to information in your device, the legal basis is Sect. 25(1) TTDSG; for further processing, the legal basis is Art. 6(1) Sentence 1(a) GDPR. Google also processes your personal data in the US. No EU Commission adequacy decision exists for data transfers to the US. So-called standard contractual clauses have been concluded with Google, LLC in order to commit Google, LLC to an appropriate level of data protection. You can obtain a copy of the standard contractual clauses at: https://cloud.google.com/terms/sccs For more information about the purpose and scope of the processing by the plug-in provider and about how long Google Maps data is stored, please refer to: https://policies.google.com/privacy?hl=en

You can withdraw your consent to the processing at any time by moving the slider back for the specific third-party provider in the consent tool settings. Please note that this will not affect the lawfulness of the processing before your withdrawal.

Google Tag Manager

We use Google Tag Manager, which is a service provided by Google (Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland and Google, LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, US; hereinafter referred to as “Google” and “Google Tag Manager”). Google Tag Manager is a solution that allows website tags and other elements to be managed through a single interface.

Firstly, when you visit the website with Google Tag Manager, an HTTP request is sent to Google. As a result, device information and personal data – such as your IP address and information about your browser settings – are transmitted to Google. We use Google Tag Manager to facilitate electronic communications by providing information to third-party providers, including through programming interfaces. Google Tag Manager implements the respective tracking codes of the third-party providers without us having to go to the effort of changing the source code of the website ourselves. Instead, integration is performed by a container that places what is known as placeholder code in the source code. Google Tag Manager also enables the exchange of users’ data parameters in a certain order, in particular by ordering and systematising the data packets. In isolated cases, your data will also be transferred to the US. No EU Commission adequacy decision exists for data transfers to the US. So-called standard contractual clauses have been concluded with Google, LLC in order to commit Google, LLC to an appropriate level of data protection. You can obtain a copy of the standard contractual clauses at: https://cloud.google.com/terms/sccs The legal basis for the data processing is Art. 6(1) Sentence 1(f) GDPR. We have legitimate interests in the processing for the purposes of facilitating and carrying out electronic communication by identifying communication endpoints, control options, exchanging data elements in a defined order, and identifying transmission errors. Google Tag Manager does not initiate data storage. For further information about privacy at Google, please refer to: https://www.google.de/intl/en/policies/privacy

You may object to the processing, insofar as it is based on Art. 6(1) Sentence 1(f) GDPR. Your right of objection exists if you have reasons arising from your particular situation. You may send us your objection using the contact details specified under “Controller” above.

You can prevent the processing by deleting the browser history and other website data in your browser settings or by opening your browser in “private mode”.

On the other hand, Google Tag Manager integrates tags from third-party providers for example, such as tracking codes or tracking pixels, on our website. The tool triggers other tags, which in turn record your data; our privacy policy explains this separately in each case. Google Tag Manager itself does not evaluate the device information and personal data of users collected by the tags. Rather, your data is forwarded to the specific third-party service for the purposes specified in our consent management tool. We have configured Google Tag Manager to work with our consent management tool in such a way that triggering certain third-party services in Google Tag Manager depends on the selections you make in our consent management tool, so that only those tags from third-party providers trigger data processing for which you have given consent. The use of Google Tag Manager is subject to your consent for the specific third-party service. The legal basis of this processing is your consent under Art. 6(1) Sentence 1(a) GDRP. Google also processes the data in part in the US. No EU Commission adequacy decision exists for data transfers to the US. So-called standard contractual clauses have been concluded with Google, LLC in order to commit Google, LLC to an appropriate level of data protection. You can obtain a copy of the standard contractual clauses at: https://cloud.google.com/terms/sccs The following descriptions of the individual third-party services specify how long your data will be stored in each case. For further information about privacy at Google, please refer to: https://www.google.de/intl/en/policies/privacy

You can withdraw your consent to the processing at any time by moving the slider back for the specific third-party provider in the consent tool settings. Please note that this will not affect the lawfulness of the processing before your withdrawal.

YouTube videos

Our website uses plug-ins from the video platform YouTube.de or YouTube.com, a service provided by YouTube LLC (head office at 901 Cherry Avenue, San Bruno, CA 94066, US; hereinafter referred to as “YouTube”), for which Google (Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland and Google, LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, US; hereinafter referred to as “Google”) is the controller within the meaning of data protection law. We use this processing of data by the plug-ins to pursue the purpose of integrating visual content (videos) on the website that we have published on YouTube.de or YouTube.com. The videos are all embedded in “extended privacy mode”, which means that no data about you as a user will be transferred to YouTube if you do not play the videos. When videos are played on our website, YouTube receives the information that you have retrieved the corresponding page of our website. In addition, some of the data mentioned under “Using our website” is transmitted to Google. This occurs regardless of whether YouTube provides a user account that you are logged in with or whether no user account exists. If you are logged in to Google, your data will be directly associated with your account. If you do not wish for this data to be associated with your YouTube profile, you must log out before activating the button. YouTube stores your data as user profiles and processes it, regardless of whether you have a Google account, for the purposes of advertising, market research and/or the demand-oriented design of its website. With regard to the storage of and access to information in your device, the legal basis is Sect. 25(1) TTDSG; for further processing, the legal basis is Art. 6(1) Sentence 1(a) GDPR. Google also processes the data in part in the US. No EU Commission adequacy decision exists for data transfers to the US. So-called standard contractual clauses have been concluded with Google, LLC in order to commit Google, LLC to an appropriate level of data protection. You can obtain a copy of the standard contractual clauses at: https://cloud.google.com/terms/sccs For more information about the purpose and scope of data processing by YouTube and how long YouTube or Google stores such data, please refer to Google’s privacy information at: https://policies.google.com/privacy

You can withdraw your consent to the processing at any time by moving the slider back for the specific third-party provider in the consent tool settings. Please note that this will not affect the lawfulness of the processing before your withdrawal.

Social news

In order to make our website more attractive for customers and guests and to also display our Instagram and Facebook posts on the website, we integrate our Instagram and Facebook feed on our website. When you access our website, your access data, in particular your IP address, the date and time of access, and the amount of data transferred and information about the content requested, is transmitted to Instagram and Facebook (Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland and Meta Platforms, Inc. Deborah Crawford 1601 Willow Road Menlo Park, California 94025, US; hereinafter referred to as “Meta”) , provided that you have given your consent. Meta also uses so-called cookies, which are stored on your device for recognition purposes, as well as similar tracking methods for the purpose of device recognition such as tracking pixels, device fingerprinting and programming interfaces (e.g. APIs and SDKs) in order to process information from your device. For this purpose, your device is assigned a randomly generated identification number (cookie ID / device ID). If you are registered with a Meta service, in particular Instagram and Facebook, Meta can associate the information recorded with your account. Even if a user is not registered with Instagram or Facebook or has not logged in, it is possible that Instagram will obtain and process their IP address and other identifying information. With regard to the storage of and access to information in your device, the legal basis is Sect. 25(1) TTDSG; for further processing, the legal basis is Art. 6(1) Sentence 1(a) GDPR. Meta also processes the data in part in the US. No EU Commission adequacy decision exists for data transfers to the US. Standard data protection clauses have been concluded with Meta Platforms Inc. in order to commit Meta Platforms Inc. to an appropriate level of data protection. You can request a copy of the standard data protection clauses at: https://www.facebook.com/help/contact/341705720996035 The information in Meta cookies will be stored for a maximum of 90 days. For further information about the protection of your data and how long Meta stores your data, please refer to: https://www.facebook.com/privacy/policy/?entry_point=data_policy_redirect&entry=0

You can withdraw your consent to the processing at any time by moving the slider back in the consent tool settings. This does not affect the lawfulness of the processing carried out on the basis of the consent prior to the withdrawal.

To integrate the social news we use Lightwidget, which is provided by Black Sail Division (Mołczyn 17 street, Leszna Górna, 43-445 Dzięgielów, Poland; hereinafter referred to as “Lightwidget”). In this context, the access data mentioned under “Using our website” is processed for the purpose of displaying the social wall.

The legal basis of the processing is Art. 6(1) Sentence 1(f) GDPR. Our legitimate interest in integrating the external service provider lies in the provision of our social media profiles in order to make our promotional offers more attractive for our guests. Your data will be erased as soon as it is no longer required for the processing operation. For more information about data processing at Lightwidget, please refer to: https://lightwidget.com/privacy

You may object to the processing. Your right of objection exists if you have reasons arising from your particular situation. You may send us your objection using the contact details specified under “Controller” above.

Services for statistical, analysis and marketing purposes

We use services from third parties for statistical, analysis and marketing purposes. This enables us to offer you a user-friendly, optimised experience when visiting the website. The third-party providers use cookies, pixels, browser fingerprinting or other tracking technologies to control their services. In the following, we inform you about the services from external providers currently in use on our website, about the related processing in each case, and about how you can withdraw your consent.

Google Analytics 4

In order to tailor our website perfectly to user interests, we use Google Analytics, a web analytics service from Google (Google Ireland , Ltd., Gordon House, Barrow Street, Dublin 4, Ireland and Google, LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, US; hereinafter referred to as “Google” and “Google Analytics 4”). Google Analytics 4 uses so-called cookies, which are stored on your device for recognition purposes, as well as similar tracking methods for the purpose of device recognition such as tracking pixels, device fingerprinting and programming interfaces (e.g. APIs and SDKs) in order to process information from your device. For this purpose, your device is assigned a randomly generated identification number (cookie ID / device ID).

Google uses these technologies to process the information generated about the use of our website by your device as well as access data for the purpose of statistical analysis – e.g. the fact that you have visited a certain page; the number of unique visitors; entry and exit pages; time spent by the visitor on the website; clicking, swiping and scrolling behaviour; activation of buttons; registration for the newsletter; bounce rate; and similar user interactions. For this purpose, it is also possible to determine whether different devices belong to you or to your household. Access data includes in particular the IP address, browser and device information, cookie ID / device ID, the website visited before and the date and time of the server request.

In Google Analytics 4 systems, no individual IP addresses are logged or stored. At the time of collection of your IP address by Google in dedicated local data centres in the EU, your IP address will be used to determine location information. The IP address is then erased before the access data is stored in a data centre or on a server for Google Analytics. In Google Analytics 4, no precise data about the geographical location is provided, but only general location information such as the region and city of the device’s location derived from the IP address. Google will process this information for the purpose of evaluating your use of this website, compiling reports for us on website activity, and – where we point this out separately – providing us with other services relating to website usage. If you are registered with a Google service, Google can associate the visit with your account and create and evaluate user profiles across applications.

In addition, a cross-platform analysis of usage behaviour is carried out on websites and apps that use Google Analytics 4 technologies. This enables equal recording, measurement and comparison of usage behaviour across different environments. For example, user scrolling events are automatically recorded to provide a better understanding of how websites and apps are used. For this purpose, different cookie IDs / device IDs are used for different devices. Subsequently, we are provided with anonymised statistics on the use of the various platforms, compiled according to selected criteria.

With the help of Google Analytics 4, target groups are automatically created for specific cookie IDs / device IDs or mobile advertising IDs, which are later used for targeted personalised advertising. Target group criteria may include but are not limited to: users who have viewed products but not added them to a shopping cart or have added them to a shopping cart but not completed the purchase OR users who have purchased certain items. A target group comprises at least 100 users. With the help of the Google Ads tool, interest-based ads can then be displayed in search results. Similarly, it is possible to recognise users of websites on other websites within the Google advertising network (in Google Search, on YouTube, so-called Google Ads, or on other websites) and present them with ads tailored to the specified target group criteria.

With regard to the storage of and access to information in your device, the legal basis is Sect. 25(1) TTDSG; for further processing, the legal basis is Art. 6(1) Sentence 1(a) GDPR. Google also processes the data in part in the US. No EU Commission adequacy decision exists for data transfers to the US. So-called standard contractual clauses have been concluded with Google, LLC in order to commit Google, LLC to an appropriate level of data protection. You can obtain a copy of the standard contractual clauses at: https://cloud.google.com/terms/sccs Your data processed in connection with Google Analytics 4 will be erased after fourteen months at the latest. For further information about privacy at Google, please refer to: https://www.google.de/intl/en/policies/privacy

You can withdraw your consent to the processing at any time by moving the slider back in the consent tool settings. This does not affect the lawfulness of the processing carried out on the basis of the consent prior to the withdrawal.

Google Ads Conversion

We use Google Ads, which is a service provided by Google (Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland and Google, LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, US; hereinafter referred to as “Google” and “Google Ads”), in order to use ads (formerly known as “Google AdWords”) to draw attention to our attractive services on external websites. In relation to the data of the advertising campaigns, we can determine how successful the individual advertising activities are. These ads are delivered by Google via so-called ad servers. For this purpose, we use ad server cookies, which can be used to measure certain parameters for reach measurement, such as the display of ads or clicks by users. If you reach our website via a Google ad, Google Ads stores a cookie on your device. Google uses the cookies to process the information generated by your device about interactions with our ads (retrieval of a particular web page or clicking on an ad), and the data mentioned under “Using our website” – in particular the IP address, browser information, the website visited before and the date and time of the server request – for the purpose of analysing and visualising the reach measurement of our ads. For this purpose, it is also possible to determine whether different devices belong to you or to your household. Due to the marketing tools used, your browser automatically establishes a direct connection to the Google server. If you are registered with a Google service, Google can associate the visit with your account. Even if you are not registered with Google or have not logged in, it is possible that the provider will obtain and process your IP address. We only receive statistical analyses from Google for the purpose of measuring the success of our ads. With regard to the storage of and access to information in your device, the legal basis is Sect. 25(1) TTDSG; for further processing, the legal basis is Art. 6(1) Sentence 1(a) GDPR. Google also processes the data in part in the US. No EU Commission adequacy decision exists for data transfers to the US. So-called standard contractual clauses have been concluded with Google, LLC in order to commit Google, LLC to an appropriate level of data protection. You can obtain a copy of the standard contractual clauses at: https://cloud.google.com/terms/sccs The maximum storage period with Google is one year. For further information about the protection of your data and how long Google stores your data, please refer to: https://policies.google.com/privacy

You can withdraw your consent to the processing at any time by moving the slider back in the consent tool settings. Please note that this will not affect the lawfulness of the processing before your withdrawal.

Copyright by Spirit Legal

Data Privacy Policy

Information about the processing of your data

In accordance with Art. 12 of the General Data Protection Regulation (hereinafter referred to as the GDPR), we are obliged to inform you about the processing of your data when you use our website. We take the protection of your personal data very seriously, and this privacy policy informs you about the details of the processing of your data and about your legal rights in this regard.

We reserve the right to adapt the privacy policy with future effect, in particular in the event of further development of the website, the use of new technologies or changes to the legal bases or the corresponding case law.

We recommend that you read this privacy policy from time to time and take a printout or a copy for your documents.

Definitions

  • In the following, website means all of the controller’s pages at https://www.koehlers-forsthaus.de;
  • personal data means any information relating to an identified or identifiable natural person. A natural person is identifiable if they can be identified, either directly or indirectly, in particular by means of assignment to an identifier such as a name, to an identification number, to location data, to an online identifier or to one or more special features that are an expression of the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person. Personal data is therefore, for example, a person’s name, email address and telephone number, but may also include information about preferences, hobbies and memberships;
  • processing means operations or sets of operations carried out with or without the aid of automated procedures in connection with personal data, such as the collection, recording, organisation, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment, combination, restriction, erasure or destruction;
  • pseudonymisation means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data cannot be attributed to an identified or identifiable natural person;
  • consent means any freely given, specific, informed and unambiguous indication of the data subject’s wishes in a particular case by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her; and
  • Google means Google, Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; reachable in the European Union at: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001.

Scope

This privacy policy applies to all pages of https://www.koehlers-forsthaus.de. It does not cover any linked websites of other providers.

Responsible provider

The following party is responsible for the processing of personal data within the scope of this privacy policy:

Köhlers Forsthaus, Frank Köhler e.K.
Hoheberger Weg 192, 26605 Aurich, Germany
Telefon: +49 (0) 4941 / 1792 – 0; Telefax: +49 (0) 4941 / 1792 17
represented by:
Frank Köhler e.K.

Questions about data protection

If you have any questions about data protection with regard to our company or our website, you can contact our data protection officer:

Spirit Legal LLP Rechtsanwälte
Attorney-at-law and data protection officer
Peter Hense
Postal address:
Data protection officer
c/o Köhlers Forsthaus, Frank Köhler e.K., Hoheberger Weg 192, 26605 Aurich, Germany
Email: datenschutz@koehlers-forsthaus.de

Contact via encrypted online form:

Contact data protection officer

Security

We have taken comprehensive technical and organisational precautions to protect your personal data from unauthorised access, abuse, loss and other external disruption. To this end, we regularly review our security measures and adapt them to current standards.

Your rights

You have the following rights with regard to the personal data concerning you that you can assert against us:

  • right of access (Art. 15 GDPR),
  • right to rectification (Art. 16 GDPR) or erasure (Art. 17 GDPR),
  • right to restriction of processing (Art. 18 GDPR),
  • right to object to processing (Art. 21 GDPR),
  • right to withdraw your consent (Art. 7(3) GDPR),
  • right to receive the data in a structured, commonly used, machine-readable format (‘data portability’) and the right to transfer the data to another controller, if the prerequisites of Art. 20(1) (a) and (b) GDPR are fulfilled (Art. 20 GDPR).

You can assert your rights by informing us using the contact details specified above under ‘Responsible provider’ or by contacting the data protection officer designated by us.

You also have the right to lodge a complaint with a data protection supervisory authority about our processing of your personal data (Art. 77 GDPR).

Use of the website, access data

In principle, you can use our website for purely informational purposes without disclosing your identity. When you access the individual pages of the website in this sense, this only results in access data being transferred to our web hosting service so that the website can be displayed to you. This is the following data:

  • browser type/browser version
  • operating system used
  • language and version of the browser software
  • hostname of the accessing device
  • IP address
  • website from which the request comes
  • content of the request (specific page)
  • date and time of the server request
  • access status/HTTP status code
  • referrer URL (website visited before)
  • volume of data transferred
  • time zone difference from Greenwich Mean Time (GMT)

Temporary processing of the IP address by the system is necessary to make it technically possible to deliver the website to your device. This requires processing of your IP address for the duration of the session. The legal basis for such processing is Art. 6(1) Sentence 1(f) GDPR.

The access data is not used to identify individual users and is not combined with other data sources. The access data is deleted when it is no longer required for achieving the purpose of its processing. In the case of recording the data to provide the website, this is the case when you end your visit to the website.

IP addresses are stored in log files to ensure the functionality of the website. In addition, the data serves us to optimise the website and to ensure the security of our information technology systems. No evaluation of the data for marketing purposes takes place in this context either. In principal, data is deleted after seven days at the latest; further processing is possible in individual cases. In this case, the IP address is deleted or so transformed that an assignment of the retrieving client is no longer possible.

The recording of data for the provision of the website and the processing of data in log files is an absolute necessity for the operation of the website. You may object to the processing. Your right of objection exists if you have reasons arising from your particular situation, unless we can prove compelling legitimate reasons for the processing which outweigh your interests, rights and freedoms or, moreover, the processing serves to establish and exercise or defend against legal claims (Art. 21(1) GDPR). In the event that your objection is justified, we will examine the situation and either stop or adjust the data processing or point out to you the compelling legitimate reasons on the basis of which we will continue processing.

Cookies

In addition to the aforementioned access data, so-called cookies are stored in the internet browser of the device you use to access the website. These are small text files with a sequence of numbers that are stored locally in the cache of the browser used. Cookies do not become part of the device system and cannot execute programs. They serve to make our website user-friendly. The use of cookies may be technically necessary or may occur for other purposes (e.g. analysis/evaluation of website usage).

  1. a) Technically necessary cookies

Some elements of our website require that the retrieving browser can be identified even after a page change. This involves processing the following data in the cookies:

  • language settings,
  • items in shopping basket,
  • login information.

The user data collected by technically necessary cookies is not processed to create user profiles. We also use session cookies, which store a session ID that can be used to assign various requests from your browser to the shared session. Session cookies are required for using the website. In particular, they enable us to recognise the device used when you return to the website. If you have an account with us, we use this cookie to recognise you on subsequent visits to the website; otherwise you would have to log in again each time you visited. The legal basis for this processing is Art. 6(1) Sentence 1(f) GDPR. We use session cookies to make using our website more attractive and effective. Session cookies are deleted as soon as you log out or close your browser.

Most browsers are preset to automatically accept cookies. You can object to the processing of your data by cookies. Your right of objection exists if you have reasons arising from your particular situation, unless we can prove compelling legitimate reasons for the processing which outweigh your interests, rights and freedoms or, moreover, the processing serves to establish and exercise or defend against legal claims (Art. 21(1) GDPR). In the event that your objection is justified, we will examine the situation and either stop or adjust the data processing or point out to you the compelling legitimate reasons on the basis of which we will continue processing.

You can disable or restrict the transfer of cookies by changing the settings in your internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are disabled for our website, it may no longer be possible to use the full functionality of the website.

  1. b) Technically non-essential cookies

 In addition, we also use cookies on the website which enable an analysis of users’ surfing behaviour. For example, this involves processing the following data in the cookies:

  • entered search terms
  • frequency of page views
  • use of website functions

These cookies are used to make using the website more efficient and attractive. The legal basis for this processing is Art. 6(1) Sentence 1(f) GDPR. The technically non-essential cookies are automatically deleted after a specified period, which may vary depending on the cookie.

You can object to the processing of your data by cookies. If you do not wish to use cookies, you have the option of changing your browser settings in order to generally or selectively block the placement of cookies or remove stored cookies. You can also have the corresponding information displayed before a cookie is placed. If you change the browser settings for the use of cookies or disable cookies, the functionality of this website may be restricted.

Where we integrate cookies from third-party providers into our website, we point this out to you separately below.

Contacting our company

When contacting our company, e.g. by email or using the contact form, the support form or a feedback tool on the website, the personal data provided by you will be processed by us so that we can respond to your enquiry.

In order for us to process enquiries submitted via the contact form on the website, it is essential that you provide a name or pseudonym, company, job title, telephone number and a valid email address. At the moment when you submit the message to us, the following data, among others, will also be processed:

  • IP address
  • date/time of registration

The legal basis for the processing is Art. 6(1) Sentence 1(f) GDPR and Art. 6(1) Sentence 1(b) GDPR, if the contact is made with the intention of concluding a contract.

Processing the personal data from the form allows us to process the contact you make with us. Where you contact us by email, this also constitutes the necessary legitimate interest in the processing of the data. The other personal data processed during the submission process serves to prevent any misuse of the contact form and to ensure the security of our information technology systems.

The data will not be transmitted to third parties in this context. As soon as processing is no longer necessary, we delete the data generated in this context or, if statutory retention obligations apply, restrict processing of the data.

You have the possibility to object to the processing of your personal data for contact requests at any time. Your right of objection exists if you have reasons arising from your particular situation, unless we can prove compelling legitimate reasons for the processing which outweigh your interests, rights and freedoms or, moreover, the processing serves to establish and exercise or defend against legal claims (Art. 21(1) GDPR). In particular, you have a right of objection if processing is not necessary to fulfil a contract with you, which is described by us in the previous description of the functions. In such a case, it may not be possible to continue processing the request. In the event that your objection is justified, we will examine the situation and either stop or adjust the data processing or point out to you the compelling legitimate reasons on the basis of which we will continue processing.

Processing and transmission of personal data for contractual purposes

We process your personal data if and to the extent necessary for the initiation, creation, execution and/or termination of a legal transaction with our company. The legal basis for this results from Art. 6(1) Sentence 1(b) GDPR.

Once the purpose has been achieved (e.g. contract processing), the personal data will be blocked for further processing or erased, unless we are entitled to retain the data for a longer period and process it as required in the respective context on the basis of a consent granted by you (e.g. consent to the processing of your email address for sending promotional emails), a contractual agreement, a statutory authorisation (e.g. authorisation to send direct advertising) or on the basis of justified interests (e.g. retention for asserting claims).

Your personal data will be passed on if

  • it is necessary for the creation, execution or termination of legal transactions with our company (e.g. when transmitting data to a payment service provider/a shipping company to process a contract with you) (Art. 6(1) Sentence 1(b) GDPR), or
  • a subcontractor or party we use to perform our obligations, which we use exclusively within the framework of providing the offers or services requested by you, needs this data (unless you are expressly informed otherwise, such auxiliary parties are only entitled to process the data insofar as this is necessary for the provision of the offer or service), or
  • there is an enforceable official order (Art. 6(1) Sentence 1(c) GDPR) or
  • there is an enforceable court order (Art. 6(1) Sentence 1(c) GDPR) or
  • we are legally obliged to do so (Art. 6(1) Sentence 1(c) GDPR) or
  • the processing is necessary in order to protect the vital interests of the data subject or another natural person (Art. 6(1) Sentence 1(d) GDPR) or
  • we are authorised or even obliged to pursue overriding legitimate interests (Art. 6(1) Sentence 1(f) GDPR).

Your personal data will not be transmitted to other persons, companies or bodies unless you have effectively consented to such transmission. The legal basis for the processing is then Art. 6(1) Sentence 1(a) GDPR.

Processing and transmission of personal data in the online shop

If you wish to submit an order or booking in our online shop, it is necessary for the initiation and conclusion of the contract that you provide personal data such as your name, your address and your email address. The mandatory data required for order and contract processing is marked as such; further information is provided voluntarily. We process your data for order processing; in particular, we will forward payment data to your chosen payment service provider or our main bank. The legal basis for the processing is Art. 6(1) Sentence 1(b) GDPR. To prevent unauthorised third parties from accessing your personal data, the order process on the website is encrypted using SSL/TLS technology.

You can voluntarily create a customer account in which we store your data for future visits to the website. When you create a customer account, the data you enter is processed. Once you have successfully logged in, you are free to edit or delete all other data, including your customer account.

As soon as processing is no longer necessary, we delete the data generated in this context or, if statutory retention obligations apply, restrict processing of the data. Due to mandatory commercial and tax regulations, we are obliged to keep your address, payment and order data for a period of ten years.

Processing of personal data under Section 30 of the Federal Act on Registration (BMG)

Under Section 30 of the German Federal Act on Registration (BMG), commercial accommodation, such as hotels in particular, are obliged to collect the following data from guests on the day of their arrival and to have the registration form signed by hand:

  • date of arrival and planned departure,
  • surname,
  • given names,
  • date of birth,
  • nationalities,
  • address,
  • number of persons travelling together and their nationalities, in the cases of Section 29(2), second and third sentences, and,
  • in the case of foreigners, serial number of the recognised and valid passport or passport substitute.
  • If applicable, further data for collecting tourist and resort taxes.

We are obliged to collect, process and pass on this data under the BMG, and the legal basis of this processing results from Art. 6(1) Sentence 1(c) GDPR.

We erase this data or restrict its processing as soon as this is permitted under the provisions of the BMG and if you have not given your consent (Art. 6(1) Sentence 1(a) GDPR) and there is no other legitimate interest on our part in continued processing.

Email marketing

Advertising to existing customers

We reserve the right to process the email address provided by you when registering/ordering in accordance with the statutory provisions in order to send you the following content by email whilst or after processing the contract, unless you have already objected to this processing of your email address:

  • other interesting offers from our portfolio,
  • new articles/products,
  • information about events of our company or about events our company will attend,
  • sending our catalouque,
  • questions about special requirements,
  • overview of possible leisure offers,
  • information on finding us by public transport.

The legal basis for the processing is Art. 6(1) Sentence 1(f) GDPR. We perform this processing for customer care and to enhance our services. We delete your data when you cancel your newsletter subscription, but no later than two years after termination of the contract.

We would like to point out that you can object to receiving direct advertising at any time without incurring any costs other than the transmission costs according to the basic rates. Here you have a general right of objection without giving reasons (Art. 21(2) GDPR). To do this, click on the unsubscribe link in the newsletter or send us your objection to the contact data provided under ‘Responsible provider’.

Newsletter

You have the possibility to subscribe to our email newsletter on the website, which we use to inform you regularly about content including, but not limited to:

  • offers from our portfolio,
  • information about events of our company or about events our company will attend,
  • new articles/products,
  • special/time-limited offers.

In order to receive the newsletter, you need to give us the following personal data.

  • recipient (name or pseudonym),
  • valid email address.

To subscribe to our email newsletter, please use the double opt-in process. Once you have entered the data marked as mandatory, we will send you an email to the email address you have provided, in which we ask you to expressly confirm your subscription to the newsletter (by clicking on a confirmation link). This is how we ensure that you really want to receive our email newsletter. If no confirmation takes place within 24 hours, we block the information transferred to us and delete it automatically after one month at the latest.

Furthermore, the following data is processed at the time of subscription:

  • IP address,
  • date/time of registration for the newsletter,
  • time when you click on the confirmation link.

We process your IP address, the time of registration for the newsletter and the time of your confirmation in order to document your newsletter registration and to prevent abuse of your personal data. The legal basis for the processing is Art. 6(1) Sentence 1(f) GDPR. We process this data until two years after termination of the contract. If registration for the newsletter takes place and it is unrelated to the conclusion of a contract, we process this data until two years after termination of the usage. We delete this data when the newsletter subscription ends.

After your confirmation, we will process the email address and name/pseudonym of the recipient concerned for the purpose of sending our email newsletter. The legal basis of the processing is Art. 6(1) Sentence 1(a) GDPR. We delete this data when you unsubscribe from the newsletter.

You can withdraw your consent to the processing of your email address for receiving the newsletter at any time, either by sending us a message (see the contact details under ‘Responsible provider’) or by clicking directly on the unsubscribe link in the newsletter. This does not affect the lawfulness of processing that has occurred based on the consent up until the point of your withdrawal (Art. 13(2)(c) GDPR).

CleverReach email marketing service

We use CleverReach to send newsletters. It is provided by CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede. CleverReach is a service which allows the organisation and analysis of newsletter mailing. The data you enter to subscribe to the newsletter (e.g. email address) will be stored on CleverReach’s servers in Germany and/or Ireland.

The newsletters we send out with CleverReach enable us to analyse the behaviour of newsletter recipients. Among other things, it is possible to analyse how many recipients have opened the newsletter message and how often each link was clicked on in the newsletter. With the help of what’s known as conversion tracking, it can also be analysed whether a pre-defined action (e.g. purchase of a product on our website) took place after the newsletter link was clicked on. For more information about data analysis by CleverReach newsletters, please refer to: https://www.cleverreach.com/en/features/reporting-tracking/.

The analysis of the information mentioned serves to recognise the reading habits of the recipients so as to better adapt and distribute our newsletter content accordingly. The legal basis of the processing is Art. 6(1) Sentence 1(f) GDPR. We process this data until two years after termination of the contract. If registration for the newsletter takes place and it is unrelated to the conclusion of a contract, we process this data until two years after termination of the usage. We delete this data when the newsletter subscription ends. We have no knowledge of how long CleverReach stores data and have no way of influencing this. For more details, please refer to the CleverReach privacy policy at: https://www.cleverreach.com/en/privacy-policy/.

You can object to the processing in the future at any time by clicking on the unsubscribe link at the end of the newsletter. Your right of objection exists if you have reasons arising from your particular situation, unless we can prove compelling legitimate reasons for the processing which outweigh your interests, rights and freedoms or, moreover, the processing serves to establish and exercise or defend against legal claims (Art. 21(1) GDPR).

This will simultaneously end the processing of data for you being sent the newsletter and for statistical analysis. It is not possible to object to the distribution via CleverReach or the statistical evaluation separately.

Alternatively, you can object at http://www.aboutads.info/choices/ and http://www.youronlinechoices.com/ (for the European Union area).

DialogShift chat application on our website

Our website uses the chat application of DialogShift GmbH, Rheinsberger Str. 76/77, 10115 Berlin. This application processes and stores data for the purpose of web analysis, to operate the chat application and to answer queries. 

For the operation of the chat function, the chat texts are stored and a cookie with a unique ID is set - this is used to recognise you as a customer. 

A cookie is a small text file that is stored locally in the cache on your device. Using this cookie, our application recognises the device and can retrieve past chat logs. This cookie is stored for 90 days since last use. You can disable the storage of cookies in your browser settings. However, without the use of cookies, the chat function cannot be performed.

The possible disclosure of e.g. name, e-mail address or a telephone number is voluntary and with the consent to temporarily use and store this data for the purpose of contacting you until the end of the contact. This personal data is deleted after 90 days. 

The legal basis for data processing is Article 6 (1) lit. F DS-GVO based on our legitimate interest in effective customer support, for statistical analysis of user behaviour and for optimisation purposes of our offers.

DialogShift offers at https://www.dialogshift.com/en/data-privacy for further information on the collection and use of data and on your rights and options for protecting your privacy. 

Payment service providers (PSPs)

Transmission of personal data for credit card payments

In principle, your personal data is only passed on to the extent necessary for the execution of the contract. Specifically, for payment processing, we transmit the payment data required for this to the bank commissioned with the payment or, if applicable, to the payment and invoicing service provider commissioned by us.

The processing is performed on the basis of Art. 6(1) Sentence 1(b) GDPR (processing for the performance of a contract). The data required for payment processing is transmitted securely using SSL encryption and processed exclusively for payment processing. As soon as processing is no longer necessary, we delete the data generated in this context or, if statutory retention obligations apply, restrict processing of the data.

Transmission of personal data for purposes of enforcing rights/ascertaining an address/debt collection

In the event of non-payment, we reserve the right to pass on the data provided at the time of ordering/booking to a lawyer and/or to external companies (e.g. Verband der Vereine Creditreform e.V., Hellersbergstraße 12, 41460 Neuss, Germany) if we have a legitimate interest pursuant to Art. 6(1) Sentence 1(f) GDPR in order to ascertain an address and/or enforce our rights.

In addition, we may pass on your information if this is necessary to protect our rights, as well as the rights of our affiliates, our cooperation partners, our employees and/or users of our website. Under no circumstances will we sell or rent your data to third parties. Such a transmission of your data would be based on Art. 6(1) Sentence 1(f) GDPR.

As soon as processing is no longer necessary, we delete the data generated in this context or, if statutory retention obligations apply, restrict processing of the data.

You have the possibility to object to the processing of your data at any time. Your right of objection exists if you have reasons arising from your particular situation, unless we can prove compelling legitimate reasons for the processing which outweigh your interests, rights and freedoms or, moreover, the processing serves to establish and exercise or defend against legal claims (Art. 21(1) GDPR). In particular, you have a right of objection if processing is not necessary to fulfil a contract with you, which is described by us in the previous description of the functions. In the event that your objection is justified, we will examine the situation and either stop or adjust the data processing or point out to you the compelling legitimate reasons on the basis of which we will continue processing.

Hosting

We use external hosting services for the provision of the following services: infrastructure and platform services, computing capacity, storage resources and database services, security and technical maintenance services. This involves processing all data necessary for the operation and use of our website.

We use external hosting services to run this website. By using external hosting services, we aim to make the provision of our website efficient and secure. The legal basis of the processing is Art. 6(1) Sentence 1(f) GDPR.

The recording of data for the provision and use of the website and the processing of data using external web hosting services is an absolute necessity for the operation of the website. You may object to the processing. Your right of objection exists if you have reasons arising from your particular situation, unless we can prove compelling legitimate reasons for the processing which outweigh your interests, rights and freedoms or, moreover, the processing serves to establish and exercise or defend against legal claims (Art. 21(1) GDPR). In the event that your objection is justified, we will examine the situation and either stop or adjust the data processing or point out to you the compelling legitimate reasons on the basis of which we will continue processing.

Integration of third-party content

The website integrates third-party content such as videos, maps, RSS feeds and graphics from other websites. This integration always requires that the providers of this content (“third-party providers”) perceive the IP addresses of users. This is because without the IP address they would not be able to send the content to the browser of the respective user. As such, the IP address is required to display this content.

We endeavour to only use content from third-party providers who process the IP address solely for delivering the content. We do however have no influence over whether the third-party providers process the IP addresses, e.g. for statistical purposes. If we are aware of such activity, we inform you of this in the following.

Some of the third parties may process data outside the European Union.

You can object by installing a JavaScript blocker such as the browser plug-in NoScript (www.noscript.net) or disabling JavaScript in your browser. Your right of objection exists if you have reasons arising from your particular situation, unless we can prove compelling legitimate reasons for the processing which outweigh your interests, rights and freedoms or, moreover, the processing serves to establish and exercise or defend against legal claims (Art. 21(1) GDPR). This may however result in functional restrictions on the website.

Google Tag Manager

We use Google Tag Manager on our website. Google Tag Manager is a solution that allows marketers to manage website tags through a single interface. The Tag Manager tool itself (which implements the tags) is a cookieless domain and does not record any personal data. The tool triggers other tags, which in turn may record data. Google Tag Manager does not access this data. If deactivation has occurred at the domain or cookie level, it will remain effective for all tracking tags implemented with Google Tag Manager.

Integration of Google Maps

This website also uses the Google Maps service from Google to display maps or sections of maps, thus enabling you to conveniently use the map function on the website.

By visiting the website, Google receives the information that you have retrieved the corresponding subpage of our website. In addition, the data mentioned under ‘Access data’ is transferred to Google. This occurs regardless of whether Google provides a user account that you are logged in with or no user account exists. If you are logged in to Google, your data will be directly associated with your account. If you do not wish for this data to be associated with your Google profile, you must log out before activating the button.

Google stores your data as usage profiles and processes it for purposes of advertising, market research and/or the demand-oriented design of its website. Such analysis takes place in particular (even for users who are not logged in) to provide demand-oriented advertising and to inform other users of the social network about your activities on our website.

The legal basis for the processing is Art. 6(1) Sentence 1(f) GDPR. The processing serves to make our website more attractive and to offer you additional services. We have no knowledge of how long Google stores data and have no way of influencing this.

You have the right to object to the processing, although you must contact Google to exercise this right. Your right of objection exists if you have reasons arising from your particular situation, unless we can prove compelling legitimate reasons for the processing which outweigh your interests, rights and freedoms or, moreover, the processing serves to establish and exercise or defend against legal claims (Art. 21(1) GDPR). You can disable or restrict the transfer of cookies by changing the settings in your internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are disabled for our website, it may no longer be possible to use the full functionality of the website.

For more information about the purpose and scope of processing by the plug-in provider, please refer to the provider’s privacy policy. There you will also find further information about your rights in this regard and settings options to protect your privacy: http://www.google.de/intl/de/policies/privacy. Google also processes your personal data in the USA and has subjected itself to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework. For more information about the Google Maps terms of use, please refer to https://www.google.com/intl/de_de/help/terms_maps.html.

YouTube videos

Our website uses plug-ins from the video platform YouTube.de/YouTube.com, a service whose provider – represented by Google – is YouTube LLC (headquartered at 901 Cherry Avenue, San Bruno, CA 94066, USA; “YouTube”). The plug-ins allow us to embed visual content (“videos”) on this website that we have published on Youtube.de/Youtube.com.

The videos are all embedded in ‘extended privacy mode’, which means that no data about you as a user will be transferred to YouTube if you do not play the videos. Only when you play the videos is the following data transferred. We have no influence on this data transfer.

By visiting the website, YouTube receives the information that you have retrieved the corresponding subpage of our website. In addition, the data mentioned under ‘Access data’ is transmitted. This occurs regardless of whether YouTube provides a user account that you are logged in with or whether no user account exists. If you are logged in to Google, your data will be directly associated with your account. If you do not wish for this data to be associated with your YouTube profile, you must log out before activating the button. YouTube stores your data as usage profiles and processes it for purposes of advertising, market research and/or the demand-oriented design of its website. Such analysis takes place in particular (even for users who are not logged in) to provide demand-oriented advertising and to inform other users of the social network about your activities on our website. Google also processes your personal data in the USA and has subjected itself to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

The legal basis of the processing is Art. 6(1) Sentence 1(f) GDPR. The processing serves to make our website more attractive and to offer you additional services. We have no knowledge of how long YouTube stores data and have no way of influencing this.

You have the right to object to the processing, although you must contact YouTube to exercise this right. Your right of objection exists if you have reasons arising from your particular situation, unless we can prove compelling legitimate reasons for the processing which outweigh your interests, rights and freedoms or, moreover, the processing serves to establish and exercise or defend against legal claims (Art. 21(1) GDPR). You can disable or restrict the transfer of cookies by changing the settings in your internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are disabled for our website, it may no longer be possible to use the full functionality of the website.

For more information about the purpose and scope of processing by YouTube, please refer to its privacy policy at https://www.google.de/intl/en/policies/privacy.

Services for statistical, analysis and marketing purposes

We use services from third parties for statistical, analysis and marketing purposes. This enables us to offer you a user-friendly, optimised experience when visiting the website. The third-party providers use cookies to control their services (see ‘Cookies’ above). Unless otherwise explained below, this does not involve the processing of personal data.

Some of the third-party providers offer users the option of directly objecting to the use of the respective feature, e.g. by placing an opt-out cookie.

If you activate such an opt-out cookie, the third-party provider will no longer process data about your usage behaviour in the future. It is also possible to merely object individually to a partial selection of external services. If you change the browser or device used or delete all cookies, you will be required to set the opt-out cookie again.

Furthermore, you can also object directly to the use of cookies via the opt-out platform of the organisation Bundesverband Digitale Wirtschaft e.V. (BVDW) at http://www.meine-cookies.org/cookies_verwalten/praeferenzmanager.html or via the deactivation page of the Network Advertising Initiative at http://www.networkadvertising.org/choices/. Your right of objection exists if you have reasons arising from your particular situation, unless we can prove compelling legitimate reasons for the processing which outweigh your interests, rights and freedoms or, moreover, the processing serves to establish and exercise or defend against legal claims (Art. 21(1) GDPR). As regards objecting to data processing for direct marketing purposes, you have a general right of objection without giving reasons (Art. 21(2) GDPR). More information about usage-based advertising and opt-out options can also be viewed via the following link: http://www.youronlinechoices.com/de/.

In the following, we inform you about the services from external providers currently in use on our website, about the purpose and scope of the respective processing in each case, and about how you can object.

Google Analytics

In order to tailor our website perfectly to your interests, we use Google Analytics, a web analytics service from Google. Google Analytics uses ‘cookies’ (see ‘Cookies’ above), which are stored on your device to enable the analysis of how you use the website. The information generated in this way about your use of this website is transferred to and stored by Google on a server in the USA.

However, if IP anonymisation is activated on this website, then within European Union Member States or in other member states of the European Economic Area Google will shorten your IP address before transferring it. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. On our behalf, Google will use this information for the purpose of evaluating your use of this website, compiling reports for us on website activity, and providing us with other services relating to website usage and internet usage.

Google will not associate your browser’s IP address transmitted for Google Analytics purposes with any other data held by Google. This website uses Google Analytics with the “_anonymizeIp()” extension. As a result, IP addresses are further processed in abbreviated form, meaning that any association with individual persons can be ruled out. As far as the data collected about you relates to you personally, that relation is therefore excluded immediately and the personal data thus erased without delay.

We use Google Analytics to analyse and regularly improve the use of our website. The statistics help us to improve our website and make it more interesting for you as a user. For the exceptional cases in which personal data is transferred to the USA, Google has subjected itself to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework. The legal basis for the processing by Google Analytics is Art. 6(1) Sentence 1(f) GDPR. We have no knowledge of how long Google stores data and have no way of influencing this.

You have the right to object. You can prevent the storage of cookies using the corresponding settings in your browser software; however, we would like to point out that if you do this you may not be able to use the full functionality of this website. Your right of objection exists if you have reasons arising from your particular situation, unless we can prove compelling legitimate reasons for the processing which outweigh your interests, rights and freedoms or, moreover, the processing serves to establish and exercise or defend against legal claims (Art. 21(1) GDPR). As regards objecting to data processing for direct marketing purposes, you have a general right of objection without giving reasons (Art. 21(2) GDPR). Furthermore, you can prevent the recording of data generated by the cookie about your use of the website (including your IP address) and its processing by Google by downloading and installing the browser plug-in available via the following link: http://tools.google.com/dlpage/gaoptout?hl=en.

For more information about the third-party provider Google, please refer to:

http://www.google.com/analytics/terms/de.html,

http://www.google.com/intl/de/analytics/learn/privacy.html,

http://www.google.de/intl/de/policies/privacy.

Usage-based online advertising

Facebook Custom Audiences

The website also uses the Website Custom Audiences function by means of the so-called Facebook Pixel, provided by Facebook, Inc. (the provider is Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, email: impressum-support@support.facebook.com, data protection information at: https://www.facebook.com/privacy/explanation; hereinafter referred to as “Facebook”).

This allows users of the website to see interest-based ads (“Facebook Ads”) when visiting the social network Facebook or other websites that also use the process. Here we are pursuing the interest of showing you ads that are of interest to you in order to make our website more interesting for you.

Due to the marketing tools used, your browser automatically establishes a direct connection to the Facebook server. We have no influence on the extent and further processing of the data collected by Facebook through the use of this tool and therefore inform you according to what we know: By integrating Facebook Custom Audiences, Facebook receives the information that you have retrieved the corresponding page on our website, or that you have clicked on one of our ads. If you are registered with a Facebook service, Facebook can associate the visit with your account. Even if you are not registered with Facebook or have not logged in, it is possible that the provider will obtain and store your IP address and other identifying information.

The legal basis of the processing of your data is Art. 6(1) Sentence 1(f) GDPR. In this case, we do not store any personal data about you. We have no knowledge of how long Facebook stores data and have no way of influencing this.

Logged-in users can disable the Facebook Custom Audiences function at https://www.facebook.com/settings/?tab=ads# in order to exercise their right to object. Your right of objection exists if you have reasons arising from your particular situation, unless we can prove compelling legitimate reasons for the processing which outweigh your interests, rights and freedoms or, moreover, the processing serves to establish and exercise or defend against legal claims (Art. 21(1) GDPR). As regards objecting to data processing for direct marketing purposes, you have a general right of objection without giving reasons (Art. 21(2) GDPR).

There are various ways in which you can block the Facebook Custom Audiences function and thus make use of your right to object:

  • by setting your browser software accordingly; in particular, disabling third-party cookies means that you will not receive any ads from third-party providers;
  • by disabling interest-based ads from providers who are part of the “About Ads” self-regulation initiative via the link http://www.aboutads.info/choices; please note that this setting will be erased if you erase your cookies.

For more information about processing by Facebook, please refer to: https://www.facebook.com/about/privacy

Facebook Analytics

To use Facebook Analytics we also use the so-called Facebook Pixel, provided by Facebook, Inc. (the provider is Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, email: impressum-support@support.facebook.com, data protection information at: https://www.facebook.com/privacy/explanation; hereinafter referred to as “Facebook”) to track your user behaviour. The information obtained by the tracking pixel cookie serves us solely for statistical purposes, is transmitted to us anonymously by Facebook and does not provide any information about the person of the user. Facebook will, however, connect the information to your Facebook account, store and use it for its own promotional purposes in accordance with Facebook’s privacy policy, and may also transfer your data to Facebook’s partners. Even if you are not registered with Facebook or have not logged in, it is possible that the provider will obtain and store your IP address and other identifying information.

The processing of your data in this regard is in accordance with Art. 6(1)(f) GDPR. By using Facebook Analytics, we are pursuing the interest of being able to better evaluate our website and improve our range of services. In this case, we do not store any personal data about you. We have no knowledge of how long Facebook stores data and have no way of influencing this.

Logged-in users can disable the Facebook Analytics function at https://www.facebook.com/settings/?tab=ads# in order to exercise their right to object. Your right of objection exists if you have reasons arising from your particular situation, unless we can prove compelling legitimate reasons for the processing which outweigh your interests, rights and freedoms or, moreover, the processing serves to establish and exercise or defend against legal claims (Art. 21(1) GDPR). As regards objecting to data processing for direct marketing purposes, you have a general right of objection without giving reasons (Art. 21(2) GDPR).

There are various ways in which you can block the Facebook Analytics function and thus make use of your right to object:

  • by setting your browser software accordingly; in particular, disabling third-party cookies means that you will not receive any ads from third-party providers;
  • by disabling interest-based ads from providers who are part of the “About Ads” self-regulation initiative via the link http://www.aboutads.info/choices; please note that this setting will be erased if you erase your cookies.

For further information about Facebook’s data protection provisions, please refer to the relevant privacy policy at https://de-de.facebook.com/about/privacy/.

Google AdWords Conversion

We use the services of Google AdWords from Google to draw attention to our attractive offers with the help of advertising media (so-called Google AdWords) on external websites. In relation to the data of the advertising campaigns, we can determine how successful the individual advertising measures are. Here we are pursuing the interest of showing you ads that are of interest to you in order to make our website more interesting for you and to achieve a fair calculation of advertising costs.

These advertising media are delivered by Google via so-called ad servers. For this purpose, we use ad server cookies, which can be used to measure certain parameters for measuring success, such as the display of ads or clicks by users. If you reach our website via a Google ad, Google AdWords stores a cookie on your device. These cookies usually expire after 30 days and are not intended to identify you personally. Analysis values usually stored for this cookie are the unique cookie ID, the number of ad impressions per placement (frequency), the last impression (relevant for post-view conversions) and opt-out information (marker showing that the user no longer wishes to be targeted).

These cookies allow Google to recognise your internet browser. If a user visits certain pages of an AdWords customer’s website and the cookie stored on their device has not yet expired, Google and the customer can recognise that the user has clicked on the ad and has been redirected to this site. Each AdWords customer is assigned a different cookie. Cookies cannot therefore be tracked via the websites of AdWords customers. We do not process any personal data ourselves in the aforementioned advertising measures. We only receive statistical analyses from Google. On the basis of these analyses, we can recognise which of the advertising measures used are particularly effective. We do not receive any further data from the use of advertising media; in particular, we cannot identify users on the basis of this information.

Due to the marketing tools used, your browser automatically establishes a direct connection to the Google server. We have no influence on the extent and further processing of the data collected by Google through the use of this tool and therefore inform you according to what we know: By integrating AdWords Conversion, Google receives the information that you have retrieved the corresponding part of our website, or that you have clicked on one of our ads. If you are registered with a Google service, Google can associate the visit with your account. Even if you are not registered with Google or have not logged in, it is possible that the provider will obtain and store your IP address.

The legal basis of the processing of your data is Art. 6(1) Sentence 1(f) GDPR. We have no knowledge of how long Google stores data and have no way of influencing this.

You have the right to object to the processing of your data. Your right of objection exists if you have reasons arising from your particular situation, unless we can prove compelling legitimate reasons for the processing which outweigh your interests, rights and freedoms or, moreover, the processing serves to establish and exercise or defend against legal claims (Art. 21(1) GDPR). As regards objecting to data processing for direct marketing purposes, you have a general right of objection without giving reasons (Art. 21(2) GDPR).

There are various ways in which you can prevent your participation in this tracking procedure:

  • by setting your browser software accordingly; in particular, disabling third-party cookies means that you will not receive any ads from third-party providers;
  • by disabling cookies for conversion tracking, by setting your browser in such a way that it blocks cookies from the domain www.googleadservices.com, https://www.google.de/settings/ads; please note that this setting will be erased if you erase your cookies;
  • by disabling interest-based ads from providers who are part of the “About Ads” self-regulation initiative via the link http://www.aboutads.info/choices; please note that this setting will be erased if you erase your cookies;
  • by permanent deactivation in your browser Firefox, Internet Explorer or Google Chrome via the link http://www.google.com/settings/ads/plugin. We would like to point out that if you do so you may not be able to use the full functionality of this service.

For further information about privacy at Google, please refer to: http://www.google.com/intl/de/policies/privacy and https://services.google.com/sitestats/de.html. Alternatively, you can visit the website of the Network Advertising Initiative (NAI) at http://www.networkadvertising.org.

Google has subjected itself to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

Google DoubleClick

Furthermore, our website uses Google’s online marketing tool DoubleClick. DoubleClick uses cookies to display relevant ads to users, improve campaign performance reports, and to prevent a user from seeing the same ads more than once. Google uses a cookie ID – a pseudonymous identification number assigned to your browser – to track which ads are displayed in which browser and can thus prevent them from being displayed more than once. This pseudonym is assigned information about user activities on the website. This allows Google and its partner sites to display ads based on previous visits to websites. In addition, DoubleClick can use the cookie ID to record conversions related to ad requests. This happens for example when a user sees a DoubleClick ad and later visits the advertiser’s website with the same browser and buys something there.

The information generated by DoubleClick cookies is transferred to and stored by Google on servers in the USA. Google complies with the data protection provisions of the EU-US Privacy Shield agreement and is certified for the Privacy Shield, https://www.privacyshield.gov/EU-US-Framework. The data will only be transferred to third parties within the scope of legal regulations or order processing. According to Google, DoubleClick cookies do not contain any personal information.

Due to the marketing tools used, your browser automatically establishes a direct connection to the Google server. We have no influence on the extent and further processing of the data collected by Google through the use of this tool and therefore inform you according to what we know: By integrating DoubleClick, Google receives the information that you have retrieved the corresponding part of our website, or that you have clicked on one of our ads. If you are registered with a Google service, Google can associate the visit with your account. Even if you are not registered with Google or have not logged in, it is possible that the provider will obtain and store your IP address.

The legal basis of the processing is Art. 6(1) Sentence 1(f) GDPR. The DoubleClick cookies are deleted after six months at the latest. By using DoubleClick, we are pursuing the interest of showing you ads that may be of interest to you in order to make our website more interesting for you.

You have the right to object. Your right of objection exists if you have reasons arising from your particular situation, unless we can prove compelling legitimate reasons for the processing which outweigh your interests, rights and freedoms or, moreover, the processing serves to establish and exercise or defend against legal claims (Art. 21(1) GDPR). As regards objecting to data processing for direct marketing purposes, you have a general right of objection without giving reasons (Art. 21(2) GDPR). There are various ways in which you can prevent your participation in this tracking procedure:

  • by setting your browser software accordingly; in particular, disabling third-party cookies means that you will not receive any ads from third-party providers;
  • by disabling cookies for conversion tracking, by setting your browser in such a way that it blocks cookies from the domain www.googleadservices.com, https://www.google.de/settings/ads; please note that this setting will be erased if you erase your cookies;
  • by disabling interest-based ads from providers who are part of the “About Ads” self-regulation initiative via the link http://www.aboutads.info/choices; please note that this setting will be erased if you erase your cookies;
  • by permanent deactivation in your browser Firefox, Internet Explorer or Google Chrome via the link http://www.google.com/settings/ads/plugin.

For more information about DoubleClick, please refer to: https://www.google.de/doubleclick, http://support.google.com, https://policies.google.com/privacy?hl=de (about privacy at Google in general).

Social networks plug-ins

Social network plug-ins are integrated on our website. These are provided by the following providers:

The plug-ins can be recognised on our website by the aforementioned lettering or by small stylised symbols.

We offer you the possibility to communicate directly with the provider of the plug-in via the button. Only if you click on the marked field and thereby activate it does the plug-in provider receive the information that you have accessed the corresponding page of our website. In addition, the data mentioned under ‘Access data’ is transferred.

By activating the plug-in, personal data about you is therefore transferred to the respective plug-in provider and processed there (in the USA in the case of US providers). Since the plug-in provider collects data via cookies in particular, we recommend that before clicking on the greyed-out box you delete all cookies using your browser’s security settings.

We have no influence on the data collected and processing procedures, and nor are we aware of the full scope of data processing, the purposes of processing, or the storage periods. Nor do we have any information about the erasure of the data collected by the plug-in provider.

The plug-in provider stores the data collected about you as usage profiles and processes this for purposes of advertising, market research and/or the demand-oriented design of its website. Such analysis takes place in particular (including for users who are not logged in) to display demand-oriented advertising and to inform other users of the social network about your activities on our website.

The legal basis for the use of the plug-ins is Art. 6(1) Sentence 1(f) GDPR. Through the plug-ins we offer you the possibility to interact with social networks and other users, so that we can improve our website and make it more interesting for you as a user.

You have the right to object to the creation of these user profiles, although you must contact the respective plug-in provider to exercise this right. There are also various ways in which you can prevent the creation of user profiles and thus make use of your right to object:

  • by setting your browser software accordingly; in particular, disabling third-party cookies means that you will not receive any ads from third-party providers;
  • by disabling interest-based ads from providers who are part of the “About Ads” self-regulation initiative via the link http://www.aboutads.info/choices; please note that this setting will be erased if you erase your cookies.

The data is transferred regardless of whether you have an account with the plug-in provider and are logged in there. If you are logged in with the plug-in provider, the data about you collected by us will be directly assigned to your existing account with that plug-in provider. If you click or tap on the activated button and, for example, share a link to the page, the plug-in provider will also store this information in your user account and share it publicly with your contacts.

We recommend that you log out regularly after using a social network, especially however before activating the button, as in this way you can avoid being assigned to your profile with the respective plug-in provider.

We use the so-called two-click solution. This means that when you visit our website, no personal data is initially passed on to the providers of the plug-ins.

Copyright by Spiritlegal LLP