Data protection declaration Hotel Zum Goldenen Hirsch
Welcome to our website. So that you feel safe and comfortable when visiting our website, we take the protection of your personal data and its confidential treatment very seriously. We therefore act in accordance with the applicable legal provisions for the protection of personal data and data security.
We would like to point out that data transmission over the Internet (e.g. when communicating by email) can have security gaps. A complete protection of the data against access by third parties is not possible.
With this information on data protection, we would like to inform you about when we save which data and how we use them - of course, taking into account the applicable jurisdiction.
In the following, we have compiled the most important information on typical data processing for you, separated by affected groups. For certain data processing that only affect specific groups, the information requirements are fulfilled separately.
If the term "data" is used in the text, only personal data within the meaning of the GDPR is meant.
1. Visitors to the website
2. Hotel guests
3. Interested parties, communication partners
4. Business partners and their employees
5. Rights of the data subjects and further information
1. Visitors to the website
1.1 Server log data
With every request, our web server processes a series of data that your browser automatically transmits to our web server. This involves the IP address currently assigned to your device, the date and time of the request, the time zone, the specific page or file called up, the http status code and the amount of data transferred; In addition, the website from which your request came, the browser used, the operating system of your device and the language set. The web server uses this data to display the content of this website on your device in the best possible way.
1.2 Analysis of usage behavior - Google Analytics
This website uses Google Analytics, a web analysis service from Google Inc. (“Google”). Google Analytics uses so-called “cookies”, text files that are stored on your computer and that enable your use of the website to be analyzed. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. IP anonymization is activated for this website, i.e. Your IP address will be shortened beforehand by Google within the European Union or in another signatory to the Agreement on the European Economic Area. The full IP address is only transmitted to a Google server in the USA and shortened there in exceptional cases.
Google will use this information as a processor in accordance with Art. 28 GDPR to evaluate your use of the website, to compile reports on website activity and to provide the website operator with other services relating to website activity and internet usage. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
You can prevent the storage of cookies by setting your browser software accordingly. You can prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading the available browser plug-in [LINK: http: / /tools.google.com/dlpage/gaoptout?hl=de] and install. Alternatively, you can also set a so-called opt-out cookie that will prevent your data from being recorded when you visit this website in the future.
1.3 Google Maps
Maps from the "Google Maps" service are integrated into some of the subpages of this website. When calling up sub-pages in which maps from the Google Maps service are integrated, the map material is technically called up under the visitor's IP address, i.e. Google servers can save and use your IP address and other data automatically transmitted by your browser (see above under 1.1 Web server log file). The map service is operated by Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA ("Google"); only Google's data protection conditions (Google Privacy Policy) apply. We would like to point out that personal data can be transmitted to the USA and other third countries which, according to the GDPR, are considered unsafe third countries in terms of data protection law. We have no influence on the type and scope of data processing by Google.
1.4 Google reCAPTCHA
For some form entries on this website, automated measures are used to prevent entries used by malware from the "Google reCAPTCHA" service. Google does not have access to form entries but analyzes the movement of the mouse and click behavior in order to distinguish human input from machine input. When calling up such form fields, the service is called technically under the visitor's IP address, i.e. Google servers can save and use your IP address and other data automatically transmitted by your browser (see above under 1.1 Web server log file). reCAPTCHA is operated by Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA ("Google"), the data protection conditions of Google (Google Privacy Policy) apply exclusively. We would like to point out that personal data can be transmitted to the USA and other third countries which, according to the GDPR, are considered unsafe third countries in terms of data protection law. We have no influence on the type and scope of data processing by Google.
1.5
The purpose of data processing is to present our company and its offers on the Internet and to exchange with communication partners. If you order our newsletter, we will process your data for the purpose of sending the newsletter. The purpose of evaluating user behavior on the website is to tailor the website to requirements.
1.6
The legal basis for processing is Article 6 (1) lit. f) GDPR (legitimate interest, operation of an Internet presence and exchange with communication partners). The legal basis for processing data for newsletters is Article 6 (1) lit. a) in conjunction with Art. 7 GDPR (consent). The legal basis for the analysis of usage behavior is Article 6 Paragraph 1 lit. f) GDPR (legitimate interest, namely the needs-based design of the website).
1.7
Protocol and communication data will not be passed on to third parties unless special circumstances arise. If a criminal offense is suspected or in preliminary proceedings, data can be transmitted to the police and the public prosecutor's office.
1.8
IP addresses are anonymized after 24 hours at the latest. Data on newsletters are deleted when you unsubscribe from the newsletter. Pseudonymous usage data is deleted after three months.
1.9
Without disclosing personal data such as The website cannot be used due to the IP address. Communication via the website without specifying data is not possible. The specification of data is required to receive newsletters. Without specifying data, it is not possible to send. The website can also be used if the pseudonymous usage analysis has been objected to.
2. Hotel guests
2.1
The purpose of processing data when booking overnight stays is to conclude a contract and execute the contractual relationship as well as to meet legal requirements. If the hotel's booking service is commissioned to book tickets and other services, the purpose of processing is to make the desired booking. If video surveillance is carried out in the publicly accessible areas of the hotel, the purpose of video surveillance is to maintain house rules as well as to detect and prosecute criminal offenses and to enforce claims under civil law.
2.2
In the case of contracts with natural persons, the legal basis for processing is Article 6 Paragraph 1 lit. b) GDPR (preparation and execution of the contract), for contracts with legal persons Article 6 Paragraph 1 lit. f) GDPR (legitimate interest, namely communication with contact persons relevant to the contract) as well as always Article 6 (1) lit. c) GDPR (legal obligations, in particular reporting obligations as well as tax and commercial regulations). The legal basis for video surveillance is Article 6 Paragraph 1 lit. f) DS-GVO (legitimate interest, namely maintaining house rules, detecting and prosecuting criminal offenses, enforcing civil law claims).
2.3
The recipients of data can be franchisors of the respective hotel brand group as well as banks for the processing of payments. When booking other services via the booking service, the data is transmitted to the relevant service provider. Authorities and offices can be recipients as part of their tasks, provided we are obliged or authorized to transmit data. If a criminal offense is suspected or in preliminary proceedings, data from video surveillance can be transmitted to the police and the public prosecutor's office. We also use service providers for the provision of services, in particular for the provision, maintenance and care of IT systems.
2.4
All contract and booking-related data are stored in accordance with tax and commercial retention periods for a period of ten calendar years after the end of the contract. Records von Video surveillance systems are regularly deleted after three days at the latest.
2.5
The provision of data is both legally and contractually mandatory for hotel guests. Without providing data, the contractual relationship cannot be established and implemented. The camera is recorded automatically by the video surveillance systems. The monitored area cannot be entered without detection.
2.6
If bookings are made via booking portals or booking hotlines provided by third parties, they will transmit the contract-relevant data such as contact and invoice data, booking period and room category to the operator of the hotel for the purpose of contract initiation and implementation.
3. Interested parties, communication partners
3.1
We process the data of interested parties and communication partners for the purpose of communication with those affected.
3.2
The legal basis for the processing of interested parties and other communication partners is Article 6 Paragraph 1 lit. f) GDPR (legitimate interest, namely communication with interested parties and communication partners).
3.3
We forward the inquiries internally to the responsible employees. We also use service providers for the provision of services, in particular for the provision, maintenance and care of IT systems.
3.4
Inquiries and communications are automatically deleted after ten calendar years.
3.5
The specification of data is required for interested parties and communication partners. Communication is not possible without specifying data.
4. Business partners and their employees
4.1
The purpose of processing is the preparation and execution of contracts as well as communication with employees of business partners.
4.2
In the case of contracts with natural persons, the legal basis for processing is Article 6 Paragraph 1 lit. b) GDPR (preparation and execution of the contract), for contracts with legal persons Article 6 Paragraph 1 lit. f) GDPR (C21: C45 legitimate interest, namely communication with contact persons relevant to the contract) as well as always Article 6 Paragraph 1 lit. c) GDPR (legal obligations, in particular tax and commercial regulations).
4.3
The recipient of the data can be banks for the processing of payments. Authorities and offices can be recipients as part of their tasks, provided we are obliged or authorized to transmit data. We also use service providers for the provision of services, in particular for the provision, maintenance and care of IT systems.
4.4
All contract and booking-related data are stored in accordance with tax and commercial retention periods for a period of ten calendar years after the end of the contract.
4.5
The provision of data is both legally and contractually mandatory for business partners and employees of business partners. Without providing data, the business relationship cannot be established and carried out.
5. Rights of the data subjects and further information
5.1
A transfer of data to third countries does not take place.
5.2
We do not use any procedures for automated individual decisions.
5.3
You have the right to request information about all personal data that we process from you at any time.
5.4
If your personal data is incorrect or incomplete, you have the right to correct and supplement it.
5.5
You can request the deletion of your personal data at any time, unless we are legally obliged or authorized to further process your data.
5.6
If the legal requirements are met, you can request that the processing of your personal data be restricted.
5.7
You have the right to object to the processing if the data is processed for the purpose of direct advertising or profiling.
5.8
If the processing takes place on the basis of a balance of interests, you can object to the processing by stating reasons that arise from your particular situation.
5.9
If the data processing takes place on the basis of your consent or within the framework of a contract, you have the right to transfer the data you have provided, provided that this does not affect the rights and freedoms of other people.
5.10
If we process your data on the basis of a declaration of consent, you have the right to revoke this consent at any time with effect for the future. The processing carried out before a revocation remains unaffected by the revocation.
5.11
You also have the right to lodge a complaint with a data protection supervisory authority at any time if you are of the opinion that data processing has taken place in violation of applicable law.
Please also contact us for further information or to assert your right of withdrawal:
Hotel Zum Goldenen Hirsch
Untere Hauptstrasse 29,
98553 Hirschbach, Germany
Phone: +49 (0) 36 81 45 21 80
Fax: +49 (0) 36 81 45 21 81
Email: info@hirsch-hirschbach.de