Privacy Policy
Name and contact details of the controller pursuant to Article 4(7) DSGVO
Firma: Hotel Würmtaler Gästehaus e.K.
Verantwortlich: Andreas Weißenfeld
Anschrift: Rottenbucher Str.53-55, D-81266 Gräfelfing-München
Tel: +49 (0) 89 8545056
Fax: +49 (0) 89 853897
Mail: info@hotel-wuermtaler.de
Security and protection of your personal data
We consider it our primary responsibility to maintain the confidentiality of the personal data you provide and to protect it from unauthorized access. Therefore, we apply the utmost care and state-of-the-art security standards to ensure maximum protection of your personal data.
As a private company, we are subject to the provisions of the European General Data Protection Regulation (GDPR) and the regulations of the German Federal Data Protection Act (BDSG). We have implemented technical and organizational measures to ensure that data protection regulations are observed by both us and our external service providers.
Definitions
The law requires that personal data be processed lawfully, fairly, and in a transparent manner in relation to the data subject (“lawfulness, fairness, and transparency”). To ensure this, we inform you about the individual legal definitions that are also used in this privacy policy:
1. Personal data
“Personal data” means any information relating to an identified or identifiable natural person (hereinafter referred to as “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
2. Processing
“Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
3. Restriction of processing
“Restriction of processing” is the marking of stored personal data with the aim of limiting its future processing.
4. Profiling
“Profiling” means any type of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.
5. Pseudonymization
“Pseudonymisation” means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data cannot be attributed to an identified or identifiable natural person.
6. File system
“Filing system” means any structured collection of personal data which is accessible according to specific criteria, regardless of whether this collection is maintained centrally, decentrally or according to functional or geographical considerations.
7. Responsible person
‘Controller’ means a natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its designation may be provided for by Union or Member State law.
8. Data processors
“Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
9. Receiver
“Recipient” means a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.
10. Third party
“Third party” means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
11. Consent
“Consent” of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
Lawfulness of processing
The processing of personal data is only lawful if there is a legal basis for the processing. According to Article 6(1)(a) to (f) of the GDPR, the legal basis for processing can be, in particular:
a. The data subject has given consent to the processing of their personal data for one or more specific purposes;
b. The processing is necessary for the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract;
c. The processing is necessary for compliance with a legal obligation to which the controller is subject;
d. The processing is necessary to protect the vital interests of the data subject or of another natural person;
e. The processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
f. The processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
Information on the collection of personal data
(1) Below we inform you about the collection of personal data when using our website. Personal data includes, for example, name, address, email address, and user behavior.
(2) When you contact us by email or via a contact form, the data you provide (your email address and name, and optionally your company and position) will be stored by us in order to answer your questions. We will delete the data collected in this context once storage is no longer necessary, or restrict its processing if there are legal retention obligations.
Collection of personal data when visiting our website
When you use our website for purely informational purposes, i.e., if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure its stability and security (legal basis is Article 6(1)(f) DSGVO):
- IP-Adresse
- Date and time of the request
- Time zone difference to Greenwich Mean Time (GMT)
- Content of the request (specific page)
- Access status/HTTP status code
- each data volume transferred
- Website from which the request originates
- Browser
- Operating system and its interface
- Language and version of the browser software.
Use of cookies
(1) In addition to the data mentioned above, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard drive and assigned to the browser you are using. They allow the entity that sets the cookie to receive certain information. Cookies cannot run programs or transmit viruses to your computer. They serve to make the overall internet experience more user-friendly and efficient.
(2) This website uses the following types of cookies, the scope and function of which are explained below: Transient cookies (see a.) and persistent cookies (see b.).
a. Transient cookies are automatically deleted when you close your browser. These include session cookies, which store a session ID that allows different requests from your browser to be associated with the same session. This allows your computer to be recognized when you return to our website. Session cookies are deleted when you log out or close your browser.
b. Persistent cookies are automatically deleted after a predetermined period, which can vary depending on the cookie. You can delete cookies at any time in your browser's security settings.
c. You can configure your browser settings according to your preferences and, for example, refuse to accept third-party cookies or all cookies. "Third-party cookies" are cookies that are set by a third party, and therefore not by the website you are currently visiting. Please note that by disabling cookies, you may not be able to use all the functions of this website.
d. We use cookies to identify you on subsequent visits if you have an account with us. Otherwise, you would have to log in again each time you visit.
Further features and offers on our website
(1) In addition to simply browsing our website, we offer various services that you can use if you are interested. To use these services, you will generally need to provide further personal data, which we use to provide the respective service and for which the aforementioned data processing principles apply.
(2) Due to legal requirements, our website contains information that enables quick electronic contact with our company and direct communication with us. If a data subject contacts the data controller by email or via a contact form, the personal data transmitted by the data subject will be stored automatically. Such personal data transmitted voluntarily by a data subject to the data controller will be stored for the purpose of processing the inquiry or contacting the data subject. This personal data will not be disclosed to third parties.
(3) In certain cases, we may share your personal data with third parties if we offer promotions, contracts, or similar services jointly with partners. You will receive more detailed information when you provide your personal data or below in the description of the offer.
(4) If our service providers or partners are located in a country outside the European Economic Area (EEA), we will inform you about the consequences of this in the description of the offer.
Children
Our services are generally intended for adults. Individuals under 18 years of age should not submit any personal data to us without the consent of their parents or legal guardians.
Rights of the data subject
(1) Withdrawal of consent
If the processing of your personal data is based on your consent, you have the right to withdraw that consent at any time. Withdrawing your consent does not affect the lawfulness of processing based on consent before its withdrawal. You can contact us at any time to exercise your right to withdraw consent.
(2) Right to confirmation
You have the right to request confirmation from the data controller as to whether we process personal data concerning you. You can request this confirmation at any time using the contact details provided above.
(3) Right to information
If personal data is processed, you can request information about this personal data and the following information at any time:
a. the purposes of processing;
b. the categories of personal data that are processed;
c. the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
d. If possible, the planned duration for which the personal data will be stored, or, if this is not possible, the criteria used to determine that duration;
e. the existence of a right to rectification or erasure of personal data concerning you or to restriction of processing by the controller or a right to object to such processing;
f. the existence of a right to lodge a complaint with a supervisory authority;
g. If the personal data are not collected from the data subject, all available information about the source of the data;
h. the existence of automated decision-making, including profiling, pursuant to Article 22 paragraphs 1 and 4 GDPR and – at least in those cases – meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
If personal data is transferred to a third country or to an international organisation, you have the right to be informed of the appropriate safeguards pursuant to Article 46 GDPR relating to the transfer.
(4) Right to rectification
You have the right to request that we immediately correct any inaccurate personal data concerning you. Taking into account the purposes of the processing, you have the right to request the completion of incomplete personal data, including by means of a supplementary statement.
(5) Right to erasure (“right to be forgotten”)
You have the right to request that the controller erase personal data concerning you without undue delay, and we are obliged to erase personal data without undue delay where one of the following grounds applies:
a. The personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
b. The data subject withdraws their consent on which the processing was based according to Article 6(1)(a) or Article 9(2)(a) GDPR, and there is no other legal basis for the processing.
c. The data subject objects to the processing pursuant to Article 21(1) GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) GDPR.
d. The personal data was processed unlawfully.
e. The erasure of personal data is necessary for compliance with a legal obligation under Union or Member State law to which the controller is subject.
f. The personal data were collected in relation to information society services offered, in accordance with Article 8(1) of the GDPR.
The right to erasure does not apply insofar as processing is necessary:
- to exercise the right to freedom of expression and information;
- for compliance with a legal obligation which requires processing under Union or Member State law to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
- for reasons of public interest in the area of public health pursuant to Article 9(2)(h) and (i) and Article 9(3) GDPR;
- for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) GDPR, insofar as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing, or
- for the establishment, exercise or defense of legal claims.
(6) Right to restriction of processing
You have the right to request that we restrict the processing of your personal data if one of the following conditions applies:
a. where the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data,
b. the processing is unlawful and the data subject objects to the erasure of the personal data and instead requests the restriction of the use of the personal data;
c. the controller no longer needs the personal data for the purposes of processing, but the data subject requires them for the establishment, exercise or defence of legal claims, or
d. the data subject has objected to the processing pursuant to Article 21(1) GDPR pending the verification of whether the legitimate grounds of the controller override those of the data subject.
If processing has been restricted in accordance with the above-mentioned conditions, these personal data – apart from being stored – will only be processed with the consent of the data subject or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
To exercise the right to restrict processing, the data subject can contact us at any time using the contact details provided above.
(7) Recht auf Datenübertragbarkeit
You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used, and machine-readable format. We do not host your personal data; therefore, there is no basis for any further data portability.
(8) Right to object
You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) of the GDPR. The controller will no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or the processing serves the purpose of establishing, exercising or defending legal claims.
If personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing. If you object to processing for direct marketing purposes, your personal data will no longer be processed for these purposes.
(9) Automated individual decision-making, including profiling
As a responsible company, we refrain from automated decision-making or profiling.
(10) Right to lodge a complaint with a supervisory authority
Furthermore, without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work or the place of the alleged infringement, if you consider that the processing of personal data relating to you infringes this Regulation.
(11) Right to an effective judicial remedy
Without prejudice to any other administrative or extrajudicial remedy, you have the right to an effective judicial remedy against an effective decision of a supervisory authority concerning you if you consider that your rights under this Regulation have been infringed as a result of the processing of your personal data in non-compliance with this Regulation or if the supervisory authority has not dealt with your complaint within three months.
Integration of Google Maps
(1) This website uses Google Maps. This allows us to display interactive maps directly on the website and enables you to conveniently use the map function.
(2) By visiting our website, Google receives the information that you have accessed the corresponding subpage. In addition, the information listed under "Collection of Personal Data" is transmitted. This occurs regardless of whether Google provides a user account that you are logged into, or whether no user account exists. If you are logged into Google, your data will be directly associated with your account. If you do not want this association with your Google profile, you must log out before activating the button. Google stores your data as usage profiles and uses them for advertising, market research, and/or the needs-based design of its website. Such analysis is carried out in particular (even for users who are not logged in) to provide targeted advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, and you must contact Google to exercise this right.
(3) Further information on the purpose and scope of data collection and processing by the plugin provider can be found in the provider's privacy policy. There you will also find further information on your rights and settings options to protect your privacy. https://www.google.de/intl/de/policies/privacy. Google also processes your personal data in the USA and has committed to the EU-US Privacy Shield: https://www.privacyshield.gov/EU-US-Framework.