Privacy policy
Privacy Policy
Responsible Party
The responsible party within the meaning of data protection laws, in particular the EU General Data Protection Regulation (GDPR), is:
Romantik-Hotel Markusturm Betriebsgesellschaft mbH
Your Rights as an Affected Party
Under the contact details provided, you can exercise the following rights at any time under the EU General Data Protection Regulation (GDPR):
- Access to your data stored with us and information about its processing (Art. 15 GDPR),
- Correction of incorrect personal data (Art. 16 GDPR),
- Deletion of your data stored with us (Art. 17 GDPR),
- Restriction of data processing if we are not yet allowed to delete your data due to legal obligations (Art. 18 GDPR),
- Objection to the processing of your data with us (Art. 21 GDPR), and
- Data portability, provided you have consented to data processing or have entered into a contract with us (Art. 20 GDPR).
If you have given us your consent, you can revoke it at any time with effect for the future.
You can lodge a complaint with a supervisory authority at any time, e.g., the supervisory authority of the federal state of your residence or the authority responsible for us as the responsible party.
A list of supervisory authorities (for the non-public sector) with addresses can be found at: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.
Processing Activities
Collection of General Information When Visiting Our Website
Type and Purpose of Processing
When you access our website, i.e., when you do not register or otherwise transmit information, general information is automatically collected. This information (server log files) includes, for example, the type of web browser, the operating system used, the domain name of your internet service provider, your IP address, and similar information.
This information is processed for the following purposes:
- To ensure a technically error-free display and optimization of the website
We do not use your data to draw conclusions about your person. However, we reserve the right to retrospectively check the server log files should concrete indications of illegal use emerge.
Legal Basis and Legitimate Interest
The processing is carried out in accordance with Art. 6 Para. 1 lit. f GDPR on the basis of our legitimate interest in improving the stability and functionality of our website and ensuring system security and abuse detection.
Recipients
The recipients of the data may be technical service providers who act as processors for the operation and maintenance of our website.
Storage Duration
Data is stored in server log files in a form that allows the identification of the affected individuals for a maximum of [Please complete information], unless a security-related incident occurs (e.g., a DDoS attack).
In the event of such an incident, server log files will be stored until the security-related incident is resolved and fully clarified.
Provision Required or Necessary
The provision of the aforementioned personal data is neither legally nor contractually required. However, the service and functionality of our website cannot be guaranteed without the IP address. In addition, individual services and features may not be available or limited.
Objection
Read the information on your right to object under Art. 21 GDPR below.
Contact can be made via the provided email addresses. In this case, the personal data transmitted with the email will be stored. This includes the date and time of email transmission, email address, IP addresses, and information about the servers involved in the email communication.
You can also contact us via the provided phone numbers. In this case, we collect log data, including your phone number and the duration of the call.
Regardless of the chosen communication method, we collect the content of your inquiry. Your data is stored for the purpose of individual communication with you.
Legal Basis
The data processing is based on a legitimate interest (Art. 6 Para. 1 lit. f GDPR).
Our legitimate interest in processing your data is to enable uncomplicated contact.
If you contact us to request an offer, the processing of data is carried out to implement pre-contractual measures (Art. 6 Para. 1 lit. b GDPR).
Recipients
The recipients of the data may be technical service providers who act as processors for the operation and maintenance of our website.
Storage Duration
Data is deleted at the latest [Please complete information] after processing the contact request.
If a contractual relationship arises, we are subject to statutory retention periods. These are generally 6 or 10 years due to proper accounting and tax law requirements.
Provision Required or Necessary
The provision of your personal data is voluntary. However, we can only process your request if you provide us with the required data and the reason for your request.
Objection
Read the information on your right to object under Art. 21 GDPR below.
Information on Your Right to Object Under Art. 21 GDPR
Right to Object on a Case-by-Case Basis
You have the right, for reasons arising from your particular situation, to object at any time to the processing of your personal data, which is based on Art. 6 Para. 1 lit. f GDPR (data processing based on a balance of interests); this also applies to profiling based on this provision within the meaning of Art. 4 No. 4 GDPR.
If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that outweigh your interests, rights, and freedoms, or the processing serves the assertion, exercise, or defense of legal claims.
Recipient of an Objection
Stephan Berger
Changes to Our Privacy Policy
We reserve the right to adapt this privacy policy to ensure that it always complies with current legal requirements or to implement changes to our services in the privacy policy, e.g., when introducing new services. The new privacy policy will apply to your subsequent visit.
Questions About Data Protection
Use of Curator.io
Our website integrates a social media feed from the service Curator.io to display current content and posts from our social media channels directly on our site. The provider of this service is Curator Social Media Aggregator Pty Ltd, 17/346 Kent Street, Sydney, NSW, 2000, Australia.
Legal Basis: The legal basis for the use of Curator.io and the associated data processing is your consent in accordance with Art. 6(1)(a) GDPR, which you provide via our cookie consent banner. The service is only activated after you have given your consent.
Type and Purpose of Processing: If you visit a page with the integrated feed and have given your consent, your browser establishes a direct connection to Curator.io's servers. Data such as your IP address, browser information, operating system, and the page visited may be transmitted to Curator.io. Curator.io and the social networks integrated via the feed (e.g., Meta (Facebook, Instagram), X (formerly Twitter), LinkedIn, etc.) may store cookies on your end device to ensure functionality and to analyze user behavior. These cookies may allow the respective services to recognize you when you visit their sites or other sites with integrated content.
Data Transfer to Third Countries: As Curator.io is a company based in Australia, a data transfer to a third country takes place. The integrated social networks are also often based outside the EU/EEA (e.g., in the USA). Such a data transfer only occurs on the basis of your explicit consent pursuant to Art. 49(1)(a) GDPR. We point out that in third countries like the USA or Australia, there may not be a level of data protection comparable to that in the EU.
Revocation of Consent: You can revoke your consent at any time with effect for the future by changing your settings in our cookie consent banner. The revocation of consent does not affect the lawfulness of processing based on consent before its withdrawal.
Further information on how user data is handled can be found in Curator.io's privacy policy at: https://curator.io/privacy-policy
Use of Google Analytics 4
Insofar as you have given your consent, this website uses Google Analytics 4, a web analysis service provided by Google LLC. The responsible party for users in the EU/EEA and Switzerland is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").
Nature and Purpose of Processing
Google Analytics uses cookies that enable an analysis of your use of our website. The information collected by the cookies about your use of this website is usually transferred to a Google server in the USA and stored there.
In Google Analytics 4, IP anonymization is activated by default. Due to IP anonymization, your IP address will be shortened by Google within Member States of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. According to Google, the IP address transmitted by your browser within the scope of Google Analytics will not be merged with other Google data.
During your website visit, your user behavior is recorded in the form of "events". Events can be, for example:
- Page views
- First visit to the website
- Start of the session
- Your "click path", interaction with the website
- Scrolls (scrolled to the end of the page)
- Clicks on external links
- Internal search queries
- Interaction with videos
- File downloads
The purpose of the processing is the analysis of user behavior to optimize our website offering. We use the information obtained to evaluate the use of the website, to compile reports on website activities, and to provide further services associated with the use of the website and the internet.
Legal Basis
The legal basis for this data processing is your consent pursuant to Art. 6 (1) (a) GDPR.
Recipients / Data Transfer
The recipient of the data is Google as a processor. For this purpose, we have concluded the corresponding data processing agreement with Google. Google LLC, based in California, USA, and potentially US authorities, may access the data stored by Google.
Data Transfer to Third Countries
Insofar as data is processed in the USA, we point out that Google is certified under the EU-US Data Privacy Framework and thus guarantees compliance with the European level of data protection.
Storage Period
The data sent by us and linked to cookies, user IDs, or advertising IDs is automatically deleted after 14 months.
Revocation
You can revoke your consent at any time with effect for the future by opening our Cookie Settings and changing your selection. Alternatively, you can prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link: Browser Add-on to Disable Google Analytics.
If you have any questions about data protection, please email the responsible party mentioned above.
Copyright Notice
This privacy policy was created with the help of activeMind – den Experten für externe Datenschutzbeauftragte (Version #2024-08-06).