Privacy Policy
General information about the processing of your data
We are required by law to inform you about the processing of your personal data (hereinafter “data”) when you use our website. This data protection notice informs you about the details of the processing of your data and about your legal rights in this respect. For terms such as “personal data” or “processing”, the legal definitions from Art. 4 GDPR are authoritative. We reserve the right to adapt the data protection declaration with effect for the future, in particular in the event of further development of the website, the use of new technologies or changes to the legal basis or the corresponding case law. We recommend that you read the data protection declaration from time to time and keep a printout or copy for your records.
Scope
The data protection declaration applies to all pages of www.kingshotels.de. It does not extend to any linked websites or Internet presences of other providers.
Responsible
The following is responsible for the processing of personal data within the scope of this privacy policy:
KCS Hotel GmbH
Dachauer Strasse 13
80335 Munich
E-mail: datenschutz@kingshotels.de
Tel: +4989551870
Questions about data protection
If you have any questions on the subject of data protection with regard to our company or our website, you can contact us using the contact details provided in the “Person responsible” section.
Security
We have taken comprehensive technical and organisational precautions to protect your personal data from unauthorised access, misuse, loss and other external interference. To this end, we regularly review our security measures and adapt them to the state of the art.
Your rights
You have the following rights in relation to personal data relating to you which you can exercise against us:
- Right of access: You can request information in accordance with Art. 15 GDPR about your personal data that we process.
- Right to rectification: If the information concerning you is not (or is no longer) accurate, you can request a rectification in accordance with Art. 16 of the GDPR. If your data is incomplete, you can request that it be completed.
- Right to erasure: You can request the erasure of your personal data in accordance with Art. 17 GDPR.
- Right to restriction of processing: You have the right to request restriction of the processing of your personal data in accordance with Art. 18 GDPR.
- Right to object to processing: You have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data which is carried out on the basis of Art. 6 (1) p. 1 lit. e) or lit. f) GDPR, in accordance with Art. 21 (1) GDPR. In this case, we will not further process your data unless we can prove compelling reasons for the processing that are worthy of protection and that outweigh your interests, rights and freedoms. Further processing also takes place if the processing serves the assertion and exercise of or defence against legal claims (Art. 21 (1) GDPR). In addition, according to Art. 21 (2) GDPR, you have the right to object at any time to the processing of your personal data for the purpose of direct marketing; this also applies to any profiling, insofar as it is related to such direct marketing. We draw your attention to the right to object in this privacy policy in connection with the respective processing.
- Right to withdraw your consent: If you have given your consent for processing, you have a right of withdrawal in accordance with Art. 7 (3) GDPR.
- Right to data portability: You have the right to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format (“data portability”) as well as the right to have this data transferred to another controller if the prerequisite of Art. 20 (1) lit. a, b GDPR is met (Art. 20 GDPR).
You can exercise your rights by notifying the contact details listed in the “Responsible party” section.
If you believe that the processing of your personal data violates data protection law, you also have the right to complain to a data protection supervisory authority of your choice in accordance with Art. 77 GDPR. This also includes the data protection supervisory authority responsible for the controller:
Bavarian State Office for Data Protection Supervision, Promenade 18, 91522 Ansbach, postal address: Postfach 1349, 91504 Ansbach, telephone: 0981/180093-0, e-mail: poststelle@lda.bayern.de, https://www.lda.bayern.de.
Use of our website
In principle, you can use our website for purely informational purposes without disclosing your identity. When you call up the individual pages of the website in this sense, only access data is transmitted to our web space provider so that the website can be displayed to you. The following data is processed in this process:
- Browser type/ browser version,
- Language and version of the browser software,
- Date and time of access,
- IP address,
- Access status/HTTP status code.
The temporary processing of this data is necessary to technically enable the course of a website visit and delivery of the website to your end device. The access data is not used to identify individual users and is not merged with other data sources. Further storage in log files takes place in order to ensure the functionality of the website and the security of the information technology systems. The legal basis for the processing is Art. 6 para. 1 p. 1 lit. f) GDPR. Our legitimate interests lie in ensuring the functionality of the website and the integrity and security of the website. Storing access data in log files, in particular the IP address, for a longer period of time enables us to detect and ward off misuse. This includes, for example, warding off requests that overload the service or any bot use. The access data is deleted as soon as it is no longer required to achieve the purpose of its processing. In the case of the collection of data for the provision of the website, this is the case when you end your visit to the website. The log data are generally stored directly and only accessible to administrators and deleted after seven days at the latest . After that, they are only indirectly available via the reconstruction of backup tapes (backups) and are finally deleted after a maximum of four weeks.
You may object to the processing. You have the right to object on grounds relating to your particular situation. You can send us your objection via the contact details mentioned in the section “Person responsible”.
Terminal information
In addition to the access data mentioned above, technologies are used when using the website which store information in your terminal equipment (e.g. desktop PC, laptop, tablet and smartphone) or access information which is already stored in your terminal equipment. These technologies may include, for example, cookies, pixels, local storage, session storage, IndexedDB or browser fingerprinting technologies. These technologies can be used to recognise you across devices and websites.
According to Section 25 (1) TTDSG, we generally require your consent for the use of these technologies. According to Section 25 (2) TTDSG, such consent is only not required if the technologies either enable the transmission of a message via a public telecommunications network or if they are absolutely necessary to provide a telemedia service expressly requested by you:
Technically necessary terminal information
Some elements of our website serve the sole purpose of transmitting a message (Section 25 (2) No. 1 TTDSG) or are absolutely necessary to provide you with our website or individual functionalities of our website (Section 25 (2) No. 2 TTDSG):- Language settings and
- Log-in information.
Technically unnecessary terminal information
We also use elements on the website that are not technically necessary. We only use these technologies with your consent in accordance with the legal requirements. Information on the individual technologies and functions can be found in our “Settings” as well as sorted according to the individual functions in the following information :Consent Management Platform Consent Manager
In order to request consent for the processing of your terminal information and personal data by means of cookies or other tracking technologies on our website, we use the consent tool “Consentmanager”. Consentmanager” gives you the opportunity to consent or refuse the processing of your terminal information and personal data by means of cookies or other tracking technologies for the purposes listed in the “Consentmanager”. Such processing purposes may include the integration of external elements, integration of streaming content, statistical analysis, reach measurement, individualised product recommendations or individualised advertising. You can give or refuse your consent for all processing purposes or give or refuse your consent for individual purposes or individual third-party providers using “Consent Manager”. The settings you have made can also be changed by you afterwards. The purpose of integrating “Consentmanager” is to allow users of our website to decide whether to set cookies and similar functionalities and to offer them the option of changing settings already made in the course of further use of our website. In the course of using “Consentmanager”, personal data as well as information of the end devices used will be processed by us. In the process, your data will also be sent to Consentmanager (consentmanager GmbH, Eppendorfer Weg 183, 20253 Hamburg). The information about the settings you have made will also be stored on your end device. The legal basis for the processing is Art. 6 para. 1 p. 1 lit. c) GDPR in conjunction with. Art. 7 (1) GDPR, insofar as the processing serves to fulfil the legally standardised obligations to provide evidence for the granting of consent. Otherwise, Art. 6 para. 1 sentence 1 lit. f) GDPR is the relevant legal basis. Our legitimate interests in the processing lie in the storage of user settings and preferences in relation to the use of cookies and the evaluation of consent rates. At the end of twelve months after the user settings have been made, the consent is queried again. The user settings made will then be stored again for this period, unless you delete the information about your user settings yourself in the terminal device capacities provided for this purpose beforehand.
You may object to the processing insofar as the processing is based on Art. 6 (1) p. 1 lit. f) GDPR. Your right to object exists for reasons arising from your particular situation. You can send us your objection via the contact details mentioned in the section “Person responsible”.
Contact our company
When contacting our company, e.g. by e-mail or via the contact form or chat on the website, the personal data you provide will be processed by us in order to answer your enquiry. Mandatory requirements for the processing of enquiries via the contact form are the provision of a first and last name and a valid e-mail address as well as any files you may have attached. The legal basis for the processing is Art. 6 para. 1 p. 1 lit. f) GDPR or Art. 6 para. 1 p. 1 lit. b) GDPR if the contact is aimed at concluding a contract. If the request is aimed at concluding a contract, the provision of your data is required and obligatory. If the data is not provided, it will not be possible to conclude or execute a contract or to process the enquiry. We delete the data accruing in this context after the processing is no longer necessary – usually two years after the end of the communication – or restrict the processing, if necessary, to compliance with the existing legally mandatory retention obligations.
You may object to the processing. You have the right to object on grounds relating to your particular situation. You can send us your objection via the contact details mentioned in the section “Person responsible”.
Chat "HiJiffy
If you have any questions about our hotels, accommodation, leisure activities, your booking or our company, you can contact us via the chat window of “HiJiffy” (HIJIFFY, S.A. located in Rua das Eiras, nº 5, 7960-262 Vidigueira Portugal; hereinafter: “HiJiffy”) and send us a message. In doing so, you will have the opportunity to receive information on various topics related to your hotel stay or to make a booking. In doing so, the information provided via the chat will be processed. “HiJiffy” uses cookies and similar tracking technologies to enable you to use the chat. Some of the data mentioned in the section “Use of our website” is transmitted to “HiJiffy”. We use “HiJiffy” to be able to communicate with you better and more easily. We delete the data accruing in this context after the processing is no longer necessary or restrict the processing to compliance with the existing legally mandatory retention obligations. The legal basis for the use of “HiJiffy” is Art. 6 para. 1 p. 1 lit. f) GDPR. Our legitimate interests in using “HiJiffy” lie in offering a customer-friendly and speedy booking process and providing information about your stay. This data processed in this context will be deleted as soon as it is no longer necessary for the purpose of processing. For more information on data protection and the storage period, please visit https://www.hijiffy.com/privacy-policy.
You may object to the processing. You have the right to object on grounds relating to your particular situation. You can send us your objection via the contact details mentioned in the section “Person responsible”.
Application process
As part of the application process, we process your contact data, such as name, address, e-mail address, telephone number, data from your application documents, in particular certificates, CV, cover letter, date of birth and gender, and, if applicable, special categories of personal data, such as marital status and degree of disability. The purpose of the processing is to check your suitability for a position in our company and to carry out the application procedure.
When you apply via the career portal we use, access data is also processed in order to be able to submit your application documents and other documents digitally to us within the application process. You can find more information under “Career portal via HotelCareer”.
The legal basis for the processing is Art. 6 para. 1 sentence 1 lit. b) GDPR in conjunction with Section 26 para. 1 BDSG, insofar as the data processing is necessary for the establishment and implementation of the employment relationship. When processing special categories of personal data, the legal basis is Art. 9 para. 2 lit. b) GDPR in conjunction with Section 26 para. 3 BDSG. The provision of your data is necessary and obligatory for the conclusion or execution of the contract. If you do not provide us with your data, you will not be able to apply for a job with us.
We store your data for as long as it is required in connection with the application process. As a rule, we delete your personal data as soon as it is no longer required for the above-mentioned purposes and unless otherwise required by law. In particular, we retain personal data for as long as we need it to assert legal claims or defend against claims. Accordingly, we delete the data of applicants in the event of rejection six months after sending the rejection notification. The legal basis for processing for the purpose of legal action is Art. 6 para. 1 lit. b) GDPR in conjunction with Section 26 para. 1 BDSG. When processing special categories of personal data, in particular any disabilities, the legal basis is Art. 9 para. 2 lit. b) GDPR in conjunction with Section 26 para. 3 BDSG or Art. 9 para. 2 lit. f) GDPR.
In the event of an application acceptance, we store your data for the subsequent employment relationship within our employee administration. You can find further information in the data protection information for employees.
In the course of applying via our website, you can also use your data stored at “LinkedIn” (LinkedIn Corporation, 2029 Stierlin Court, Mountain View CA 94043) or “Xing” (XING SE, Dammtorstraße 29-32, 20354 Hamburg, Germany, email: info@xing.com). If you select this function, “LinkedIn” or “Xing” receives the information that you are accessing “LinkedIn” or “Xing” from our website. In addition, your data stored on “LinkedIn” or “Xing” (such as names, photos, profile slogans and your current position as well as your e-mail address linked to “LinkedIn” or “Xing”) are transmitted to us. The data transfer from “LinkedIn” or “Xing” to us takes place on the basis of your consent in the course of the forwarding and thus on the legal basis of Art. 6 para. 1 p.1 lit. a) GDPR. The transmission of your IP address to “LinkedIn” or “Xing” takes place on the basis of Art. 6 para. 1 p. 1 lit. f) GDPR. The purpose of this processing is to enable the integration of “LinkedIn” and “Xing” into our website. Our legitimate interests in the processing lie in the improvement of our service offer and the more attractive and applicant-friendly design of our website. “LinkedIn” also processes the data in the USA. There is no adequacy decision of the EU Commission for a data transfer to the USA. We have concluded so-called standard contractual clauses with “LinkedIn” in order to commit “LinkedIn” to an adequate level of data protection. We will gladly provide you with a copy upon request. Further information on data protection and the storage period at “LinkedIn” and “Xing” can be found at https://www.linkedin.com/legal/privacy-policy and https://privacy.xing.com/de/datenschutzerklaerung.
Revocation of your consent to the processing of your “LinkedIn” data and “Xing” data is possible at any time by sending a message to us (cf. you contact details in the “Person responsible” section). The lawfulness of the processing remains unaffected until you exercise your revocation. In addition, you have the right to object to the processing of your other data, insofar as the processing is based on the legal basis pursuant to Art. 6 para. 1 p. 1 lit. f) GDPR. Your right to object exists on grounds arising from your particular situation. You can send us your objection via the contact details mentioned in the section “Person responsible”.
If we do not have a vacancy but are interested in working with you, we will process your application documents in our applicant pool with your consent so that we can contact you in the event of a vacancy. To obtain your consent, we will contact you separately. The legal basis is your consent pursuant to Art. 6 para. 1 p. 1 lit. a) GDPR. In the applicant pool, the data is deleted after three months, unless you have consented to a longer storage period.
Revocation of your consent to processing is possible at any time by sending a message to us using the contact details listed under “Person responsible”. The lawfulness of the processing remains unaffected until the revocation is exercised.
Career portal via HotelCareer by StepStone
We use the specialised software provider “HotelCareer by Stepstone” (StepStone Deutschland GmbH, Völklinger Str. 1, 40219 Düsseldorf, hereinafter: “StepStone”) for talent acquisition and for the application process via the career portal of our website. The purposes of the processing are the provision of a simple input mask for the applicants and the digital organisation and implementation of the job advertisement and filling. You can enter the personal data required for the application in the “StepStone” input mask. When sending the application via the career portal, your data from the input mask and your IP address will also be processed by “StepStone”. “StepStone” acts as our processor and is contractually limited in its authority to use your personal data for purposes other than providing services to us in accordance with the applicable data processing agreement. The legal basis for the processing is Art. 6 para. 1 p. 1 lit. f) GDPR. Our legitimate interest in involving the external service provider lies in the optimisation of our digital application process. Further information on data protection and the storage period at “StepStone” can be found at: https://www.hotelcareer.de/datenschutzerklärung.
You may object to the processing. You have the right to object on grounds relating to your particular situation. You can send us your objection via the contact details mentioned in the section “Person responsible”.
Processing for contractual purposes
We process your personal data if and insofar as this is necessary for the initiation, establishment, execution and/or termination of a legal transaction with our company. The legal basis for this results from Art. 6 para. 1 p. 1 lit. b) GDPR. The provision of your data is necessary for the conclusion of the contract and you are contractually obliged to provide your data. If you do not provide your data, it will not be possible to conclude and/or execute the contract. After the purpose has been achieved (e.g. contract execution), the personal data will be blocked for further processing or deleted, unless we are authorised to process it further on the basis of a consent granted by you (e.g. consent to process the e-mail address for sending electronic advertising mail), a contractual agreement, a legal authorisation (e.g. authorisation to send direct advertising) or on the basis of legitimate interests (e.g. retention for the enforcement of claims).
Your personal data will be passed on to third parties if
- it is necessary for the establishment, implementation or termination of legal transactions with our company (e.g. in the case of the transfer of data to a payment service provider/shipping company for the processing of a contract with your person), in accordance with Art. 6 para. 1 p. 1 lit. b) GDPR, or
- a subcontractor or vicarious agent that we use solely in the course of providing the offer or service you have requested requires such data (such agents are only authorised to process the data to the extent necessary for the provision of the offer or service unless you are expressly notified otherwise), or
- there is an enforceable official order (Art. 6 para. 1 sentence 1 lit. c) GDPR), or
- there is an enforceable court order (Art. 6 para. 1 sentence 1 lit. c) GDPR), or
- we are obliged to do so by law (Art. 6 para. 1 sentence 1 lit. c) GDPR), or
- the processing is necessary to protect the vital interests of the data subject or another natural person (Art. 6 para. 1 sentence 1 lit. d) GDPR), or
- it is necessary for the performance of a task which is in the public interest or in the exercise of official authority (Art. 6 para. 1 sentence 1 lit. e) GDPR), or
- we can rely on our overriding legitimate interests or those of a third party for disclosure (Art. 6 para. 1 p. 1 lit. f) GDPR).
Your personal data will not be passed on to other persons, companies or bodies unless you have effectively consented to such a transfer. The legal basis of the processing is then Art. 6 para. 1 p. 1 lit. a) GDPR. In the context of this data protection information, we point out the respective recipients in relation to the respective processing operation.
Booking
If you would like to make a booking via our website, it is necessary and obligatory for you to provide personal data such as your first and last name, your e-mail address and your telephone number in order to initiate and conclude the contract. The mandatory data required for the booking and contract processing are marked separately, other data are provided voluntarily. We process your data for booking processing and will forward payment data in particular to the payment service provider selected by you or to our house bank for this purpose. The legal basis for the processing is Art. 6 para. 1 p. 1 lit. b) GDPR. The provision of your data is necessary and obligatory for the conclusion or execution of the contract. If you do not provide your data, it will not be possible to conclude and/or execute a contract. To prevent unauthorised third parties from accessing your personal data, the ordering process on the website is encrypted using SSL technology. We delete the data accruing in this context after storage is no longer necessary or restrict processing if there are legal obligations to retain data. Due to mandatory commercial and tax regulations, we are obliged to store your address, payment and order data for a period of up to ten years. Two years after termination of the contract, we restrict the processing and reduce the processing to compliance with the existing legal obligations. In order to be able to send you information about your booking and your stay in our hotel, we use the external messaging service “WhatsApp”. For further information on the use of the messaging service and data processing in the context of the use of “WhatsApp”, please refer to the section “WhatsApp”.
"Hotelpartner" booking system
"Apaleo" booking system
We process your data to carry out bookings via the booking system “Apaleo” (apaleo GmbH, Dachauerstr. 15 A, 80335 Munich; hereinafter: “Apaleo”), so that the data provided as part of the order, such as first and last name, address and email address, are also processed by “Apaleo”. The legal basis for the use of “Apaleo” is Art. 6 para. 1 p. 1 lit. f) GDPR. Our legitimate interests in the use of “Apaleo” lie in offering a customer-friendly and speedy order processing. This data processed in this context will be deleted as soon as it is no longer necessary for the processing purpose. Further information on the purpose and scope of processing by “Apaleo” can be found at https://apaleo.com/gdpr.
You may object to the processing. You have the right to object on grounds relating to your particular situation. You can send us your objection via the contact details mentioned in the section “Person responsible”.
To send you information about your stay before your arrival and after your departure, we use the messaging service “WhatsApp” (WhatsApp LLC., 1601 Willow Road Menlo Park, California 94025, USA and WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; hereinafter: “WhatsApp”). This will send you information about the hotel, the check-in process and a reminder of the booking prior to your departure. During your stay, you will receive a welcome message and further information about your stay at our hotel. You also have the option of contacting us at any time via “WhatsApp”. Shortly before your departure you will receive information about the check-out process. Furthermore, after your departure, we ask you via “WhatsApp” to rate us on “Google”. For this purpose, your first and last name, contact information (such as telephone number, e-mail address, WhatsApp account information, address), language, profile pictures as well as the conversation history (such as text messages, audio, image and video files) are processed by “WhatsApp”. The legal basis for the use of “WhatsApp” is Art. 6 para. 1 p. 1 lit. f) GDPR. Our legitimate interests lie in being able to offer you another communication channel and in improving our customer service. “WhatsApp” also transmits your data to the USA. There is no adequacy decision of the EU Commission for the USA. We have concluded so-called standard data protection clauses with WhatsApp, LLC in order to commit “WhatsApp” to an adequate level of data protection. For more information on the processing of your data by “WhatsApp”, please visit: https://www.whatsapp.com/privacy.
You may object to the processing. You have the right to object on grounds relating to your particular situation. You can send us your objection via the contact details mentioned in the section “Person responsible”.
As part of the use of “WhatsApp”, certain data are automatically processed that are necessary for the use of the app, in particular to ensure access to the Internet. These include: IP address, date and time of the server request, time zone difference to Greenwich Mean Time (GMT), content of the request (specific app function), access status, amount of data transferred in each case, app from which the request comes, device type, operating system used and its interface (Android or IOS), language and version of the operating system, device identifiers. We do not process any user data in this context. WhatsApp, LLC is exclusively responsible for this processing. For more information on data protection at “WhatsApp”, please visit: https://www.whatsapp.com/legal/updates/privacy-policy-eea?lang=de.
Email marketing
Existing customer advertising
We reserve the right to use the e-mail address provided by you in the context of the order in accordance with the statutory provisions in order to send you the following content by e-mail during or following the order, provided that you have not already objected to this processing of your e-mail address:
- Information about new functions in our booking system,
- Special offers/temporary offers regarding the booking of a stay and leisure activities,
- Invitations to events organised by the hotel,
- Technical information,
- Individual customer advice regarding your stay,
- Information on how to get there by public transport and
- Feedback/opinion surveys about your stay.
The legal basis for the data processing is Art. 6 para. 1 p. 1 lit. f) GDPR. Our legitimate interests in the aforementioned processing lie in increasing and optimising our services, sending direct advertising and ensuring customer satisfaction. We delete your data when you end the usage process, but no later than three years after termination of the contract.
We would like to point out that you can object to the receipt of direct advertising as well as the processing for the purpose of direct advertising at any time without incurring any costs other than the transmission costs according to the basic rates. You have a general right to object without giving reasons (Art. 21 (2) GDPR). To do so, click on the unsubscribe link in the respective email or send us your objection to the contact details listed in the “Person responsible” section.
Newsletter
You have the option of subscribing to our e-mail newsletter on the website, with which we will regularly inform you about the following content:
- Information about new functions in our booking system,
- Special offers/temporary offers regarding the booking of a stay and leisure activities,
- Invitations to events organised by the hotel,
- Technical information,
- Individual customer advice regarding your stay,
- Information on how to get there by public transport and
- Feedback/opinion surveys about your stay.
To receive the newsletter, you must provide your name and a valid e-mail address. We process the e-mail address for the purpose of sending you our e-mail newsletter and for as long as you have subscribed to the newsletter.
The legal basis of the processing is Art. 6 para. 1 p. 1 lit. a) GDPR.
You can withdraw your consent to the processing of your e-mail address for the receipt of the newsletter at any time, either by clicking directly on the unsubscribe link in the newsletter or by sending us a message via the contact details provided under “Person responsible”. This does not affect the lawfulness of the processing that took place on the basis of the consent until the time of your revocation.
In order to document your newsletter registration and prevent the misuse of your personal data, registration for our e-mail newsletter takes place in the form of the so-called double opt-in procedure. After entering the data marked as mandatory, we will send you an e-mail to the e-mail address you provided, in which we ask you to explicitly confirm your subscription to the newsletter by clicking on a confirmation link. In doing so, we process your IP address, the date and time of your subscription to the newsletter and the time of your confirmation. In this way, we ensure that you really want to receive our email newsletter. We are legally obliged to prove your consent to the processing of your personal data in connection with the registration for the newsletter (Art. 7 (1) GDPR). Due to this legal obligation, data processing is carried out on the basis of Art. 6 para. 1 p. 1 lit. c) GDPR.
You are not required to provide your personal data during the subscription process. However, if you do not provide the required personal data, we may not be able to process your subscription or not completely. If no confirmation of the newsletter subscription is received within 24 hours, we will block the information transmitted to us and automatically delete it after one month at the latest. After your confirmation, your data will be processed as long as you have subscribed to the newsletter.
You may object to the processing. You have the right to object on grounds relating to your particular situation. You can send us your objection via the contact details mentioned in the section “Person responsible”.
In addition, we process the aforementioned data for the establishment, exercise or defence of legal claims. The legal basis for the processing is Art. 6 para. 1 lit. c) GDPR and Art. 6 para. 1 lit. f) GDPR. In these cases, we have a legitimate interest in asserting or defending claims.
You may object to the processing. You have the right to object on grounds relating to your particular situation. You can send us your objection via the contact details mentioned in the section “Person responsible”.
Payment Service Provider (PSP)/ Payment Service Provider
Adyen
The payment option via credit card payment is integrated via “Adyen” of Adyen N.V. German Branch (Friedrichstraße 63, entrance Mohrenstraße 17, 10117 Berlin, hereinafter: “Adyen”). The payment data you provide during the booking process, together with information about your booking, will be passed on to “Adyen” for the purpose of payment processing. The processing is carried out on the basis of Art. 6 para. 1 p. 1 lit. b) GDPR. The provision of the payment data is necessary and obligatory for the conclusion or execution of the contract. If the payment data is not provided, it will not be possible to conclude and/or execute the contract with the aforementioned payment methods. Further information on data protection and the storage period at “Adyen” can be found at: https://www.adyen.com/de_DE/richtlinien-und-haftungsausschluss/privacy-policy.
Credit card payment
For the purpose of payment processing, we pass on the payment data required for the credit card payment to the credit institution commissioned with the payment or to the payment and invoice service provider commissioned by us, if applicable. The processing is based on Art. 6 para. 1 p. 1 lit. b) GDPR. The provision of your payment data is necessary and obligatory for the conclusion or execution of the contract. If the payment data are not provided, it will not be possible to conclude and/or execute a contract by means of a credit card payment. The data required for payment processing are transmitted securely via the “SSL” procedure and processed exclusively for payment processing. We delete the data accruing in this context after the storage is no longer required or restrict the processing if there are statutory retention obligations. Due to mandatory commercial and tax regulations, we are obliged to store your address, payment and order data for a period of up to ten years. Two years after termination of the contract, we restrict processing and reduce processing to compliance with existing legal obligations.
Legal enforcement / address determination / debt collection
In the event of non-payment, we reserve the right to forward the data provided with the order to a lawyer and/or external companies (e.g. Verband der Vereine Creditreform e.V., Hellersbergstraße 12, D-41460 Neuss) for the purpose of address determination and/or legal enforcement. The legal basis of the processing is Art. 6 para. 1 p. 1 lit. f) GDPR. Our legitimate interests lie in fraud prevention and the avoidance of default risks. In addition, we may share your data to ensure the exercise of our rights, as well as the rights of our affiliated companies, our cooperation partners, our employees and/or the users of our website, and the processing is necessary to this extent. Under no circumstances will we sell or rent your data to third parties. The legal basis for the processing is Art. 6 para. 1 p. 1 lit. f) GDPR. We have a legitimate interest in processing for law enforcement. We delete the accruing data after the storage is no longer necessary or restrict the processing if there are legal retention obligations.
You can object to the processing. You have the right to object on grounds relating to your particular situation. You can send us your objection via the contact details mentioned in the section “Person responsible”.
Hosting
We use external hosting services provided by the hosting platform “Cloudways” of DigitalOcean, LLC (DigitalOcean HQ, 101 Avenue of the Americas (Grand St.), New York City, NY 10013, USA; hereinafter: “Cloudways”) to provide the following services: Infrastructure and platform services, computing capacity, storage resources and database services, security and technical maintenance services. For these purposes, all data – including the access data mentioned under the point “Use of our website” – which are necessary for the operation and use of our website are processed. The legal basis for the processing is Art. 6 para. 1 p. 1 lit. f) GDPR. By using external hosting services, we pursue an efficient and secure provision of our website.
“Cloudways” may also process your data in the USA. There is no EU Commission adequacy decision for a data transfer to the USA. So-called standard contractual clauses have been concluded with DigitalOcean, LLC in order to commit DigitalOcean, LLC to an adequate level of data protection. Further information on data processing at “Cloudways” and the standard contractual clauses concluded with DigitalOcean, LLC can be found at: https://www.digitalocean.com/legal/data-processing-agreement.
You can object to the processing. You have the right to object on grounds relating to your particular situation. You can send us your objection via the contact details mentioned in the section “Person responsible”.
Content Delivery Network
Cloudflare
In addition, we use the services of the Content Delivery Network (hereinafter: “CDN”) of “Cloudflare” (Cloudflare Germany GmbH, Rosental 7, 80331 Munich and Cloudflare, Inc., 101 Townsend St., San Francisco, CA 94107, USA; hereinafter: “Cloudflare”) on our website for the purpose of faster retrieval of our online offer. When you visit the website, a library from the “CDN” is temporarily stored on your end device in order to avoid reloading the content. In the process, your IP address is transmitted to the provider in the USA. “Cloudflare” processes your data partly in the USA. There is no adequacy decision of the EU Commission for a data transfer to the USA. So-called standard contractual clauses have been concluded with Cloudflare, Inc. in order to commit Cloudflare, Inc. to an adequate level of data protection. You can view a copy of the standard contractual clauses at https://www.cloudflare.com/cloudflare-customer-dpa/. The legal basis of the processing is Art. 6 para. 1 p. 1 lit. f) GDPR. By using “Cloudflare”, we are pursuing the legitimate interest of faster retrievability as well as a more effective and improved presentation of our online offer. Further information on data protection and the storage period for “Cloudflare” can be found at: https://www.cloudflare.com/de-de/privacypolicy/.
You may object to the processing if it is based on Art. 6 (1) p. 1 lit. f) GDPR. Your right to object exists for reasons arising from your particular situation. You can send us your objection via the contact details mentioned in the section “Person responsible”.
Integration of third party content
Third-party content from other websites is integrated on the website. This integration always requires that the providers of this content (“third-party providers”) are aware of the IP addresses of the users. Without the IP address, they cannot send the content to the browser of the respective user. The IP address is therefore necessary for the presentation of this content. In the following, we inform you about the services of external providers currently used on our website as well as about the respective processing in individual cases and about your existing objection or revocation options:
Services for statistics and analysis and marketing purposes
We use third-party services for statistical, analytical and marketing purposes. This enables us to provide you with a user-friendly, optimised use of the website. The third-party providers use cookies, pixels, browser fingerprinting or other tracking technologies to control their services. In the following, we inform you about the services of external providers currently used on our website as well as about the respective processing in individual cases and about your existing revocation options.
Google Analytics 4
In order to optimally tailor our website to user interests, we use “Google Analytics”, a web analytics service provided by “Google” (Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland and Google, LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA; hereinafter: “Google” and “Google Analytics 4”). “Google Analytics 4” uses so-called “cookies”, which are stored on your end device for recognition purposes, as well as similar tracking methods for the recognition of end devices such as tracking pixels, device fingerprinting and programming interfaces (e.g. APIs and SDKs) in order to process information from your end device. For this purpose, a randomly generated identification number (cookie ID/device ID) is assigned to your end device. With the help of these technologies, “Google” processes the information generated about the use of our website by your end device as well as access data for the purpose of statistical analysis – e.g. call-up of a specific web page, number of unique visitors, entry and exit pages, dwell time, click, swipe and scroll behaviour, activation of buttons, registration for the newsletter, bounce rate and similar user interactions. For this purpose, it can also be determined whether different end devices belong to you or your household. Access data includes in particular the IP address, browser and device information, cookie ID/device ID, the website previously visited and the date and time of the server request. In “Google Analytics 4” systems, no individual IP addresses are logged or stored. At the moment the IP address is collected by Google in special local data centres in the EU, your IP address is used to determine location information. Subsequently, the IP address is deleted before the access data is stored in a data centre or on a server for “Google Analytics”. In “Google Analytics 4”, no precise data on the geographical location is provided, but only general location information such as the region and city of the location of the end device, which is derived from the IP address. “Google” will process this information for the purpose of evaluating your use of the website, compiling reports on website activity for us and, where separately indicated, providing us with other services relating to website activity. If you are registered with a Google service, “Google” can assign the website visit to your user account and create and evaluate user profiles across applications. In addition, a cross-platform analysis of user behaviour is carried out on websites and apps that use “Google Analytics 4” technologies. This makes it possible to record, measure and compare user behaviour in different environments. For example, scroll events of the user are automatically recorded, which should enable a better understanding of the use of websites and apps. For this purpose, different cookie IDs/device IDs are used for different end devices. Subsequently, we are provided with anonymised statistics on the use of the different platforms, compiled according to selected criteria. With the help of “Google Analytics 4”, target groups are automatically created for certain cookie IDs/device IDs or mobile advertising IDs, which are later used for individualised advertising targeting. Target group criteria that can be considered are, for example: Users who have viewed products but not added them to a shopping cart or added them to a shopping cart but not completed the purchase OR users who have purchased specific items. A target group comprises at least 100 users. With the help of the “Google Ads” tool, interest-based advertisements can then be displayed in search results. Similarly, users of websites can be recognised on other websites within the “Google” advertising network (in Google search, on “YouTube”, so-called “Google Ads” or on other websites) and presented with tailored advertisements based on the defined target group criteria. With regard to the storage of and access to information in your terminal device, the legal basis is § 25 para. 1 TTDSG; for further processing, the legal basis is Art. 6 para. 1 p. 1 lit. a) GDPR. “Google” also partially processes the data in the USA. There is no adequacy decision of the EU Commission for a data transfer to the USA. So-called standard contractual clauses have been concluded with Google, LLC in order to commit Google, LLC to an adequate level of data protection. You can obtain a copy of the standard contractual clauses at https://cloud.google.com/terms/sccs. Your data in connection with “Google Analytics 4” will be deleted at the latest after 24 months . Further information on data protection at “Google” can be found at: http://www.google.de/intl/de/policies/privacy.
Revocation of your consent to processing is possible at any time by pushing back the slider in the “Advanced settings” of the Consent Tool. In doing so, the lawfulness of the processing carried out on the basis of the consent until the revocation is not affected by the revocation.
Microsoft Clarity
In order to be able to optimally adapt our WebApp to user interests, we also use the “Microsoft Clarity” analysis service of Microsoft Corporation (One Microsoft Way, Redmond, WA 98052-6399, USA; hereinafter: “Microsoft” and “Microsoft Clarity”). “Microsoft Clarity ” records movements on our website in so-called heat maps. This allows us to track how users perceive our website and how they interact with it, e.g. through mouse movements, clicks and scrolling. This enables us to design our website in a better and more customer-friendly way by knowing which areas have been clicked on particularly often. To analyse the usage and click behaviour, “Microsoft Clarity” uses so-called “cookies” and other tracking technologies which are stored on your terminal device and which technically enable an analysis of the use of the website by your terminal device. The information generated by the “cookie” about your visit to our website is also transmitted to the “Microsoft” servers and stored there. In particular, information about your end device is processed, such as the IP address, device type and browser information, geographical location (country code only), preferred language, pages visited, date and time of access. “Microsoft” will use this information to statistically evaluate the use of our website and to create reports of the use. With regard to the storage of and access to information in your terminal device, the legal basis is § 25 para. 1 TTDSG; for further processing, the legal basis is Art. 6 para. 1 p. 1 lit. a) GDPR. “Microsoft” also partially processes the data in the USA. There is no adequacy decision of the EU Commission for a data transfer to the USA. So-called standard contractual clauses have been concluded with Microsoft Corporation in order to commit Microsoft Corporation to an adequate level of data protection. A copy of the standard contractual clauses can be obtained by request at https://go.microsoft.com/fwlink/p/?linkid=2126612. The storage period is 13 months. Further information on data protection and the storage period at “Microsoft” can be found at: https://privacy.microsoft.com/de-de/.
Revocation of your consent to processing is possible at any time by pushing back the slider in the “Advanced settings” of the Consent Tool. In doing so, the lawfulness of the processing carried out on the basis of the consent until the revocation is not affected by the revocation.