Status August 2023
Contents
- Name and address of the data controller
- Contact details of the data protection officer
- General information on data processing
- Rights of the data subject
- Provision of the website and creation of log files
- Use of cookies
- Email contact
- Online request
- Gift vouchers
- Payment via PayPal
- Creation of a customer account
- Booking
- Corporate presence
- Hosting
- Registration
- Use of plug-ins
- Integration of plug-ins via external service providers
1. Name and address of the data controller
Responsible party in accordance with the General Data Protection Regulation (GDPR) and other data protection regulations is:
Hotel Savoy GmbH
Turiner Straße 9
50668 Köln
Deutschland
+49 (0) 22116230
info@savoy.de
www.savoy.de
2. Contact details of the data protection officer
The data protection officer of the responsible party is:
DataCo GmbH
Dachauer Straße 65
80335 München
Deutschland
+49 (0) 89 7400 45840
www.dataguard.de
3. General information on data processing
i. Scope of the data processing
As a matter of principle, we process our users' data only insofar as this is necessary to provide a functional website as well as our content and services. The processing of users' data is generally only carried out with their consent. An exception applies in cases where it is not possible to obtain prior consent for factual reasons and the processing of the data is required by legal regulations.
ii. Legal basis for processing data
Insofar as we obtain the data subject's consent for processing operations involving personal information, Article 6 (1) sentence 1 lit. a of the GDPR serves as the legal basis.
When processing personal information required to fulfil a contract to which the data subject is a party, Article 6 (1) sentence 1 lit. b of the GDPR serves as the legal basis. This also applies to processing operations that are necessary for the implementation of pre-contractual measures.
Insofar as the processing of data is necessary to fulfil a legal obligation to which our company is subject, Article 6 (1) sentence 1 lit. c of the GDPR serves as the legal basis.
In the event that vital interests of the data subject or another natural person require the processing of data, Article 6 (1) sentence 1 lit. d of the GDPR serves as the legal basis.
If the processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 (1) sentence 1 lit. f GDPR serves as the legal basis for the processing.
iii. Data deletion and storage duration
The personal details of the data subject shall be deleted or blocked as soon as the purpose of the storage ceases to apply. Storage may also take place if provided for by the European or national legislator in EU regulations, laws or other provisions to which the responsible party is subject. Data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for conclusion or performance of a contract.
4. Rights of the data subject
If your data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the responsible party:
i. The right to information (Art. 15 GDPR)
You have the right to request confirmation from us as to whether data relating to you is being processed.
If this is the case, you have the right to be informed about this data and to receive the following information:
- Purposes of processing
- Categories of data
- Recipients or categories of recipients
- Planned storage duration or criteria for determining this duration
- The existence of the rights of rectification, erasure, restriction or objection
- Right of appeal to the appropriate supervisory authority
- If applicable, the origin of the data (if collected from a third party)
- If applicable, the existence of automated decision-making, including profiling with meaningful information about the logic involved, the scope and the expected effects
- If applicable, transfer of data to a third country or international organisation
ii. Right of correction (Art. 16 GDPR)
If your data is inaccurate or incomplete, you have the right to request immediate correction or completion.
iii. Right to restriction of processing (Art. 18 GDPR)
If one of the following conditions is met, you have the right to request restriction of the processing of your data:
- You contest the accuracy of your data for a period of time that allows us to verify the accuracy of the data.
- In the context of unlawful processing, you object to the erasure of the data and request the restriction of its use instead.
- We no longer need your data for the processing, but you need your data to assert, exercise or defend your legal rights, or
- after you have objected to the processing, for the duration of the examination as to whether our legitimate reasons outweigh your reasons.
iv. Right to erasure ("right to be forgotten") (Art. 17 GDPR)
If one of the following reasons applies, you have the right to request the immediate erasure of your data:
- Your data is no longer necessary for the processing purposes for which it was originally collected.
- You withdraw your consent and there is no other legal basis for the processing.
- You object to the processing and there are no overriding legitimate grounds for the processing, or you object in accordance with Article 21(2) of the GDPR.
- Your data are processed unlawfully.
- Erasure is necessary for compliance with a legal obligation under EU law or the law of the member state to which we are subject.
- The data was collected in relation to information society services offered in accordance with Article 8(1) of the GDPR.
Please note that the above grounds do not apply insofar as processing is necessary:
- to exercise the right to freedom of expression and information.
- to comply with a legal obligation or perform a task in the public interest to which we are subject.
- for reasons of public interest in the field of public health.
- for archival, scientific or historical research purposes in the public interest or for statistical purposes.
- to assert, exercise or defend legal claims.
v. Right to data portability (Art. 20 GDPR)
You have the right to receive your data in a structured, commonly used and machine-readable format or to request that it be transferred to another responsible party.
vi. Right to object to certain data processing (Art. 21 GDPR)
You have the right to object at any time on grounds relating to your particular situation to the processing of data relating to you, which is carried out on the basis of Article 6(1)(1)(e) or (f) of the GDPR, including any profiling based on these provisions.
If the data concerning you is processed for direct marketing purposes, you have the right to object at any time to the processing of data concerning you for such marketing; this also applies to profiling insofar as it is related to such direct marketing.
vii. Right to file a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to file a complaint with a supervisory authority if you consider that the processing of data concerning you infringes the GDPR. The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Article 78 GDPR. A list of the supervisory authorities with local jurisdiction in Germany can be found on the website of the Federal Commissioner for Data Protection at the following link: https://www.bfdi.bund.de/DE/Service/Anschriften/Laender/Laender-node.html.
5. Provision of the website and creation of log files
i. Description and scope of data processing
Whenever our website is accessed, our system automatically collects data and information from the computer system of the accessing computer.
The following data is collected:
- Information about the browser type and version
- The user's operating system
- The user's Internet service provider
- The user's IP address
- Date and time of access
- Websites from which the user's system accesses our website
- Web pages accessed by the user's system via our website
- Notification as to whether it was successful
This data is stored in the log files of our system. The data is not stored together with other data of the user.
ii. Purpose of data processing
The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user's computer. For this purpose, the user's IP address must be stored for the duration of the session.
The storage in log files is done to ensure the website's functionality. In addition, we use the data to optimise the website and ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not occur in this context.
These purposes are also our legitimate interest in data processing according to Art. 6 Para. 1 S. 1 lit. f GDPR.
iii. Legal basis for data processing
The legal basis for temporarily storing the data and the log files is Art. 6 para. 1 p. 1 lit. f GDPR.
iv. Duration of storage
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of data collection for the provision of the website, this is the case when the respective session has ended.
In the case of data storage in log files, this is the case after seven days at the latest. Storage beyond this period is possible. In this case, the users' IP addresses are deleted or alienated, so an assignment of the calling client is no longer possible.
v. Possibility to object
The collection of data for the provision of the website and the storage of the data in log files is essential for the website's operation. The user can object to this. Whether the objection is successful is to be determined within the framework of a balancing of interests.
6. Use of cookies
i. Description and scope of data processing
When you visit our website, we use technical aids for various functions, particularly cookies, which can be stored on your end device. When you call up our website, and at any time later, you have the choice of whether to generally allow the setting of cookies or which individual additional functions you would like to select. You can make changes in your browser settings or via our Consent Manager. Cookies are text files or information in a database stored on your hard drive and associated with your browser so that the entity setting the cookie can obtain certain information. Below, we describe the types of cookies we use:
We use technically necessary cookies, which are required for the website's technical structure. Without these cookies, our website cannot be displayed (fully correctly), or support functions are not possible.
The following data is stored and transmitted by the technically necessary cookies:
- Name of the accessed website
- Date and time of the server request
- Browser type and version
- Operating system
- IP address and requesting provider
- Referrer URL (Internet address of the previously visited page)
- Name of the file retrieved and amount of data transferred
- Indication as to whether the retrieval was successful
We use cookies on our website that are not technically necessary. Technically unnecessary cookies are text files that are not used solely for the website's functionality, but also collect other data.
By setting technically non-essential cookies, the following data is processed:
- IP address (anonymised)
- Location of the internet user (anonymised)
- Date and time of website access
- Tracking of surfing behaviour
ii. Purpose of data processing
The purpose of using technically necessary cookies is to ensure the functionality of our website. Some functions of our website cannot be offered without the use of cookies. For these, the browser must be recognised again even after a page change.
We require the technically necessary cookies for the following applications:
- Acceptance of language settings
The use of technically unnecessary cookies is to improve the quality of our website, its content and thus, our reach and profitability. By setting these cookies, we learn how the website is used and can continually optimise our offer. In particular, we use these cookies for the following purposes:
- Marketing and analysis using Matomo
- Map services
iii. Legal basis for data processing
The provisions of the Telecommunications Telemedia Data Protection Act (TTDSG) are relevant for the storage of information in the end user's terminal equipment and/or access to information already stored in the end user's terminal equipment. If the setting and reading of cookies is technically necessary, this is done to ensure the functionality of our website. In this case, the storage of and access to cookies on your terminal equipment is carried out on the basis of § 25 para. 2 no. 2 TTDSG. This storage of and access to the information in your terminal equipment serves to facilitate your use of our website and to be able to offer you our services as requested by you. Some website functions would not work without these cookies and could therefore not be offered. The cookies are generally deleted after the session ends (e.g. logging out or closing the browser) or after the expiry of a specified duration. Information on different storage periods for cookies can be found in the following sections of this data protection declaration.
Where cookies are used that are not technically necessary, this is done on the basis of your express consent, which you can give via the cookie banner. The basis for storing and accessing information in this case is § 25 para. 1 TTDSG in conjunction with. Art. 6 para. 1 lit. a), Art. 7 GDPR. You can revoke your consent at any time with effect for the future or subsequently grant it again by configuring your settings for cookies accordingly. Alternatively, you can prevent the storage of cookies by making the appropriate settings in your browser software. Please note that the browser settings you make only affect the browser you are using. If data is processed following the storage of and access to the information on your terminal equipment, the provisions of the GDPR are relevant. Information on this can be found in the following sections of this data protection declaration.
7. Email contact
i. Description and scope of data processing
It is possible to contact us via the email address provided on our website. In this case, the user's data transmitted with the email will be stored.
The data is used exclusively for processing the conversation.
ii. Purpose of data processing
In the event of contact via email, this also constitutes the necessary legitimate interest in processing the data.
iii. Legal basis for data processing
The legal basis for processing the data transmitted in the course of sending an email is Art. 6 para. 1 lit. f GDPR. Our legitimate interest is to respond optimally to the enquiry you send by email.
If the email contact aims to conclude a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR.
iv. Duration of storage
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For data sent by email, this is the case when the respective conversation with the user has ended. The conversation ends when the circumstances indicate that the matter has been clarified.
Any additional data collected during the sending process is deleted after 2 months at the latest.
v. Possibility to object
If the user contacts us by email, they can object to the storage of their data at any time. In such a case, the conversation cannot be continued.
Please send your objection to: info@savoy.de. All data stored in the course of contacting us will be deleted in this case.
8. Online request
i. Description and scope of data processing
Our website contains a contact form which can be used to contact us electronically. If a user makes use of this option, the data entered in the input mask is transmitted to us and stored.
The following data is stored at the time the message is sent:
- Email address
- Last name
- First name
- Phone / mobile phone number (optional)
- IP address of the accessing computer
- Date and time of contact
- Free text field for a message
ii. Purpose of data processing
The processing of data from the input mask of the contact form or via the email address provided serves solely to process the contact.
The other data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.
iii. Legal basis for data processing
The legal basis for the processing of data transmitted in the course of sending an email is Art. 6 para. 1 p. 1 lit. f GDPR. Our legitimate interest is to optimally answer the enquiry you send to us via the contact form. If the email contact aims to conclude a contract, the additional legal basis for the processing is Art. 6 para. 1 p. 1 lit. b GDPR.
iv. Duration of storage
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the data from the input mask of the contact form and those sent by email, this is the case when the respective conversation with the user has ended. The conversation ends when the circumstances indicate that the matter has been resolved.
Any additional data collected during the sending process is deleted after 2 months at the latest.
v. Possibility to object
If the user contacts us via the input mask in the contact form, they can object to the storage of their data at any time.
Please send your objection to: info@savoy.de. All data stored in the course of contacting us will be deleted in this case.
9. Gift vouchers
i. Scope of the data processing
You have the opportunity to choose from a wide range of voucher offers on our website and to add them to your shopping basket and purchase them. If a user takes advantage of this option, the data entered in the input mask is transmitted to us and stored as part of the ordering process. The following data is processed in the transaction:
- Email address
- Form of address
- First name
- Last name
- Street
- Address suffix
- Post code
- City
- Phone (optional)
ii. Purpose of data processing
The data is processed for the purpose of purchasing gift vouchers on our website.
iii. Legal basis for data processing
The legal basis here results from Art. 6 I lit. b) GDPR for the conclusion of the contract as well as the execution of the contract.
iv. Duration of storage
The personal information of the person concerned is deleted or blocked as soon as the purpose of the storage no longer applies. In addition, data may be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which those responsible are subject. The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need to continue storing the data for the conclusion or fulfilment of a contract.
10. Payment by PayPal
i. Description and scope of data processing
When purchasing vouchers, it is possible to process the payment transaction with the payment service provider PayPal. In addition to a direct payment method, PayPal also offers purchase on account, direct debit, credit card and payment by instalment.
The European operating company of PayPal is PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg (hereinafter referred to as "PayPal").
If you choose PayPal as your payment method, your data required for the payment process will be automatically transmitted to PayPal. Processed data:
- Last name
- Address
- Email address
- Phone / mobile phone number
- IP address
- Bank details
- Card number
- Expiry date and CVC code
- Number of items
- Item number
- Data on goods and services
- Transaction total and tax duties
- Details of previous purchasing behaviour
PayPal may transfer the data transmitted to PayPal to credit agencies. The purpose of this transmission is to check your identity and creditworthiness.
PayPal may also pass on your data to third parties if this is necessary to fulfil contractual obligations or if the data is to be processed on your behalf. When transferring your data within companies affiliated with PayPal, the Binding Corporate Rules approved by the relevant supervisory authorities apply. You can find them here: https://www.paypal.com/de/webapps/mpp/ua/bcr
Other data transfers may be based on contractual protections. For more information, please contact PayPal.
All PayPal transactions are subject to PayPal's data protection declaration. You can find this at: https://www.paypal.com/de/webapps/mpp/ua/privacy-full
11. Creation of a customer account
i. Scope of the data processing
Our website allows you to create a customer account to save a lot of clicks on your next order. The following data is processed:
- Email address
- Form of address
- First name
- Last name
- Street
- Address suffix
- Post code
- City
- Phone (optional)
ii. Purpose of data processing
The data is required to create your customer account.
iii. Legal basis for data processing
The legal basis for the data processing is based on your consent, in accordance with Art. 6 I lit. a) GDPR.
iv. Duration of storage
The personal information of the person concerned is deleted or blocked as soon as the purpose of the storage no longer applies. In addition, data may be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which those responsible are subject. The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need to continue storing the data for the conclusion or fulfilment of a contract.
v. Withdrawal option
You have the right to revoke your declaration of consent under data protection law at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
12. Booking
i. Scope of the data processing
Our website offers you the possibility to book hotel rooms. For online room reservations, we use OnePageBooking/cBooking of HotelNetSolutions GmbH, Genthiner Straße 8, 10785 Berlin. By clicking on "Book", a browser window opens that will redirect you to the website of OnePageBooking/cBooking. Information on the data protection of HotelNetSolutions GmbH can be found here: https://hotelnetsolutions.de/Datenschutz.
If you would like to book a room with us, it is necessary for the conclusion of the contract that you provide your personal information, which we require to process your booking. Mandatory data required to process the contract are marked separately; other data are voluntary. The data is entered in an input mask and transmitted to us, then stored.
The following data is collected during the booking process:
- IP-Address
- Date and time of booking
- Room category and number of people
- Travel period
- If applicable, extras (special packages, restaurant, facilities, etc.)
- If applicable, comments to the hotel (requests)
- Form of address
- First and last name of the person making the booking
- First and last name of the guest (if different from the booking party)
- Address (street, house number, address suffix, postcode)
- Email address
- Phone number
- Billing address, if different
- Country
- Credit card details (credit card number, validity, CVC code, card holder)
Data is also forwarded to the corresponding payment service providers. Data is only passed on to third parties if it is necessary to process the contract, for billing purposes, for collecting the fee, or if you have expressly consented to this. In this regard, we only pass on the data required in each case.
The data recipients are:
- The respective delivery/shipping company (forwarding of name and address)
- Debt collection companies, insofar as the payment has to be collected (disclosure of name, address, order details)
- Payment institutions to collect debts, insofar as you have chosen direct debit as the method of payment
as well as payment service providers - depending on the choice of payment method.
ii. Purpose of data processing
The data processing is performed to carry out the booking.
iii. Legal basis for data processing
The legal basis is Art. 6 para. 1 lit. b GDPR. With regard to voluntary data, the legal basis for the processing of data is Art. 6 (1) lit. a GDPR. There is an order processing contract between those responsible and HotelNetSolutions GmbH. The mandatory data collected is necessary to fulfil the contract with the user (to provide the goods or service and confirm the contract's content). We therefore use the data to answer your enquiries, to process your booking, if necessary, to check creditworthiness or to recover a debt and for technical administration of the websites. The voluntary data is used to prevent misuse and, if necessary, to investigate criminal offences.
iv. Duration of storage
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. Due to commercial and tax law requirements, we are obliged to store your address, payment and order data for ten years after the execution of the contract. However, we restrict processing after 6 years, i.e. your data is only used to comply with legal obligations. If a continuing obligation exists between us and the user, we store the data for the entire duration of the contract and ten years thereafter (see above). With regard to data provided voluntarily, we will delete the data 2 years after execution of the contract, provided that no further contract is concluded with the user during this period; in this case, the data is deleted upon expiry of 6 years after the execution of the last contract.
If the data is required to fulfil a contract or to carry out pre-contractual measures, early deletion of the data is only possible insofar as contractual or legal obligations do not prevent deletion. Otherwise, you are free to have the data provided during registration completely deleted from the data stock of the responsible party. With regard to voluntary data, you can declare your revocation to the person responsible at any time. In this case, the data provided voluntarily will be deleted immediately.
v. Withdrawal option
You have the right to revoke your declaration of consent under data protection law at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
13. Corporate presence
Use of our corporate presence in social networks
Instagram:
Instagram, Part of Meta Platforms Ireland Ltd., 4 Grand Canal Square Grand Canal Harbour, Dublin 2 Ireland
On our company page, we provide information and offer Instagram users the opportunity to communicate. If you carry out an action on our Instagram company page (e.g. comments, posts, likes, etc.), it is possible that you will make data (e.g. your full name or a photo of your user profile) public. However, as we generally or to a large extent have no influence on the processing of your data by Instagram, the company jointly responsible for the Hotel Savoy GmbH corporate presence, we cannot provide any binding information on the purpose and scope of the processing of your data.
We use our corporate presence in social networks for communication and information exchange with (potential) customers. In particular, we use the company website for:
- The provision of information
In this context, publications about the company's presence may include the following content:
- Information about products
- Information about services
Each user is free to publish data through activities.
Insofar as we process your data to evaluate your online behaviour, offer you competitions or conduct lead campaigns, this is done on the basis of your express declaration of consent, Art. 6 para. 1 p. 1 lit. a, Art. 7 GDPR. The legal basis for processing data to communicate with customers and interested parties is Art. 6 para. 1 p. 1 lit. f GDPR. Our legitimate interest here is to answer your enquiry in the best possible way or to be able to provide the requested information. If the aim of contacting you is to conclude a contract, the additional legal basis for the processing is Art. 6 (1) lit. b GDPR.
The data generated on our corporate presence is not stored in our own systems.
You can object at any time to the processing of your data that we collect in the course of your use of our Instagram corporate presence and assert your data subject rights as stated under IV. of this data privacy declaration. To do so, send us an informal email to info@savoy.de.
Further information on the processing of your data by Instagram and the corresponding objection options can be found here:
Instagram: https://help.instagram.com/519522125107875
Twitter:
Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, Ireland
On our company page, we provide information and offer Twitter users the opportunity to communicate. If you perform an action on our Twitter company website (e.g. comments, posts, likes, etc.), it is possible that you will make data (e.g. your real name or a photo of your user profile) public. However, as we generally or to a large extent have no influence on the processing of your data by Twitter, the company jointly responsible for the Hotel Savoy GmbH corporate presence, we cannot provide any binding information on the purpose and scope of the processing of your data.
Our corporate presence in social networks is used for communication and information exchange with (potential) customers. In particular, we use the corporate presence for:
General information
In this context, publications about the company's presence may include the following content:
- Information about services
Each user is free to publish data through activities.
Insofar as we process your data to evaluate your online behaviour, offering you competitions or conducting lead campaigns, this is done on the basis of your express declaration of consent, Art. 6 para. 1 p. 1 lit. a, Art. 7 GDPR. The legal basis for processing data to communicate with customers and interested parties is Art. 6 para. 1 p. 1 lit. f GDPR. Our legitimate interest here is to answer your enquiry in the best possible way or to be able to provide the requested information. If the aim of contacting you is to conclude a contract, the additional legal basis for the processing is Art. 6 (1) lit. b GDPR.
The data generated on our corporate presence is not stored in our own systems.
We have provided appropriate safeguards for processing your data in third countries in the form of standard data protection clauses pursuant to Art. 46 (2) c of the GDPR. A copy of the standard data protection clauses can be requested from us.
You can object at any time to the processing of your data that we collect in the course of your use of our Twitter corporate presence and assert your data subject rights as set out in IV. of this data privacy declaration. To do so, send us an informal email to info@savoy.de.
Further information on the processing of your data by Twitter and the corresponding objection options can be found here:
Twitter: https://twitter.com/de/privacy
14. Hosting
The website is hosted on our own servers. Third parties do not have access to server log files.
The servers automatically collect and store information in so-called server log files, which your browser automatically transmits when visiting the website. The information stored is:
- Browser type and version
- Operating system
- Referrer URL
- Host name of accessing computer
- Date and time of the server request
- IP address
This data is not merged with other data sources. The collection of this data is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimisation of its website - for this purpose, the server log files must be collected.
The geographic location of the website server is in the following third country:
- Strasbourg, France
15. Registration
i. Description and scope of data processing
We offer users of our website the opportunity to register by providing data. The data is entered into an input mask, transmitted to us, and stored. The data is not passed on to third parties. The following data is collected during the registration process:
- Email address
- Last name
- First name
- Address
- Phone / mobile phone number
- IP address of the accessing computer
- Date and time of registration
The user's consent to the processing of this data is obtained as part of the registration process.
ii. Purpose of the data processing
Registration of the user is necessary for the fulfilment of a contract with the user or for the implementation of pre-contractual measures.
Voucher purchase / booking
iii. Legal basis for data processing
The legal basis for data processing is Art. 6 para. 1 p. 1 lit. a GDPR if the user has given their consent.
If the registration serves the fulfilment of a contract to which the user is a contracting party or the implementation of pre-contractual measures, the additional legal basis for the processing of the data is Art. 6 para. 1 p. 1 lit. b GDPR.
iv. Duration of storage
The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected.
This is the case for data collected during the registration process to fulfil a contract or the implementation of pre-contractual measures when the data is no longer required to implement the contract. Even after the conclusion of the contract, there may be a need to store data of the contractual partner to comply with contractual or legal obligations.
v. Possibility of revocation in case of consent
As a user, you have the option to cancel your registration at any time. You can have the data stored about you changed at any time.
Personal request
If the data is required to fulfil a contract or implement pre-contractual measures, early deletion of the data is only possible insofar as contractual or legal obligations do not prevent deletion.
16. Plug-ins used
We use plug-ins for various purposes. The plug-ins used are listed below:
Use of Matomo
i. Scope of the data processing
We use the open-source software tool Matomo on our website to analyse the surfing behaviour of our website visitors. Matomo is an open-source tool for web analysis. Matomo does not collect session data without your consent.
Matomo uses cookies. These text files are stored on your terminal device and enable us to analyse the use of our website.
The following data is collected when you visit our website:
- 2 bytes of the IP address of the user's accessing system
- The web page called up
- The web page from which the user arrived at the accessed web page (referrer)
- The sub-pages accessed from the web page called up
- The time spent on the website
- The frequency with which the website is accessed
ii. Legal basis for processing data
The legal basis for processing the data of website visitors is § 25 I TTDSG in conjunction with Art. 6 para. Art. 6 para. 1 lit. a), Art. 7 GDPR.
iii. Purpose of the data processing
Processing the data of website visitors enables us to analyse the surfing behaviour of our website visitors. With the data obtained through the analysis, we are able to compile information about the use of the individual components of our web page. This helps us to continuously improve our website and its user-friendliness. By anonymising the IP address, we take sufficient account of the user's interest in protecting their data.
iv. Duration of storage
Your personal information is stored for as long as is necessary to fulfil the purposes described in this data protection declaration or until you exercise your right of revocation.
v. Possibility of objection and deletion
Cookies are stored on the user's computer and transmitted to us by the user. As a user, you therefore have full control over the use of cookies. By changing the settings in your internet browser, you can deactivate or restrict the transmission of cookies. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our web page, it may no longer be possible to use all the functions of the web page to their full extent.
More information on the privacy settings of the Matomo software can be found at the following link: https://matomo.org/docs/privacy.
17. Integration of plug-ins via external service providers
Use of Google Maps
i. Scope of the data processing
We use the online map service Google Maps of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA and the representative in the Union Google Ireland Ltd, Gordon House, Barrow Street, D04 E5W5, Dublin, Ireland (hereinafter referred to as Google). We use the Google Maps plug-in to visually display geographical data and embed it in our online presence. By using Google Maps on our online presence, information about the use of our online presence, your IP address and addresses entered in the route planning function are transmitted to a Google server and stored there.
Further information on the processing of data by Google can be found here:
https://policies.google.com/privacy?gl=DE&hl=de
ii. Purpose of the data processing
The use of the Google Maps plug-in serves to improve user-friendliness and attractiveness presentation of our online presence.
iii. Legal basis for processing data
The legal basis for processing users' data is generally the user's consent in accordance with Art. 6 Para. 1 S.1 lit. a GDPR.
iv. Duration of storage
Your personal information is stored for as long as is necessary to fulfil the purposes described in this data protection declaration or as required by law.
v. Possibility of revocation and deletion
You have the right to revoke your declaration of consent under data protection law at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
You can block the collection and processing of your data by Google by preventing third-party cookies from being stored on your computer, by using the "Do Not Track" function of a supporting browser, by disabling the execution of script code in your browser or by installing a script blocker such as NoScript (https://noscript.net) or Ghostery (https://www.ghostery.com) in your browser.
You can deactivate the use of your data by Google using the following link:
https://adssettings.google.de
For more information on the possibilities of revocation and deletion vis-à-vis Google, please visit:
https://policies.google.com/privacy?gl=DE&hl=de
This data protection declaration was created with the support of DataGuard.