Conception and Design
Grafikbohne | Chantalle Alberstadt
Web
www.grafikbohne.de
www.fb.com/grafikbohne
Email
mail@grafikbohne.de
Implementation
meadow brook GmbH & Co. KG
Web: www.meadowbrook.io
Privacy Policy
Data Protection at a Glance
General Information
The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data refers to all data by which you can be personally identified. Detailed information on data protection can be found in our privacy policy listed below this text.
Data Collection on this Website
Who is responsible for data collection on this website?
The data processing on this website is carried out by the website operator. Their contact details can be found in the section “Information about the responsible party” in this privacy policy.
How do we collect your data?
Your data is collected in part by you providing it to us. This can be, for example, data you enter into a contact form. Other data is automatically collected or, with your consent, by our IT systems when you visit the website. These are primarily technical data (e.g., internet browser, operating system, or time of page access). This data is collected automatically as soon as you enter this website.
What do we use your data for?
Part of the data is collected to ensure the error-free provision of the website. Other data may be used to analyze your user behavior.
What rights do you have regarding your data?
You have the right to receive information free of charge at any time about the origin, recipients, and purpose of your stored personal data. You also have the right to request the correction or deletion of this data. If you have given your consent to data processing, you can revoke this consent at any time for the future. You also have the right, under certain circumstances, to request the restriction of the processing of your personal data. Furthermore, you have the right to lodge a complaint with the competent supervisory authority. For this purpose and other questions regarding data protection, you can contact us at any time.
Analysis Tools and Tools from Third-Party Providers
When you visit this website, your surfing behavior may be statistically analyzed. This is primarily done using so-called analysis programs. Detailed information on these analysis programs can be found in the following privacy policy.
Hosting
We host the content of our website with the following provider:
Hetzner
The provider is Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen (hereinafter Hetzner).
For details, please refer to Hetzner’s privacy policy: https://www.hetzner.com/de/rechtliches/datenschutz.
The use of Hetzner is based on Art. 6 (1) (f) GDPR. We have a legitimate interest in the most reliable presentation of our website. If appropriate consent has been requested, processing is carried out exclusively based on Art. 6 (1) (a) GDPR and § 25 (1) TTDSG, insofar as the consent includes the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) within the meaning of the TTDSG. The consent can be revoked at any time.
Conclusion of a Contract for Order Processing
We have entered into a contract for order processing (AVV) to use the aforementioned service. This is a contract required by data protection law, which ensures that this service processes personal data of our website visitors only according to our instructions and in compliance with the GDPR.
General Information and Mandatory Information
Data Protection
The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy.
When you use this website, various personal data are collected. Personal data are data with which you can be personally identified. This privacy policy explains what data we collect and what we use it for. It also explains how and for what purpose this happens.
We would like to point out that data transmission over the Internet (e.g., communication via email) can have security gaps. Complete protection of data from access by third parties is not possible.
Notice on the Responsible Party
The responsible party for data processing on this website is:
ARIVA Hotel GmbH
Wilhelm-Wundt-Str. 19
68199 Mannheim
Phone: +49 621 8607-0
Email: info@ariva-hotel.de
The responsible party is the natural or legal person who, alone or jointly with others, determines the purposes and means of processing personal data (e.g., names, email addresses, etc.).
Storage Period
Unless a more specific storage period is stated within this privacy policy, your personal data will remain with us until the purpose for data processing no longer applies. If you assert a legitimate request for deletion or revoke your consent for data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g., retention periods under tax or commercial law); in the latter case, the data will be deleted after these reasons no longer apply.
General Information on the Legal Basis for Data Processing on This Website
If you have consented to data processing, we process your personal data based on Art. 6 (1) (a) GDPR or Art. 9 (2) (a) GDPR, if special categories of data according to Art. 9 (1) GDPR are processed. In the case of explicit consent to the transfer of personal data to third countries, data processing is also based on Art. 49 (1) (a) GDPR. If you consent to the storage of cookies or access to information in your device (e.g., via device fingerprinting), the data processing is additionally based on § 25 (1) TTDSG. Consent can be revoked at any time. If your data is necessary for contract performance or for the implementation of pre-contractual measures, we process your data based on Art. 6 (1) (b) GDPR. Furthermore, we process your data if this is necessary to fulfill a legal obligation based on Art. 6 (1) (c) GDPR. Data processing may also be based on our legitimate interest according to Art. 6 (1) (f) GDPR. Information on the specific legal basis for each individual case can be found in the following sections of this privacy policy.
Data Protection Officer
We have appointed a data protection officer for our company:
ARIVA Hotel GmbH
Wilhelm-Wundt-Str. 19
68199 Mannheim
Phone: +49 621 8607-2847
Email: dsb@dus.de
Note on Data Transfer to Third Countries That Are Not Secure from a Data Protection Standpoint and to U.S. Companies That Are Not DPF-Certified
We use tools from companies based in third countries that are not secure from a data protection standpoint, as well as U.S. tools whose providers are not certified under the EU-US Data Privacy Framework (DPF). If these tools are active, your personal data may be transferred to and processed in these countries. We would like to point out that no comparable level of data protection as in the EU can be guaranteed in these third countries.
We note that the USA is generally considered a safe third country. Data transfers to the USA are permitted if the recipient is certified under the “EU-US Data Privacy Framework” (DPF) or has suitable additional guarantees. Information about data transfers to third countries, including the data recipients, can be found in this privacy policy.
Recipients of Personal Data
In the course of our business activities, we work with various external parties. In some cases, it is necessary to transfer personal data to these external parties. We only share personal data with external parties if it is necessary for contract fulfillment, if we are legally required to do so (e.g., transfer of data to tax authorities), if we have a legitimate interest in doing so according to Art. 6 (1) (f) GDPR, or if another legal basis permits the data transfer. When using data processors, we only transfer personal data of our customers based on a valid order processing contract. In the case of joint processing, a joint processing agreement is concluded.
Revocation of Your Consent to Data Processing
Many data processing operations are only possible with your express consent. You can revoke consent you have already given at any time. The legality of the data processing carried out until the revocation remains unaffected by the revocation.
Right to Object to Data Collection in Special Cases and to Direct Advertising (Art. 21 GDPR)
IF THE DATA PROCESSING IS BASED ON ART. 6 (1) (E) OR (F) GDPR, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA AT ANY TIME FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. THE RESPECTIVE LEGAL BASIS ON WHICH THE PROCESSING IS BASED CAN BE FOUND IN THIS PRIVACY POLICY. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR AFFECTED PERSONAL DATA UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING THAT OVERRIDE YOUR INTERESTS, RIGHTS, AND FREEDOMS, OR THE PROCESSING SERVES THE ASSERTION, EXERCISE, OR DEFENSE OF LEGAL CLAIMS (OBJECTION UNDER ART. 21 (1) GDPR).
IF YOUR PERSONAL DATA IS PROCESSED FOR DIRECT ADVERTISING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR THE PURPOSE OF SUCH ADVERTISING; THIS ALSO APPLIES TO PROFILING INSOFAR AS IT IS RELATED TO SUCH DIRECT ADVERTISING. IF YOU OBJECT, YOUR PERSONAL DATA WILL NO LONGER BE USED FOR DIRECT ADVERTISING PURPOSES (OBJECTION UNDER ART. 21 (2) GDPR).
Right to Complain to the Competent Supervisory Authority
In the event of violations of the GDPR, the data subjects have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, place of work, or the place of the alleged violation. The right to lodge a complaint exists without prejudice to other administrative or judicial remedies.
Right to Data Portability
You have the right to have data that we process automatically based on your consent or in fulfillment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done insofar as it is technically feasible.
Access, Rectification, and Deletion
Within the framework of the applicable legal provisions, you have the right to free information about your stored personal data, its origin and recipients, and the purpose of data processing, and, if necessary, a right to rectify or delete this data at any time. For this purpose, as well as for further questions on the subject of personal data, you can contact us at any time.
Right to Restrict Processing
You have the right to request the restriction of the processing of your personal data. You can contact us at any time for this purpose. The right to restrict processing exists in the following cases:
•If you contest the accuracy of your personal data stored with us, we usually need time to verify this. For the duration of the review, you have the right to request the restriction of the processing of your personal data.
•If the processing of your personal data was/is unlawful, you can request the restriction of data processing instead of deletion.
•If we no longer need your personal data, but you need it to exercise, defend, or assert legal claims, you have the right to request the restriction of the processing of your personal data instead of deletion.
•If you have lodged an objection under Art. 21 (1) GDPR, a balance must be struck between your and our interests. As long as it has not yet been determined whose interests prevail, you have the right to request the restriction of the processing of your personal data.
If you have restricted the processing of your personal data, such data – apart from its storage – may only be processed with your consent or for the establishment, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or a Member State.
SSL or TLS Encryption
This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or inquiries you send to us as the site operator. You can recognize an encrypted connection by the browser’s address bar changing from “http://” to “https://” and by the lock icon in your browser bar.
If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.
Objection to Advertising Emails
We hereby object to the use of contact data published as part of the imprint obligation for sending unsolicited advertising and information materials. The operators of the sites expressly reserve the right to take legal action in the event of unsolicited advertising, such as spam emails.
Data Collection on Our Website
Cookies
Our internet pages use so-called “cookies.” Cookies are small data packets that do no harm to your device. They are either stored temporarily for the duration of a session (session cookies) or permanently (persistent cookies) on your device. Session cookies are automatically deleted after your visit. Persistent cookies remain on your device until you delete them, or your web browser automatically deletes them.
Cookies can come from us (first-party cookies) or from third-party companies (so-called third-party cookies). Third-party cookies allow the inclusion of certain services provided by third-party companies within websites (e.g., cookies for handling payment services).
Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g., the shopping cart function or displaying videos). Other cookies may be used to evaluate user behavior or display advertising.
Cookies that are necessary for electronic communication or the provision of certain functions you have requested (e.g., for the shopping cart function) or to optimize the website (e.g., cookies to measure the web audience) are stored based on Art. 6 (1) (f) GDPR unless another legal basis is specified. The website operator has a legitimate interest in storing necessary cookies to provide its services optimally and without technical errors. If consent for the storage of cookies and comparable recognition technologies has been requested, the processing is carried out exclusively based on this consent (Art. 6 (1) (a) GDPR and § 25 (1) TTDSG); consent can be revoked at any time.
You can configure your browser to inform you when cookies are set, allow cookies only in individual cases, exclude cookies for certain cases or generally, and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be restricted.
Which cookies and services are used on this website can be found in this privacy policy.
Real Cookie Banner
Our website uses Real Cookie Banner’s consent technology to obtain your consent for storing certain cookies on your device or using certain technologies and to document this consent in a privacy-compliant manner. The provider of this technology is devowl.io GmbH, Tannet 12, 94539 Grafling (hereinafter “Real Cookie Banner”).
Real Cookie Banner is installed locally on our servers, meaning no connection is made to Real Cookie Banner provider’s servers. Real Cookie Banner stores a cookie in your browser to link the consent you have given or revoked. The collected data is stored until you request its deletion, delete the Real Cookie Banner cookie yourself, or the purpose for storing the data no longer applies. Mandatory legal retention periods remain unaffected.
The use of Real Cookie Banner serves to obtain legally required consent for the use of cookies. The legal basis for this is Art. 6 (1) (c) GDPR.
Server Log Files
The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:
•Browser type and version
•Operating system used
•Referrer URL
•Hostname of the accessing computer
•Time of the server request
•IP address
This data is not combined with other data sources.
The collection of this data is based on Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimization of its website; for this purpose, the server log files must be collected.
Contact Form
If you send us inquiries via the contact form, the information you provide in the inquiry form, including the contact details you provide, will be stored by us to process the inquiry and in case of follow-up questions. We do not share this data without your consent.
The processing of this data is based on Art. 6 (1) (b) GDPR, provided your inquiry is related to fulfilling a contract or is necessary for carrying out pre-contractual measures. In all other cases, processing is based on our legitimate interest in effectively processing inquiries addressed to us (Art. 6 (1) (f) GDPR) or your consent (Art. 6 (1) (a) GDPR) if requested; consent can be revoked at any time.
The data you enter in the contact form will remain with us until you request deletion, revoke your consent for storage, or the purpose for data storage no longer applies (e.g., after completing your request). Mandatory legal provisions, particularly retention periods, remain unaffected.
Inquiry by Email, Phone, or Fax
If you contact us by email, phone, or fax, your inquiry, including all personal data (name, inquiry), will be stored and processed for the purpose of handling your request. We do not share this data without your consent.
The processing of this data is based on Art. 6 (1) (b) GDPR if your inquiry is related to the fulfillment of a contract or is necessary for carrying out pre-contractual measures. In all other cases, the processing is based on your consent (Art. 6 (1) (a) GDPR) if obtained, or on our legitimate interests (Art. 6 (1) (f) GDPR), as we have a legitimate interest in the effective handling of inquiries addressed to us.
The data you send us via contact requests will remain with us until you request deletion, revoke your consent for storage, or the purpose for data storage no longer applies (e.g., after your request has been completed). Mandatory statutory provisions, in particular statutory retention periods, remain unaffected.
Social Media
Elements of the social network Facebook are integrated into this website. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. According to Facebook, the collected data is also transferred to the USA and other third countries.
You can find an overview of Facebook’s social media elements here: https://developers.facebook.com/docs/plugins/?locale=de_DE.
When the social media element is active, a direct connection is established between your device and the Facebook server. This allows Facebook to receive information that you have visited this website with your IP address. If you click the Facebook “Like” button while logged into your Facebook account, you can link the content of this website to your Facebook profile. This allows Facebook to associate your visit to this website with your user account.
We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by Facebook. For more information, please refer to Facebook’s privacy policy at: https://de-de.facebook.com/privacy/explanation.
The use of the Facebook elements is based on your consent (Art. 6 (1) (a) GDPR and § 25 TTDSG). Consent can be revoked at any time. If consent was not requested, the use of this service is based on our legitimate interest in ensuring the broadest possible visibility on social media platforms (Art. 6 (1) (f) GDPR).
If personal data is collected on our website and forwarded to Facebook through the use of the tool, we, along with Meta Platforms Ireland Limited, are jointly responsible for this data processing (Art. 26 GDPR). However, our joint responsibility is limited to the collection of the data and its transmission to Facebook. Any subsequent processing by Facebook is not part of this joint responsibility. The obligations incumbent on us jointly have been set out in a joint processing agreement. You can find the details of this agreement at: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing the privacy information when using the Facebook tool and for ensuring the secure integration of the tool on our website. Facebook is responsible for the security of Facebook products. You can assert your rights (e.g., requests for information) regarding the data processed by Facebook directly with Facebook. If you assert your rights with us, we are obligated to forward your request to Facebook.
The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum, https://de-de.facebook.com/help/566994660333381, and https://www.facebook.com/policy.php.
The company has a certification according to the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA designed to ensure compliance with European data protection standards in the USA. Any company certified under the DPF agrees to comply with these data protection standards. More information is available from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000GnywAAC&status=Active.
Functions of the Instagram service are integrated into this website. These functions are provided by Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.
If the social media element is active, a direct connection between your device and the Instagram server is established. Instagram receives information about your visit to this website.
If you are logged into your Instagram account, you can link the content of this website to your Instagram profile by clicking the Instagram button. This allows Instagram to associate your visit to this website with your user account.
We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by Instagram.
The use of the Instagram plugin is based on your consent (Art. 6 (1) (a) GDPR and § 25 TTDSG). Consent can be revoked at any time. If consent was not requested, the use of the service is based on our legitimate interest in ensuring the broadest possible visibility on social media platforms (Art. 6 (1) (f) GDPR).
If personal data is collected on our website and forwarded to Instagram through the use of the tool, we, along with Meta Platforms Ireland Limited, are jointly responsible for this data processing (Art. 26 GDPR). However, our joint responsibility is limited to the collection of the data and its transmission to Instagram. Any subsequent processing by Instagram is not part of this joint responsibility. The obligations incumbent on us jointly have been set out in a joint processing agreement. You can find the details of this agreement at: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing the privacy information when using the Instagram tool and for ensuring the secure integration of the tool on our website. Instagram is responsible for the security of Instagram products. You can assert your rights (e.g., requests for information) regarding the data processed by Instagram directly with Instagram. If you assert your rights with us, we are obligated to forward your request to Instagram.
The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum, https://privacycenter.instagram.com/policy/, and https://de-de.facebook.com/help/566994660333381.
More information is available from Instagram’s privacy policy: https://privacycenter.instagram.com/policy/.
The company has a certification according to the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA designed to ensure compliance with European data protection standards in the USA. Any company certified under the DPF agrees to comply with these data protection standards. More information is available from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000GnywAAC&status=Active.
This website uses elements of the LinkedIn network. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.
Each time you access a page on this website that contains LinkedIn elements, a connection is established to LinkedIn servers. LinkedIn is informed that you have visited this website using your IP address. If you click the LinkedIn “Recommend” button and are logged into your LinkedIn account, LinkedIn can associate your visit to this website with your user account.
We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or how LinkedIn uses it.
The use of the LinkedIn plugin is based on your consent (Art. 6 (1) (a) GDPR and § 25 TTDSG). Consent can be revoked at any time. If consent was not requested, the use of the service is based on our legitimate interest in ensuring the broadest possible visibility on social media platforms (Art. 6 (1) (f) GDPR).
The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.linkedin.com/help/linkedin/answer/62538/datenubertragung-aus-der-eu-dem-ewr-und-der-schweiz?lang=de
More information on data protection can be found in LinkedIn’s privacy policy: https://www.linkedin.com/legal/privacy-policy.
This website uses elements of the XING network. The provider is New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany.
Each time one of our pages containing XING elements is accessed, a connection is established to XING servers. To our knowledge, no personal data is stored in this process. In particular, no IP addresses are stored or user behavior analyzed.
The use of the XING plugin is based on your consent (Art. 6 (1) (a) GDPR and § 25 TTDSG). Consent can be revoked at any time. If consent was not requested, the use of the service is based on our legitimate interest in ensuring the broadest possible visibility on social media platforms (Art. 6 (1) (f) GDPR).
Further information on data protection and the XING Share button can be found in XING’s privacy policy at: https://www.xing.com/app/share?op=data_protection.
Analytics Tools and Advertising
Matomo (formerly Piwik)
This website uses the open-source web analytics service Matomo. Matomo uses technologies that enable cross-page recognition of the user to analyze user behavior (e.g., cookies or device fingerprinting). The information collected by Matomo about the use of this website is stored on our server. The IP address is anonymized before storage.
With Matomo, we are able to collect and analyze data about the use of our website by visitors. This allows us to understand when which page views occurred and from which region they came. We also collect various log files (e.g., IP address, referrer, browsers used, and operating systems) and can measure whether our website visitors perform certain actions (e.g., clicks, purchases, etc.).
The use of this analysis tool is based on Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in analyzing user behavior in an anonymized manner to optimize both its website and its advertising. If corresponding consent has been requested (e.g., consent to the storage of cookies), processing is carried out exclusively based on Art. 6 (1) (a) GDPR; consent can be revoked at any time.
Hosting
We host Matomo exclusively on our servers, so all analysis data remains with us and is not shared.
Google Tag Manager
We use Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Google Tag Manager is a tool that allows us to integrate tracking or statistics tools and other technologies on our website. The Google Tag Manager itself does not create user profiles, store cookies, or perform independent analysis. It is only used to manage and display the tools integrated through it. However, Google Tag Manager collects your IP address, which may also be transferred to the parent company of Google in the United States.
The use of Google Tag Manager is based on Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in the quick and uncomplicated integration and management of various tools on its website. If appropriate consent has been requested, processing is carried out exclusively based on Art. 6 (1) (a) GDPR and § 25 (1) TTDSG, insofar as the consent includes the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) within the meaning of the TTDSG. The consent can be revoked at any time.
The company has a certification according to the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA designed to ensure compliance with European data protection standards in the USA. Any company certified under the DPF agrees to comply with these data protection standards. More information is available from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active.
Google Analytics
This website uses features of the web analytics service Google Analytics. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Analytics allows the website operator to analyze the behavior of website visitors. The website operator receives various usage data, such as page views, time spent on the page, operating systems used, and the origin of the user. This data may be assigned to the respective device of the user. A direct assignment to a user ID does not take place.
Furthermore, Google Analytics allows us to record your mouse and scroll movements and clicks, among other things. Google Analytics uses various modeling approaches to supplement the collected data and uses machine learning technologies for data analysis.
Google Analytics uses technologies that allow for user recognition across pages to analyze user behavior (e.g., cookies or device fingerprinting). The information collected by Google about the use of this website is usually transferred to a server in the USA and stored there.
The use of this analysis tool is based on your consent (Art. 6 (1) (a) GDPR and § 25 (1) TTDSG). The consent can be revoked at any time.
The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.
The company has a certification according to the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA designed to ensure compliance with European data protection standards in the USA. Any company certified under the DPF agrees to comply with these data protection standards. More information is available from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active.
Browser Plugin
You can prevent Google from collecting and processing your data by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.
More information on how Google Analytics handles user data can be found in Google’s privacy policy: https://support.google.com/analytics/answer/6004245?hl=de.
Order Processing
We have entered into a contract for order processing with Google and fully implement the strict requirements of the German data protection authorities when using Google Analytics.
Google Ads
The website operator uses Google Ads. Google Ads is an online advertising program of Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Ads allows us to display ads in the Google search engine or on third-party websites when users enter certain search terms on Google (keyword targeting). Additionally, ads can be targeted based on user data that Google has (e.g., location data and interests) (audience targeting). We, as the website operator, can evaluate this data quantitatively by analyzing which search terms led to the display of our ads and how many ads resulted in clicks.
The use of this service is based on your consent (Art. 6 (1) (a) GDPR and § 25 (1) TTDSG). The consent can be revoked at any time.
The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://policies.google.com/privacy/frameworks and https://privacy.google.com/businesses/controllerterms/mccs/.
The company has a certification according to the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA designed to ensure compliance with European data protection standards in the USA. Any company certified under the DPF agrees to comply with these data protection standards. More information is available from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active.
Google Ads Remarketing
This website uses the features of Google Ads Remarketing. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
With Google Ads Remarketing, we can assign people who interact with our online offer to specific target groups to display interest-based advertising within the Google advertising network (remarketing or retargeting).
Furthermore, the advertising target groups created with Google Ads Remarketing can be linked with Google’s cross-device functions. This allows for personalized, interest-based advertising messages based on your previous usage and browsing behavior on one device (e.g., mobile phone) to be displayed on another of your devices (e.g., tablet or PC).
If you have a Google account, you can object to personalized advertising at the following link: https://www.google.com/settings/ads/onweb/.
The use of this service is based on your consent (Art. 6 (1) (a) GDPR and § 25 (1) TTDSG). The consent can be revoked at any time.
Further information and the privacy policy can be found in Google’s privacy policy: https://policies.google.com/technologies/ads?hl=de.
The company has a certification according to the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA designed to ensure compliance with European data protection standards in the USA. Any company certified under the DPF agrees to comply with these data protection standards. More information is available from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active.
Meta Pixel (formerly Facebook Pixel)
This website uses the visitor action pixel from Facebook/Meta for conversion tracking. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. According to Facebook, the collected data is also transferred to the USA and other third countries.
With the help of this tool, the behavior of site visitors can be tracked after they have been redirected to the provider’s website by clicking on a Facebook ad. This allows for an analysis of the effectiveness of Facebook ads for statistical and market research purposes and helps to optimize future advertising efforts.
The data collected is anonymous to us as the operators of this website, and we cannot draw any conclusions about the identity of users. However, Facebook stores and processes the data, enabling a connection to the respective user profile. Facebook may use the data for its own advertising purposes, in accordance with Facebook’s data usage policy. This allows Facebook to display ads on Facebook pages and outside of Facebook. This use of the data cannot be influenced by us as the site operator.
The use of the Meta Pixel is based on your consent (Art. 6 (1) (a) GDPR and § 25 TTDSG). Consent can be revoked at any time.
If personal data is collected on our website and forwarded to Facebook through the use of the tool, we, along with Meta Platforms Ireland Limited, are jointly responsible for this data processing (Art. 26 GDPR). However, our joint responsibility is limited to the collection of the data and its transmission to Facebook. Any subsequent processing by Facebook is not part of this joint responsibility. The obligations incumbent on us jointly have been set out in a joint processing agreement. You can find the details of this agreement at: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing the privacy information when using the Meta tool and for ensuring the secure integration of the tool on our website. Facebook is responsible for the security of Facebook products. You can assert your rights (e.g., requests for information) regarding the data processed by Facebook directly with Facebook. If you assert your rights with us, we are obligated to forward your request to Facebook.
The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381.
More information about protecting your privacy can be found in Facebook’s privacy policy: https://de-de.facebook.com/about/privacy/.
You can also deactivate the remarketing function “Custom Audiences” in the ad settings section at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. To do this, you must be logged into Facebook.
If you do not have a Facebook account, you can deactivate user-based advertising from Facebook on the website of the European Interactive Digital Advertising Alliance: http://www.youronlinechoices.com/de/praferenzmanagement/.
The company has a certification according to the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA designed to ensure compliance with European data protection standards in the USA. Any company certified under the DPF agrees to comply with these data protection standards. More information is available from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000GnywAAC&status=Active.
Instagram Plugin
This website integrates functions of the Instagram service. These functions are provided by Instagram Inc., 1601 Willow Road, Menlo Park, CA 94025, USA.
If you are logged into your Instagram account, you can link the content of this website to your Instagram profile by clicking the Instagram button. This allows Instagram to associate your visit to this website with your user account.
We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by Instagram.
The storage and analysis of the data are based on Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in ensuring the broadest possible visibility on social media platforms. If appropriate consent has been requested, processing is carried out exclusively based on Art. 6 (1) (a) GDPR; consent can be revoked at any time.
More information on how Instagram handles user data can be found in Instagram’s privacy policy: https://instagram.com/about/legal/privacy/.
Plugins and Tools
YouTube with Enhanced Privacy
This website embeds videos from YouTube. The operator of the pages is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
We use YouTube in enhanced privacy mode. According to YouTube, this mode means that YouTube does not store information about visitors on this website before they watch the video. However, enhanced privacy mode does not necessarily prevent data from being transferred to YouTube partners. For example, YouTube connects to the Google DoubleClick network regardless of whether you watch a video.
As soon as you start a YouTube video on this website, a connection to YouTube’s servers is established. The YouTube server is informed of which of our pages you have visited. If you are logged into your YouTube account, YouTube allows you to associate your browsing behavior directly with your personal profile. You can prevent this by logging out of your YouTube account.
Furthermore, after starting a YouTube video, YouTube may store various cookies on your device or use comparable recognition technologies (e.g., device fingerprinting). In this way, YouTube can collect information about visitors to this website. This information is used, among other things, to generate video statistics, improve user-friendliness, and prevent fraud attempts.
After starting a YouTube video, additional data processing operations may be triggered over which we have no control.
The use of YouTube is in the interest of an appealing presentation of our online offerings. This constitutes a legitimate interest within the meaning of Art. 6 (1) (f) GDPR. If appropriate consent has been requested, processing is carried out exclusively based on Art. 6 (1) (a) GDPR and § 25 (1) TTDSG, as far as the consent includes the storage of cookies or access to information on the user’s device (e.g., device fingerprinting). The consent can be revoked at any time.
Further information about data protection at YouTube can be found in their privacy policy at: https://policies.google.com/privacy?hl=de.
The company has a certification according to the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA designed to ensure compliance with European data protection standards in the USA. Any company certified under the DPF agrees to comply with these data protection standards. More information is available from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active.
Vimeo
This website uses plugins from the video portal Vimeo. The provider is Vimeo Inc., 555 West 18th Street, New York, New York 10011, USA.
When you visit one of our pages featuring a Vimeo video, a connection to Vimeo’s servers is established. The Vimeo server is informed about which of our pages you have visited. Vimeo also obtains your IP address. This applies even if you are not logged into Vimeo or do not have an account with Vimeo. The information collected by Vimeo is transferred to the Vimeo server in the USA.
If you are logged into your Vimeo account, Vimeo allows you to associate your browsing behavior directly with your personal profile. You can prevent this by logging out of your Vimeo account.
Vimeo uses cookies or similar recognition technologies (e.g., device fingerprinting) to recognize website visitors.
The use of Vimeo is in the interest of an appealing presentation of our online offers. This constitutes a legitimate interest pursuant to Art. 6 (1) (f) GDPR. If appropriate consent has been requested, processing is carried out exclusively based on Art. 6 (1) (a) GDPR and § 25 (1) TTDSG, insofar as the consent includes the storage of cookies or access to information on the user’s device (e.g., device fingerprinting). The consent can be revoked at any time.
The data transfer to the USA is based on the standard contractual clauses of the EU Commission, as well as Vimeo’s legitimate business interests. Details can be found here: https://vimeo.com/privacy.
For more information on how Vimeo handles user data, please refer to Vimeo’s privacy policy: https://vimeo.com/privacy.
Google Fonts (Local Hosting)
This site uses so-called Google Fonts, provided by Google, for the uniform display of fonts. The Google Fonts are installed locally. A connection to Google servers does not take place.
Further information on Google Fonts can be found at https://developers.google.com/fonts/faq and in Google’s privacy policy: https://policies.google.com/privacy?hl=de.
Google reCAPTCHA
We use “Google reCAPTCHA” (hereinafter “reCAPTCHA”) on this website. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
The purpose of reCAPTCHA is to check whether the data entered on this website (e.g., in a contact form) is provided by a human or by an automated program. To do this, reCAPTCHA analyzes the behavior of the website visitor based on various characteristics. This analysis starts automatically as soon as the website visitor enters the website. For analysis purposes, reCAPTCHA evaluates various information (e.g., IP address, time spent on the website, or mouse movements made by the user). The data collected during the analysis is forwarded to Google.
The reCAPTCHA analyses run entirely in the background. Website visitors are not informed that an analysis is taking place.
The storage and analysis of data are based on Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in protecting its web offers from abusive automated spying and from spam. If appropriate consent has been requested, processing is carried out exclusively based on Art. 6 (1) (a) GDPR and § 25 (1) TTDSG, insofar as the consent includes the storage of cookies or access to information on the user’s device (e.g., device fingerprinting). The consent can be revoked at any time.
Further information on Google reCAPTCHA and Google’s privacy policy can be found at the following links: https://policies.google.com/privacy?hl=de and https://policies.google.com/terms?hl=de.
The company has a certification according to the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA designed to ensure compliance with European data protection standards in the USA. Any company certified under the DPF agrees to comply with these data protection standards. More information is available from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active.
Google Maps
This site uses the Google Maps map service via an API. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
To use the functions of Google Maps, it is necessary to store your IP address. This information is usually transmitted to a Google server in the USA and stored there. The provider of this site has no influence on this data transmission.
The use of Google Maps is in the interest of providing an attractive presentation of our online offers and easy location of the places we indicate on the website. This constitutes a legitimate interest pursuant to Art. 6 (1) (f) GDPR.
More information on handling user data can be found in Google’s privacy policy: https://www.google.de/intl/de/policies/privacy/.
eCommerce and Payment Providers
Use of the Online Booking Tool DIRS21 by TourOnline AG
Our online presence uses the online booking tool DIRS21 (hereinafter “OBT”) provided by TourOnline AG, Borsigstraße 26, 73249 Wernau, Germany (www.dirs21.de, hereinafter “TOAG”). TOAG processes the data as the controller when using the OBT. The privacy notices and policies for the OBT can be found in the TOAG privacy policy for the OBT, which can be accessed within the OBT or viewed at www.dirs21.de/datenschutz.
Own Services
Handling of Applicant Data
We offer you the opportunity to apply to us (e.g., by email, postal mail, or via the online application form). In the following, we inform you about the scope, purpose, and use of your personal data collected as part of the application process. We assure you that the collection, processing, and use of your data will be carried out in accordance with applicable data protection law and all other statutory provisions, and that your data will be treated confidentially.
Scope and Purpose of Data Collection
If you send us an application, we process your associated personal data (e.g., contact and communication data, application documents, notes taken during interviews, etc.) to the extent necessary to decide on the establishment of an employment relationship. The legal basis for this is § 26 BDSG under German law (initiation of an employment relationship), Art. 6 (1) (b) GDPR (general contract initiation), and – if you have given consent – Art. 6 (1) (a) GDPR. Consent can be revoked at any time.
Your personal data will only be disclosed within our company to individuals involved in processing your application.
If the application is successful, the data you submitted will be stored in our data processing systems based on § 26 BDSG and Art. 6 (1) (b) GDPR for the purpose of conducting the employment relationship.
Retention Period of the Data
If we cannot offer you a position, you reject a job offer, or withdraw your application, we reserve the right to retain the data you have provided to us based on our legitimate interests (Art. 6 (1) (f) GDPR) for up to 6 months after the end of the application process (rejection or withdrawal of the application). Afterward, the data will be deleted, and the physical application documents will be destroyed. The retention serves in particular as evidence in the event of a legal dispute.
If it is evident that the data will be needed after the 6-month period (e.g., due to an impending or pending legal dispute), deletion will not take place until the purpose for further retention no longer applies.
A longer retention may also occur if you have given consent (Art. 6 (1) (a) GDPR) or if legal retention obligations prevent deletion.