Privacy policy

1. introduction

This website is operated by: FKF Hotel Wernigerode GmbH.

It is very important to us to treat the data of our website visitors with trust and to protect it in the best possible way. For this reason, we make every effort to comply with the requirements of the GDPR. In the following, we explain how we process your data on our website. We use language that is as clear and transparent as possible so that you really understand what happens to your data.

2. general information

2.1 Processing of personal data and other terms

Data protection applies to the processing of personal data. Personal data means all data with which you can be personally identified. This is, for example, the IP address of the device (PC, laptop, smartphone, etc.) you are currently using. Such data is processed when 'something happens to it'. Here, for example, the IP is transmitted from the browser to our provider and automatically stored there. This is then a processing (according to Art. 4 No. 2 GDPR) of personal data (according to Art. 4 No. 1 GDPR).

These and other legal definitions can be found in Art. 4 GDPR.

2.2 Applicable regulations/laws – GDPR, BDSG, and TDDDG

The scope of data protection is regulated by law. In this case, these are the GDPR (General Data Protection Regulation) as a European regulation and the BDSG (Federal Data Protection Act) as a national law.

In addition, the TDDDG supplements the provisions of the GDPR as far as the use of cookies is concerned.

2.3 The controller

The controller within the meaning of the GDPR is responsible for data processing on this website. This is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.

You can reach the person responsible at:

FKF Hotel Wernigerode GmbH

HKK Hotel Wernigerode ****

41 Parish Street

38855 Wernigerode

datenschutz@hkk-wr.de

2.4 This is how data is generally processed on this website

As we have already stated, there is data (e.g., IP address) that is collected automatically. This data is primarily required for the technical provision of the website. If we use personal data beyond this or collect other data, we will inform you of this or ask for your consent.

You provide us with other personal data consciously. 

You will find detailed information on this below.

2.5 Your rights

The GDPR provides you with comprehensive rights. These include, for example, free information about the origin, recipient and purpose of your stored personal data. You can also request the rectification, blocking or erasure of this data or lodge a complaint with the competent data protection supervisory authority. You can revoke your consent at any time.

The details of these rights and how to exercise them can be found in the last section of this privacy policy.

2.6 Data protection – Our view

Data protection is more than just a chore for us! Personal data has great value and careful handling of this data should be a matter of course in our digitalized world. As a website visitor, you should also be able to decide for yourself what "happens" to your data, when and by whom. That is why we are committed to complying with all legal regulations, only collect the data we need and, of course, treat it confidentially. 

2.7 Disclosure and deletion

The transfer and deletion of data are also important and sensitive issues. We would therefore like to briefly inform you in advance about our general approach to this.

Data will only be passed on on the basis of a legal basis and only if this is unavoidable. This may be the case in particular if it is a so-called processor and an order processing contract has been concluded in accordance with Art. 28 GDPR.

We delete your data when the purpose and legal basis for processing no longer apply and the deletion does not conflict with any other legal obligations. Art. 17 GDPR also provides a 'good' overview of this.

For further information, please refer to this privacy policy and contact the controller if you have any specific questions.

2.8 Hosting

This website is hosted externally. The personal data collected on this website is stored on the host's servers. This includes automatically collected and stored log files (see below for more details) as well as all other data provided by website visitors. 

External hosting is carried out for the purpose of providing our website in a secure, fast, and reliable manner and, in this context, serves to fulfill our contractual obligations to our potential and existing customers.

The legal basis for processing is Art. 6 (1) (a), (b), and (f) GDPR, as well as § 25 (1) TDDDG, insofar as consent includes the storage of cookies or access to information on the end device of the website visitor or user within the meaning of the TDDDG.

Our hoster only processes data that is necessary to fulfill its performance obligations and acts as our processor, i.e. it is subject to our instructions. We have concluded a corresponding contract for order processing with our hoster.

We use the following hoster:

Hetzner

Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany.

info@hetzner.com 

https://www.hetzner.com/de/rechtliches/datenschutz

2.9 Legal basis

The processing of personal data always requires a legal basis. The GDPR provides the following options in Art. 6 para. 1 sentence 1:

a) The data subject has given consent to the processing of his or her personal data for one or more specific purposes;

b) processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;

c) processing is necessary for compliance with a legal obligation to which the controller is subject;

d) processing is necessary to protect the vital interests of the data subject or another natural person;

e) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

f) processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

In the following sections, we will provide you with the specific legal basis for the respective processing.

3. This happens on our website 

When you visit our website, we process your personal data.

In order to protect this data as effectively as possible against unauthorized access by third parties, we use SSL or TLS encryption. You can recognize this encrypted connection by the fact that https:// or a lock symbol is displayed in the address bar of your browser.

Below you can find out what data is collected when you visit our website, for what purpose this is done and on what legal basis.

3.1 Data collection when accessing the website

When you visit the website, information is automatically stored in so-called server log files. This is the following information:

• Browser type and browser version

• Operating system used

• Referrer URL

• Host name of the accessing computer

• Time of the server request

• IP address

This data is required temporarily in order to be able to display our website to you permanently and without any problems. In particular, this data is used for the following purposes:

• Website system security

• System stability of the website

• Troubleshooting on the website

• Establishing a connection to the website

• Website presentation

Data processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR and is based on our legitimate interest in the processing of this data, in particular our interest in the functionality of the website and its security.

Where possible, this data is stored in pseudonymized form and deleted once the respective purpose has been achieved. 

If the server log files make it possible to identify the data subject, the data is stored for a maximum period of 14 days. An exception is made if a security-relevant event occurs. In this case, the server log files are stored until the security-relevant event has been resolved and finally clarified. 

Otherwise, no merging with other data takes place. 

3.2 Cookies

3.2.1 General

This website uses so-called cookies. This is a data record, information that is stored in the browser of your end device and is related to our website. 

Setting cookies can make it easier for visitors to navigate the website. Our cookie consent tool provides you with all the information about the cookies we use on our website (with your consent, where applicable).

3.2.2 Rejecting cookies

You can manage all cookies that are not technically necessary directly via our cookie consent tool. 

You can prevent cookies from being set by adjusting your browser settings.

Here you will find the corresponding links to frequently used browsers:

Mozilla Firefox: https://support.mozilla.org/de/kb/cookies-und-website-daten-in-firefox-loschen?redirectslug=Cookies+l%C3%B6schen&redirectlocale=en

Google Chrome: https://support.google.com/chrome/answer/95647?co=GENIE.Platform%3DDesktop&hl=de

Microsoft Edge: https://support.microsoft.com/de-de/windows/l%C3%B6schen-und-verwalten-von-cookies-168dab11-0753-043d-7c16-ede5947fc64d

Safari:https://support.apple.com/de-de/guide/mdm/mdmf7d5714d4/web and https://support.apple.com/de-de/guide/safari/sfri11471/mac

If you use a different browser, we recommend entering the name of your browser and "delete and manage cookies" into a search engine and following the official link to your browser.

Alternatively, you can also change your cookie settings at www.aboutads.info/choices/. 

or manage www.youronlinechoices.com.

However, we must point out that a comprehensive blocking/deletion of cookies can lead to impairments in the use of the website.

3.2.3 Technically necessary cookies

We use technically necessary cookies on this website to ensure that our website functions correctly and in accordance with the applicable laws. They help to make the website user-friendly. Some functions of our website cannot be displayed without the use of cookies.

The legal basis for this is Art. 6 para. 1 lit. b, c and/or f GDPR, depending on the individual case. 

3.2.4 Cookies that are not technically necessary

We also use cookies on our website that are not technically necessary. These cookies are used, among other things, to analyze the surfing behavior of website visitors or to offer website functions that are not technically necessary.

The legal basis for this is your consent pursuant to Art. 6 para. 1 lit. a GDPR. 

Technically unnecessary cookies are only set with your consent, which you can revoke at any time in the cookie consent tool.

3.3 Data processing through user input

3.3.1 Own data collection

We offer the following (service) on our website: Booking hotel rooms via vioma booking (see also section on additional services).

We collect the following data for this purpose: 

Name

E-mail address

Address

Phone number

The legal basis for this data processing is Art. 6 para. 1 lit. b GDPR.

The data will be deleted as soon as the respective purpose no longer applies and it is possible in accordance with the legal requirements.

3.3.2 Establishing contact

a) Email

If you contact us by email, we will process your email address and, if applicable, other data contained in the email. This data is stored on the mail server and, in some cases, on the respective end devices. Depending on the matter at hand, the legal basis for this is generally Art. 6 (1) (f) GDPR or Art. 6 (1) (b) GDPR. The data will be deleted as soon as the respective purpose no longer applies and it is possible to do so in accordance with legal requirements. 

b) Telephone

If you contact us by telephone, the call data may be stored in pseudonymized form on the respective end device and with the telecommunications provider used. Personal data collected during the telephone call will only be processed in order to process your request. Depending on the request, the legal basis for this is regularly Art. 6 para. 1 lit. f GDPR or Art. 6 para. 1 lit. b GDPR. The data will be deleted as soon as the respective purpose no longer applies and it is possible in accordance with the legal requirements. 

c) Chat

LiveChat

We use the LiveChat service. This service is provided by Text S.A., ul. Zwycięska 47, 53-033 Wrocław, Poland. LiveChat allows us to communicate with website visitors in real time, answer questions, and provide support.

The data processed in this context includes names, email addresses, IP addresses and the content of chat messages. This data is used to respond to inquiries, to improve our customer service and to analyze the use of our live chat.

LiveChat stores the data on servers worldwide and can set cookies for data collection and storage. These cookies are only set with consent. This consent can be revoked at any time in our cookie consent tool. The legal basis for the use of cookies is Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG, insofar as this consent includes access to information in the user's terminal device or the storage of cookies within the meaning of the TDDDG.

We have a legitimate interest in using this tool to optimize our customer service, which is covered by Art. 6 para. 1 lit. f GDPR.

The data will be deleted as soon as it is no longer required for the purpose for which it was collected. Mandatory statutory provisions on retention periods remain unaffected.

The EU Commission's Standard Contractual Clauses (SCC) apply to data transfers to the USA.

Further information:

https://www.livechat.com/legal/privacy-policy

3.4 Cookie consent tool

3.4.1 Borlabs Cookie

We use the Borlabs Cookie consent management tool from Borlabs GmbH, Rübenkamp 32, 22305 Hamburg, Germany, to ensure that only those cookies are set on our website for which there is a legal basis. 

This service is used to obtain the website visitor's consent to the storage of certain cookies in their browser or the use of certain technologies and to document them in accordance with data protection regulations. 

When this website is accessed, the consent given by the website visitor or the revocation of consent is stored as a Borlabs cookie in the website visitor's browser without forwarding this data to the Borlabs cookie provider. 

The data collected will be stored until the website visitor requests us to delete it or deletes Borlabs cookies himself or until the purpose for storing the data no longer applies. The mandatory statutory retention periods remain unaffected by this. 

The legal basis is Art. 6 para. 1 lit. c GDPR. Borlabs Cookies is used to obtain the legally required consent for the use of cookies. 

Further details:

https://de.borlabs.io/kb/welche-daten-speichert-borlabs-cookie/

3.5 Analysis and tracking tools

3.5.1 Google Tag Manager

We use Google Tag Manager on this website. Google Tag Manager is a web analytics service. This service is provided by Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland. 

Google Tag Manager does not store cookies or perform its own analysis. It is used solely to manage the tools integrated via it. However, the IP address of the website visitor is recorded and may be transferred to Google's parent company in the USA. 

The legal basis for processing is Art. 6 (1) (f) GDPR. We have a legitimate interest in integrating and managing various tools on our website in an uncomplicated manner. 

Further details:

https://policies.google.com/privacy?hl=en

3.5.2 Meta pixels

We use Meta Pixel on this website. Meta Pixel is a conversion tracking tool. This service is provided by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. 

Meta Pixel enables us to track the behavior of website visitors after they have been redirected to the website via a Facebook advertisement.

Meta-Pixel uses cookies for its own advertising purposes. The data is stored and processed by Facebook so that a connection to the respective user profile can be established. 

The collected data is also transferred to the USA and other third countries.

The EU Commission's Standard Contractual Clauses (SCC) apply to data transfers to the USA.

The legal basis for the processing is Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. Consent can be revoked at any time.

If personal data is collected on this website using Meta pixels and forwarded to Facebook, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, are jointly responsible for data processing in accordance with Art. 26 GDPR. This joint responsibility is limited exclusively to the collection and transfer of data to Facebook. There is an agreement on joint processing for this purpose:

https://www.facebook.com/legal/controller_addendum

We are responsible for providing data protection information when using the Facebook tool and for ensuring that the tool is integrated into the relevant website in a manner that complies with data protection laws. Facebook, on the other hand, is responsible for the data security of its products. It follows from this that data subjects' rights with regard to the data processed by Facebook must be asserted directly with Facebook. 

Further details:

https://de-de.facebook.com/about/privacy

https://www.facebook.com/ads/preferences/?entry_product=ad_settings_scrnen

http://www.youronlinechoices.com/de/praferenzmanagement/

https://www.facebook.com/legal/EU_data_transfer_addendum

https://de-de.facebook.com/help/566994660333381

3.5.3 WP Statistics

We use WP Statistics on this website. WP Statistic is a web analysis service. This service is provided by Veronalabs, Tatari 64, 10134, Tallinn, Estonia.

With the help of WP Statistics, we can analyze the use of our website. For this purpose, log files and actions of the website visitor on the page are recorded. The IP address recorded in the process is shortened so that it can no longer be directly assigned to a user. The data collected is stored exclusively on our server.

The legal basis for the processing is Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in analyzing user behavior on our website in order to optimize our website and our advertising.

3.5.4 Google Search Console

We integrate the Google Search Console service, operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, into our website. Google Search Console is a service that enables us to monitor the indexing status of our website and optimize its visibility in Google search results. 

Various data is processed, including information on website performance, clicks, visits, and technical errors that occur on the website. The purpose of data processing is to improve search engine optimization (SEO), analyze the technical performance of the website, and fix errors. 

The legal basis for data processing is Art. 6 para. 1 lit. f GDPR, as we have a legitimate interest in optimizing our website in search results and ensuring its functionality. 

Google Search Console does not set cookies on our website. However, data may be transferred to third countries, in particular to the USA, as Google operates servers worldwide. The EU Commission's Standard Contractual Clauses (SCCs) are used to ensure an adequate level of data protection.

The data will be stored for as long as it is necessary for the respective processing purpose or until the user requests deletion. 

Further information on data processing can be found at: https://policies.google.com/privacy

3.5.5 Jetpack Stats

We use the statistics function of Jetpack, a service provided by Automattic Inc., 60 29th Street #343, San Francisco, CA 94110, USA, on our website.

This feature allows us to analyze visitor numbers and behavior in order to optimize our website. Personal data such as IP address, WordPress.com user ID (if logged in), username, user agent, URL visited, referrer, timestamp, browser language, and country code are collected. 

The purpose of data processing is to analyze user behavior in order to improve our offering. The legal basis for processing is Art. 6 (1) (f) GDPR, as we have a legitimate interest in optimizing our website. 

Jetpack sets cookies to ensure the functionality of statistics and to improve the user experience. These cookies are only set with consent and can be revoked at any time. The legal basis for this is Art. 6 (1) (a) GDPR. 

Since Jetpack is provided by a US company, personal data may be transferred to the US. The transfer is based on standard contractual clauses of the EU Commission to ensure an adequate level of data protection. 

The data will be stored for as long as necessary to fulfill the purpose or as required by statutory retention periods. Further information on data processing can be found at: https://jetpack.com/support/wordpress-com-stats/

3.6 Social media profiles

In addition to our website, our company is also present on social networks. Here,

we want to present our company and create an opportunity to get in touch with us.

We also use the opportunity to place advertisements and job advertisements on social media.

Below, we provide information about what data we and the respective social network collect when you visit and

processing interactions with our profile.

3.6.1 LinkedIn

We operate a LinkedIn profile at https://www.linkedin.com/. This social network is operated by LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA.

a) Interaction with our company profile

When you visit our LinkedIn profile and interact with us via it, we process

Personal data. On the one hand, the data made publicly available on the profile. On the other hand, the personal data contained in posts, comments, or direct messages to us. Through interactions such as liking or sharing, we can see the user profile with the public information.

The legal basis for this processing is Art. 6 (1) (f) GDPR. It is in our legitimate interest to process this data.

Interest in providing relevant and interesting content and enabling the use and functionality of our LinkedIn profile

Insofar as a request is related to the fulfillment of a contract or is necessary for the implementation of pre-contractual

Where measures are necessary, our processing is based on Art. 6(1)(b) GDPR.

b) Page Insights

LinkedIn provides us with aggregated statistics and insights (known as Page Insights) that give us information about how people interact with our company page. Among other things, we receive information about the number of profiles that view, comment on, or otherwise interact with our posts, as well as aggregated demographic and other information that helps us learn about interactions with our page or LinkedIn profile. Page Insights provided to us by LinkedIn consist of aggregated data, and LinkedIn does not provide us with any personal data about members in relation to Page Insights. We also have no way of linking Page Insights to individual members.

When placing ads, LinkedIn provides us with information about the types of people who see our ads and about the success of our ads. Personal data is only passed on to us if this person has consented to such processing. We also receive information from LinkedIn that allows us to understand which of our ads led to a purchase being made or an action being taken.

The purpose of processing this data is to analyze our reach and to adapt our content and advertisements to user interests. By evaluating this data, we can recognize how our content, our profile and our advertising are consumed. This enables us to create target group-specific content and place advertisements in order to better market our company and our services.

The processing is based on our legitimate interest pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR.

When processing personal data in the course of so-called Page Insights, the processing is carried out in joint responsibility with LinkedIn in accordance with Art. 26 (1) GDPR. 

To this end, we have entered into a corresponding agreement with LinkedIn, which can be viewed here (https://legal.linkedin.com/pages-joint-controller-addendum).

The contact details of LinkedIn are:

LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland.

For LinkedIn, you can contact the data protection officer at the following link:

https://www.linkedin.com/help/linkedin/ask/TSO-DPO

3.6.2 Processing by LinkedIn

In connection with your visit to our company profile, LinkedIn may also process personal data beyond this. In this case, the processing is carried out under the sole responsibility of LinkedIn and without our knowledge. You can find more information from LinkedIn on this subject at: 

https://de.linkedin.com/legal/privacy-policy?trk=%7Berror-page%7D-privacy-policy

3.6.3 Facebook

We operate a Facebook fan page on https://www.facebook.com/. This social network is operated by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

a) Interaction with our company profile

When you visit our Facebook profile and interact with us via this channel, we process personal data. This includes data that is publicly available on the profile, as well as personal data contained in posts, comments, or direct messages sent to us. Interactions such as likes or shares allow us to view the user profile with public information.

The legal basis for this processing is Art. 6 (1) lit. f GDPR. It is in our legitimate interest to provide relevant and interesting content and to enable the use and functionality of our Facebook profile.

Insofar as an inquiry is related to the fulfillment of a contract or is necessary for the implementation of pre-contractual measures, our processing is based on Art. 6 para. 1 lit. b GDPR.

b) Page Insights

As explained in the Meta Privacy Policy under "How do we use your information?" (Meta also collects and uses information to provide analytics services, known as Page Insights, for site operators. This also applies to our Facebook page. 

Page insights are summarized statistics that are created based on certain interactions of visitors with pages and the content associated with them (e.g. viewing a page or a video, subscribing to a page, marking a page with "Like" or "No longer like", etc.) and are logged by the meta servers. 

Meta provides us with summarized statistics and insights in connection with Page Insights, which give us information about how people interact with our company page. We do not have access to personal data, only to the summarized Page Insights. With the help of Page Insights, we can view anonymous statistics, e.g., the reach of our account, page views, likes, etc. These also include evaluations based on the age, gender, and location of users (as specified by them in their respective Facebook profiles). To evaluate the reach, we can adjust settings or set appropriate filters with regard to the selection of a time period, the viewing of a specific post, and demographic groupings. This data is anonymized. We are unable to draw conclusions about specific individuals.

The purpose of processing this data is to analyze our reach and adapt our content and advertisements to user interests so that visitors can derive the greatest possible benefit from them. By evaluating this data, we can recognize how our content, our profile and our advertising are consumed. This enables us to create target group-specific content and place advertisements to better market our company and our services.

The processing is based on our legitimate interest pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR.

When processing personal data in the course of the so-called Page Insights, we are jointly responsible with Facebook in accordance with Art. 26 para. 1 GDPR. 

To this end, we have entered into a corresponding agreement with Facebook, which can be viewed here (https://www.facebook.com/legal/terms/page_controller_addendum).

The contact details for Facebook are:

Online contact: https://www.facebook.com/help/contact/1650115808681298

Postal: Meta Platforms Ireland Limited, ATTN: Privacy Operations, Merrion Road, Dublin 4, D04 X2K5, Ireland.

For Facebook, you can contact the data protection officer at the following link:

https://www.facebook.com/help/contact/540977946302970.

Further information about the Page Insights:

https://de-de.facebook.com/legal/terms/page_cntroller_addendum

c) Processing of personal data and cookies by Meta

When you access a Facebook page, the IP address assigned to your device is transmitted to Facebook. According to Facebook, this IP address is anonymized (in the case of "German" IP addresses). Facebook also stores information about its users' devices (e.g., as part of the "login notification" function); this may enable Facebook to assign IP addresses to individual users. If you are currently logged in to Facebook as a user, a cookie with your Facebook ID is stored on your device. This enables Facebook to track that you have visited this page and how you have used it. Facebook buttons embedded in websites enable Facebook to record your visits to these websites and assign them to your Facebook profile. This data can be used to tailor content or advertising to you.

Information on how personal data can be managed or deleted can be found in Facebook's Privacy Center:

https://www.facebook.com/privacy/center

Further information on the handling of data by Facebook can be found here:

http://de-de.facebook.com/about/privacy

3.6.4 Instagram

We operate an Instagram profile. This social media platform is provided by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

a) Interaction with our company profile

When you visit our Instagram profile and interact with us, we process personal data. On the one hand, the data made publicly available on the profile. On the other hand, we also process the personal data contained in posts, comments or direct messages to us. Through interactions such as liking or sharing, we can see the user profile with the public information.

The legal basis for this processing is Art. 6 para. 1 lit. f GDPR. It is in our legitimate interest to provide relevant and interesting content and to enable the use and functionality of our Instagram profile.

Insofar as an inquiry is related to the fulfillment of a contract or is necessary for the implementation of pre-contractual measures, our processing is based on Art. 6 para. 1 lit. b GDPR.

b) Insights 

As explained in the Meta Privacy Policy under "How do we use your information?" (https://privacycenter.instagram.com/policy/?entry_point=ig_help_center_data_policy_redirect), Meta also collects and uses information to provide analytics services, known as insights, for site operators. This also applies to our Instagram profile. 

The insights are summarized statistics that are created based on certain interactions of visitors with pages and the content associated with them and are logged by the meta servers. This includes the following information, among others

• How many people see and interact with our products, services, or content, including posts, videos, Instagram pages, listings, shops, and advertisements (when the advertisement is shown on Meta products);

• How people interact with our content, websites, apps, and services;

• Which group of people interacts with our content or which group of people uses our services.

Meta provides us with summarized reports and insights that tell us how well our content, features, products and services are performing. 

We do not have access to personal data, but only to the summarized reports. 

To evaluate the reach, we can make settings or set appropriate filters with regard to the selection of a time period, the viewing of a specific post and demographic groupings. This data is anonymized. It is not possible for us to draw conclusions about specific individuals. 

The purpose of processing this data is to analyze our reach and adapt our content and advertisements to user interests so that visitors can derive the greatest possible benefit from them. By evaluating this data, we can recognize how our content, our profile and our advertising are consumed. This enables us to create target group-specific content and place advertisements to better market our company and our services.

The processing is based on our legitimate interest pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR.

When processing personal data in the course of so-called insights, the processing is carried out under joint responsibility with Meta in accordance with Art. 26 para. 1 GDPR. 

To this end, we have entered into a corresponding agreement with Meta, which can be viewed here (https://www.facebook.com/legal/terms/page_controller_addendum).

Meta's contact details are as follows:

Online contact: https://www.facebook.com/help/contact/1650115808681298

Postal: Meta Platforms Ireland Limited, ATTN: Privacy Operations, Merrion Road, Dublin 4, D04 X2K5, Ireland.

For Instagram, you can contact the data protection officer at the following link:

https://www.facebook.com/help/contact/540977946302970.

Further information about the Insights:

https://de-de.facebook.com/help/pages/insights

You can find Instagram's full privacy policy here: 

https://privacycenter.instagram.com/policy/?entry_point=ig_help_center_data_policy_redirect

Processing of personal data and cookies by Meta

When you access an Instagram page, the IP address assigned to your device is transmitted to Meta. According to Meta, this IP address is anonymized (for "German" IP addresses). Meta also stores information about its users' devices (e.g., as part of the "login notification" feature); this may enable Meta to assign IP addresses to individual users. If you are currently logged in to Instagram as a user, a cookie with your Instagram ID is stored on your device. This enables Meta to track that you have visited this page and how you have used it. Meta buttons embedded in websites enable Meta to record your visits to these websites and assign them to your Instagram profile. This data can be used to tailor content or advertising to you.

Further information: 

https://privacycenter.instagram.com/policy/?entry_point=ig_help_center_data_policy_redirect

3.6.5 Google Business Profile

We have a so-called Google company profile. We use the information service offered by Google and the services of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").

a) Data processing by Google 

The Google page and its functions are used under your own responsibility. This applies in particular to the use of social and interactive functions (e.g. commenting, sharing, rating, direct messages). When you visit and interact with our Google company profile entry, Google also collects your IP address and other information that is stored on your device in the form of cookies. This may enable Google to assign IP addresses to individual users or user accounts. This information is used to provide us, as the operator of the Google company profile entry, with statistical information about the use of Google services. The data collected in this context is processed by Google and may be transferred to countries outside the European Union. What information Google receives and how it is used is generally described by Google in its privacy policy. 

If you contact us via our Google company profile entry or other Google services by direct message, we cannot rule out the possibility that these messages may also be read and analyzed by Google (both by employees and automatically). We therefore advise against providing us with personal data. Instead, another form of communication should be chosen as early as possible. 

The use of this service is subject to the Google Privacy Policy, which you - by using it - have already agreed to.

Further information can be found in the privacy policy at the following link:

https://policies.google.com/privacy?hl=de

b) Data processing by us 

As the provider of our Google company profile entry, we do not collect and process any further data from the use of this Google service.

If you contact us or publish a review about us, we process your published profile data and the content of the review/comment.

The legal basis is Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in presenting our company and enabling the evaluation of our services in order to present our company and our services to the outside world.

3.7 Third-party content

3.7.1 Gravity Forms

We use the Gravity Forms plugin on our website to create contact forms. The provider is Rocketgenius Inc. If you send us inquiries via the form, your details from the inquiry form, including the contact details you provided there, will be stored by us for the purpose of processing the inquiry and in case of follow-up questions. The data is processed on the basis of your consent (Art. 6 (1) (a) GDPR). You can revoke this consent at any time. The data will remain with us until you request us to delete it or the purpose of data storage no longer applies.

Details on how your data is handled can be found here:

https://www.gravityforms.com/privacy/

3.7.2 Google Fonts

We have integrated Google Fonts locally on our server. This means that no data is transferred to Google, despite its use.

3.7.3 ManageWP

We use ManageWP on this website. ManageWP is a tool used to manage websites. This service is provided by GoDaddy.com WP Europe, Trg republike 5, 11000 Belgrade, Serbia.

ManageWP is a service that allows us to manage multiple WordPress sites from a central dashboard. With this tool, we can perform updates, backups, security checks, etc. in one place. It is especially helpful for efficiently managing our websites. 

The use of ManageWP may result in the transfer of data to ManageWP. This does not typically involve the direct collection of data from visitors by ManageWP, as the services provided by ManageWP primarily take place between us and ManageWP.

Legal basis for processing: Art. 6(1)(f) GDPR. We have a legitimate interest in making our website as secure as possible. 

3.7.4 Weglot

We use the Weglot service of the company WEGLOT, 7 cité Paradis in Paris (75010), France, on our website.

This is a service that can translate, display and manage a multilingual website. Weglot has automatic content recognition. It scans and recognizes the texts, images and SEO metadata of the website and thus replaces the manual collection of website content for translation.

The legal basis for the processing of data by Weglot is Art. 6 para. 1 lit. f GDPR, based on our legitimate interest in making our website accessible to an international audience. The data transmitted is primarily our URL and the IP address of the website visitor. 

The data processed by Weglot will be deleted as soon as they are no longer required for the purpose of their processing and there are no legal obligations to retain them.

Further information:

https://www.weglot.com/de/privacy

3.7.5 Jetpack

We use the functions of Jetpack. This service is offered by Automattic Inc, 60 29th Street #343, San Francisco, CA 94110, USA.

Jetpack is a WordPress plugin that provides security, performance optimization and website management features, including automatic backups, brute force protection, malware scanning and speed optimization. It also supports website growth through SEO tools, statistics, automated social media posts and advertising options to increase traffic and revenue.

Personal data is also collected, stored and processed. For the Jetpack tool to work, Jetpack sets cookies when a website is opened that has components of the tool built in. The collected data is synchronized with Automattic and stored there. In addition to the anonymized IP address and data on user behaviour, this includes, for example, browser type, unique device identifier, preferred language, data and time of the page view, operating system and, if applicable, information on the mobile network.

This only happens with consent. Consent can be revoked at any time. The legal basis for this is Art. 6 (1) (a) GDPR.

Otherwise, the legal basis for the processing of personal data is Art. 6 (1) lit. f GDPR. We have a legitimate interest in designing our website to be powerful and optimizing its functionality.

The EU Commission's Standard Contractual Clauses (SCC) apply to data transfers to the USA. 

Further information:

https://jetpack.com/de/support/cookies

3.7.6 YOAST SEO

We integrate the functions of YOAST SEO into our website. This service is provided by Yoast B.V., Don Emanuelstraat 3, 6602GX Wijchen, Netherlands.

The visibility of websites in search engines can be optimized with the help of an SEO tool.

The Yoast SEO WordPress plugin does not process any personal data.

Further information:

https://yoast.com/help/gdpr

3.8 Audio and video conferences

3.8.1 Microsoft Teams

We use Microsoft Teams to communicate with customers. Microsoft Teams is an online conferencing tool. This service is provided by Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland.

When communicating with this tool via video or audio conferences, personal data is processed by us and the tool provider. The data collected includes all information that you provide when using the tool.  In addition, metadata relating to the conference is processed. Furthermore, technical information required for the functioning of online communication is processed. In addition, all files shared within the tool are stored on the tool provider's servers.

Microsoft Teams may also set cookies. These cookies are only set with consent. This consent can be revoked at any time. The legal basis for this is Art. 6 (1) (a) GDPR.

Incidentally, the legal basis for the processing of data by Microsoft Teams is Art. 6 (1) (b) GDPR. Communication is related to the performance of a contract or is necessary for the performance of pre-contractual obligations. Furthermore, this tool is used to simplify communication with our company. This constitutes a legitimate interest within the meaning of Art. 6 (1) (f) GDPR. 

This data is stored until the data subject requests its deletion, the consent for storage is revoked or the purpose for storage no longer applies. Cookies remain on the end device until the user deletes them. Mandatory statutory provisions on retention periods remain unaffected.

Further details:

https://privacy.microsoft.com/de-de/privacystatement

3.9 Data transfer to providers on our platform

When you use our platform to purchase services or products, we pass on certain personal data to the providers (e.g., service providers, sellers) to enable them to perform the relevant services. This data transfer is necessary to enable the providers to perform their services or deliver their products.

In doing so, we may pass on the user's name for identification purposes, contact details for queries or problems, the address for the provision of services or delivery of products, order details for the transmission of details of the requested service or ordered products, and, if necessary, payment information for processing the payment (this is usually encrypted and in accordance with applicable security standards) to the providers.

The legal basis for data transfer is Art. 6 (1) (b) GDPR, as it is necessary for the fulfillment of the contractual relationship between you and the provider.

The providers are obliged to use the transmitted data exclusively for the purpose of processing the requested services or deliveries and to protect the data in accordance with the applicable data protection laws. They are direct contractual partners and therefore bear their own responsibility for the processing of personal data. If you have any questions about their data processing, you can contact the provider directly.

3.10 Services for processing orders

3.10.1 Vioma Booking

We use the vioma BOOKING system on our website. vioma BOOKING is an online booking platform that allows hotel rooms and offers to be booked directly via the website. The service is provided by vioma GmbH, Industriestraße 27, 77656 Offenburg, Germany.

When using vioma BOOKING, various personal data is processed, including name, contact information, booking details, payment information, and technical data such as IP addresses and browser details.

Data processing is carried out for the purpose of processing bookings, payment processes, and improving the booking experience.

The legal basis for data processing is Art. 6 (1) (b) GDPR, as processing is necessary for the performance of a contract, and Art. 6 (1) (f) GDPR, as there is a legitimate interest in optimizing our booking processes.

vioma BOOKING uses functional cookies that are necessary for the proper provision of services. These cookies are set based on Art. 6 (1) (f) GDPR, as there is a legitimate interest in ensuring a functional website. Additional cookies, such as analytics or marketing cookies, are only set with consent, based on Art. 6 (1) (a) GDPR.

No data is transferred to third countries, as the data is processed within the EU.

The data will be stored until the purpose of storage no longer applies or deletion is requested. Mandatory statutory retention periods remain unaffected.

Further information on data processing can be found here:

https://www.vioma.de/de/company/datenschutzhinweise

3.11 CRM systems

3.11.1 ASA Hotel

We use ASA Hotel software to manage our customer and guest data. ASA Hotel is a PMS system that enables customer data to be stored and managed for the purpose of contract fulfillment. The service is provided by ASA des Spitaler Gerhard & Co. KG, Gand 14, I-39052 Kaltern an der Südtiroler Weinstraße (BZ).

When using ASA Hotel, various personal data is processed, including name, contact information, booking details, payment information, and technical data such as IP addresses and browser details.

Data processing is carried out for the purpose of processing bookings, payment processes, and improving the booking experience.

The legal basis for data processing is Art. 6 (1) (b) GDPR, as processing is necessary for the performance of a contract, and Art. 6 (1) (f) GDPR, as there is a legitimate interest in optimizing our booking processes.

No data is transferred to third countries, as the data is processed within the EU.

The data will be stored until the purpose of storage no longer applies or deletion is requested. Mandatory statutory retention periods remain unaffected.

Further information on data processing can be found here:

https://www.asahotel.com/datenschutz and https://www.asahotel.com

3.12 Cloud backups

We use cloud backup functions on our website to protect the data and content of the website from data loss, corruption, or security incidents. This ensures that in the event of a server failure, hacker attack, or other unforeseen events, the website can be quickly and completely restored. 

If personal data is stored on our website, it is transferred to the servers of the respective provider during backups.

The legal basis for data processing is Art. 6 para. 1 lit. f GDPR, as we have a legitimate interest in securing our data.

We use the following cloud backup service:

Hetzner

Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany

https://www.hetzner.com/legal/privacy-policy

4. Other important information

Finally, we would like to inform you in detail about your rights and how you will be informed about changes to data protection requirements.

4.1 Your rights in detail

4.1.1 Right to information pursuant to Art. 15 GDPR

You can request information about whether your personal data is being processed. If this is the case, you can request further information on the type and manner of processing. A detailed list can be found in Art. 15 para. 1 lit. a to h GDPR.

4.1.2 Right to rectification pursuant to Art. 16 GDPR

This right includes the correction of incorrect data and the completion of incomplete personal data. 

4.1.3 Right to erasure pursuant to Art. 17 GDPR

This so-called 'right to be forgotten' gives you the right, under certain conditions, to request the deletion of your personal data by the controller. This is generally the case if the purpose of the data processing no longer applies, if consent has been withdrawn or the initial processing took place without a legal basis. A detailed list of reasons can be found in Art. 17 para. 1 lit. a to f GDPR. This "right to be forgotten" also corresponds to the controller's obligation under Art. 17 para. 2 GDPR to take appropriate measures to ensure the general erasure of data.

4.1.4 Right to restriction of processing pursuant to Article 18 GDPR

This right is subject to the conditions set out in Art. 18 para. 1 lit. a to d. 

4.1.5 Right to data portability pursuant to Art. 20 GDPR

This regulates the basic right to receive your own data in a commonly used form and to transfer it to another controller. However, this only applies to data processed on the basis of consent or a contract in accordance with Art. 20 (1) (a) and (b) and insofar as this is technically feasible.

4.1.6 Right to object pursuant to Art. 21 GDPR

In principle, you can object to the processing of your personal data. This applies in particular if your interest in objecting outweighs the legitimate interest of the controller in the processing and if the processing relates to direct marketing and/or profiling. 

4.1.7 Right to "decision in individual cases" pursuant to Art. 22 GDPR

In principle, you have the right not to be subject to a decision based solely on automated processing (including profiling) which produces legal effects concerning you or similarly significantly affects you. However, this right is also restricted and supplemented by Art. 22 (2) and (4) GDPR.

4.1.8 Additional rights

The GDPR includes comprehensive rights to inform third parties about whether or how you have exercised your rights under Articles 16, 17, and 18 of the GDPR. However, this only applies insofar as it is possible or can be done with reasonable effort. 

We would like to take this opportunity to draw your attention once again to your right to withdraw your consent in accordance with Art. 7 (3) GDPR. However, this does not affect the lawfulness of the processing carried out up to that point.

We would also like to draw your attention to your rights under §§ 32 ff. BDSG, which, however, are largely congruent with the rights just described.

4.1.9 Right to lodge a complaint pursuant to Art. 77 GDPR

You also have the right to lodge a complaint with a data protection supervisory authority if you believe that the processing of your personal data violates this Regulation.

5. What if the GDPR is abolished tomorrow or other changes take place?

The current status of this privacy policy is February 9, 2026. From time to time, it is necessary to adapt the content of the privacy policy in order to respond to actual and legal changes. We therefore reserve the right to change this privacy policy at any time. We will publish the amended version in the same place and recommend that you read the privacy policy regularly.