Privacy Policy
We are pleased that you are visiting our website. The protection and security of your personal information when using our website is very important to us. We would therefore like to inform you at this point which of your personal data we collect when you visit our website and for what purposes it is used.
This data protection declaration applies to the website of the Hotel Pension Kastanienhof Hauptmann oHG, which can be reached under the domain www.kastanienhof.berlin as well as the various subdomains ("our website").
Who is responsible and how do I contact you?
Responsible
for the processing of personal data within the meaning of the EU General Data Protection Regulation (GDPR)
Hotel Pension Kastanienhof Hauptmann oHG
Kastanienallee 65
10119 Berlin
+49 (0)30 44 30 50
Data protection officer
Data Solution LUD GmbH
What is this about?
This data protection declaration meets the legal requirements for transparency in the processing of personal data. This is all information that relates to an identified or identifiable natural person. This includes, for example, information such as your name, your age, your address, your telephone number, your date of birth, your e-mail address, your IP address or user behavior when visiting a website. Information with which we cannot (or only with disproportionate effort) relate to you personally, e.g. through anonymization, are not personal data. The processing of personal data (e.g. the collection, querying, use, storage or transmission) always requires a legal basis and a defined purpose.
Stored personal data are deleted as soon as the purpose of the Processing has been achieved and there are no legitimate reasons for further retention of the data. We will inform you about the specific storage periods and criteria for storage in the individual processing operations. Regardless of this, we store your personal data in individual cases to assert, exercise or defend legal claims and if there are statutory retention requirements.
Who gets my data?
We only pass on your personal data that we process on our website to third parties if this is necessary for the fulfillment of the purposes and in individual cases is covered by the legal basis (e.g. consent or protection of legitimate interests). In addition, we pass on personal data to third parties in individual cases if this serves to assert, exercise or defend legal claims. Possible recipients can then e.g. Law enforcement authorities, lawyers, auditors, courts, etc.
Insofar as we use service providers for the operation of our website who, as part of order processing on our behalf, provide personal data in accordance with. Process Art. 28 GDPR, these recipients of your personal data can be. You can find more detailed information on the use of processors and web services in the overview of the individual processing operations.
What rights do I have?
Under the conditions of the statutory provisions of the General Data Protection Regulation (GDPR), you as a data subject have the following rights:
Information in accordance with Art. 15 GDPR about the data stored about you in the form of meaningful information on the details of the processing and a copy of your data;
Correction in accordance with Art. 16 GDPR of inaccurate or incomplete data stored by us;
Deletion in accordance with Art. 17 GDPR of the data stored by us, insofar as the processing is not necessary for the exercise of the right to freedom of expression and information, for the fulfilment of a legal obligation, for reasons of public interest or for the assertion, exercise or defence of legal claims;
Restriction of the processing in accordance with Art. 18 GDPR, insofar as the correctness of the data is disputed, the processing is unlawful, we no longer need the data and you refuse to delete it, because you need it to assert, exercise or defend legal claims or you have objected to the processing in accordance with Art. 21 GDPR.
Data portability in accordance with Art. 20 GDPR, insofar as you have provided us with personal data within the framework of consent pursuant to Art. 6 sec. 1 lit. a GDPR or on the basis of a contract pursuant to Art. 6 sec. 1 lit.b GDPR and these were processed by us by means of automated procedures. You receive your data in a structured, common and machine-readable format or we transmit the data directly to another responsible person, as far as this is technically feasible.
In accordance with Art. 21 GDPR, you object to the processing of your personal data, insofar as they are carried out on the basis of Art. 6 sec. 1 lit. e, f GDPR and there are reasons for doing so, which arise from your particular situation or if the objection is directed against direct marketing. The right to object does not exist if overriding, overriding reasons for processing are proven or if the processing is carried out for the assertion, exercise or defence of legal claims. Insofar as there is no right to object in individual processing operations, this is indicated therein.
Revocation in accordance with Art. 7 sec. 3 GDPR of your given consent with effect for the future.
Complaint under Art. 77 GDPR to a supervisory authority if you believe that the processing of your personal data violates the GDPR. As a rule, you can contact the supervisory authority of your usual place of residence, your workplace or our company headquarters.
Online booking via the website
On our website there is the possibility to book hotel rooms and arrangements. If a user takes advantage of this option, the data entered in the input mask will be transmitted to us and stored. These data are: first name, last name, e-mail address, telephone, address, number of fellow travelers, estimated time of arrival, requests, payment data (credit card), date, time.
If you make an online booking from our website, this is done through the online reservation system of HotelNetSolutions GmbH, Genthiner Straße 8, 10785 Berlin, Germany. All booking data entered by you will be transmitted in encrypted form. HotelNetSolutions GmbH has committed itself to handling your transmitted data in accordance with data protection regulations. It takes all organizational and technical measures to protect your data.
Your data will be used exclusively for the processing of the booking and for communication.
Legal basis for data processing
The legal basis for the processing of the data is the conclusion of an accommodation contract with the user.
Purpose of data processing
The processing of the personal data from the input mask serves us solely to process the booking request and to process the payment transactions.
Duration of storage
The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. In the case of a contractual relationship, we will delete the data received as soon as national, commercial, statutory or contractual retention regulations have been met.
Online booking via other websites
There is the possibility to book rooms and arrangements for the hotel through hotel reservation portals (third-party providers). If a user takes advantage of this option, the data entered in the input mask will be transmitted to us and stored to the extent permitted by the respective hotel reservation portal in accordance with its own data protection regulations. Data can be: first name, last name, e-mail address, telephone, address, number of fellow travelers, estimated time of arrival, wishes, payment data (credit card).
The data provided is transferred to our hotel software via a so-called channel manager. All received booking data is transmitted in encrypted form. HotelNetSolutions GmbH, Genthiner Straße 8, D-10785 Berlin, Germany, as the provider of the Channel Manager, has undertaken to handle the transmitted personal data in accordance with data protection regulations. It takes all organizational and technical measures to protect your data.
Your data will be used exclusively for the processing of the booking and, if necessary, for communication.
Legal basis for data processing
The legal basis for the processing of the data is the conclusion of an accommodation contract with the user.
Purpose of data processing
The processing of the personal data from the input mask serves us solely to process the booking request and to process the payment transactions.
Duration of storage
The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. In the case of a contractual relationship, we will delete the data received as soon as national, commercial, statutory or contractual retention regulations have been met.
Use of company contact details for support, advice and advertising
For the support, advice and advertising of corporate customers, we collect and use the contact person, telephone number and postal address in addition to the business partner or potential business partner. We receive the information from various sources, either through an inquiry (e-mail or telephone), but also through events, trade fairs, business cards received by our sales representatives, etc.
Legal basis for data processing
The legal basis for the processing of the data is also our legitimate interest in data processing. If the purpose of the contact is to conclude a contract, the additional legal basis for the processing is the business initiation or contractual relationship .
Purpose of data processing
We use this contact data exclusively for our own purposes and for the needs-based design of our own sales activities.
Duration of storage
In principle, there is no deletion period. However, if our sales department has not had any contact with the company contact within 3 years, the sales department will decide whether the contact person of the company contact will be deleted.
If the contact is a pre-contractual relationship (offer, booking or reservation request), the transmitted data will also be stored in our hotel software and used to execute the contract. If there is no contractual relationship, we will delete the data after one year at the end of the year.
Possibility of objection
As a company contact, you have the option to object to the processing of your data at any time.
Online reviews
Former guests can leave a review at our hotel after check-out. For this purpose, we would like to send you an e-mail within 14 days of departure to ask you to submit a hotel review. Each review can be published anonymously if desired. If you did not feel comfortable in one of our hotels, we would like to take the opportunity to contact you.
If you submit an online review, the data will be stored in the evaluation tool of CA Customer Alliance GmbH, Ullsteinstraße 118 | Tower B, D-12109 Berlin, Germany. The Customer Alliance has committed itself to handling your transmitted data in accordance with data protection regulations. It takes all organizational and technical measures to protect your data.
In this context, the data will not be passed on to third parties. The data will be used exclusively for the publication of the review and for arbitration in case of bad reviews.
Legal basis for data processing
The legal basis for the processing of the data is also our legitimate interest in data processing.
Purpose of data processing
The purpose of the hotel review is to communicate and summarize the opinions of hotel guests via our website so that interested parties can get their own impression of our services. In addition, the results are used by our internal quality management.
Duration of storage
The data will not be deleted.
Possibility of objection
It is possible to have the publication of the review deleted at any time (right to be forgotten). Please let us know which review you are talking about.
Safety
We use technical and organizational security measures in accordance with Art. 32 GDPR to protect your data managed by us against accidental or intentional manipulation, loss, destruction or access by unauthorized persons. Our security measures are continuously improved in line with technological developments. Access to it is only possible for a few authorised persons and persons obliged to provide special data protection who are involved in the technical, administrative or editorial support of data.
For security reasons and to protect the transmission of confidential content that you send to us as the site operator, our website uses SSL or TLS encryption. This means that data that you transmit via this website cannot be read by third parties. You can recognize an encrypted connection by the "https://" address line of your browser and the lock symbol in the browser line.
Protection of minors
This service is mainly aimed at adults. We do not currently market any special areas for children. As a result, we do not knowingly collect age information, nor do we knowingly collect personal information from children under the age of 16. However, we advise all visitors to our website under the age of 16 not to disclose or provide any personal data via our service. In the event that we discover that a child under the age of 16 has provided us with personal information, we will delete the child's personal information from our files to the extent technically feasible.
Updating and modification
We reserve the right to change, update or supplement this privacy policy at any time . Any revised data processing information will only apply to personal data collected or modified after the entry into force.
Do we use cookies?
Cookies are small text files that we send to the browser of your device and store them as part of your visit to our website. As an alternative to using cookies, information can also be stored in the local storage of your browser. Some functions of our website cannot be offered without the use of cookies or local storage (technically necessary cookies). Other cookies, on the other hand, allow us to perform various analyses, so that we are able, for example, to recognize the browser you use when you visit our website again and to transmit various information to us (not necessary cookies). Cookies enable us to make our website more user-friendly and effective for you, for example by tracking your use of our website and by determining your preferred settings (e.g. country and language settings). If third parties process information via cookies, they collect the information directly through your browser. Cookies do not cause any damage to your device. You cannot run programs or contain viruses.
We inform you about the respective services for which we use cookies in the individual processing operations. Detailed information on the cookies used can be found in the cookie settings or in the Consent Manager of this website.
How will my data be processed in detail?
In the following we will inform you about the individual processing operations, the scope and purpose of the data processing, the legal basis, the obligation to provide your data and the respective storage period. An automated decision in individual cases, including profiling, does not take place.
Provision of the website
Type and scope of processing
When you visit and use our website, we collect the personal data that your browser automatically transmits to our server. The following information is temporarily stored in a so-called log file:
IP address of the requesting computer
Date and time of access
Name and URL the retrieved file
website from which access is made (referrer URL)
browser used and, if applicable, the operating system of your computer, as well as the name of your access provider
[Our website is not hosted by us, but by a service provider who for the purpose of the aforementioned data on our behalf in accordance with. Art. 28 GDPR processed.]
Purpose and legal basis
The processing is carried out to safeguard our overriding legitimate interest in displaying our website and ensuring security and stability on the basis of the Art. 6 para. Lit. f GDPR. The collection of data and storage in log files is essential for the operation of the website. There is no right to object to the processing due to the exception according to Art. 21 Paragraph 1 GDPR. Insofar as the further storage of the log files is required by law, the processing takes place on the basis of Art. 6 Para. 1 lit. c GDPR. There is no legal or contractual obligation to provide the data, but it is technically not possible to call up our website without providing the data.
Storage duration
The aforementioned data are used for the duration of the display of the website [and for technical reasons beyond that for a maximum of [7 days]].
Contact Form
Type and scope of processing
On our website, we offer you the option of contacting us using a form provided. The information that is collected via mandatory fields is required to process the request. In addition, you can voluntarily provide additional information that you believe is necessary to process the contact request.
When using the contact form, your personal data will not be passed on to third parties.
Purpose and legal basis
The processing of your data by using our contact form takes place for the purpose of communication and processing of your request on the basis of your consent in accordance with. Art. 6 para. 1 lit. a GDPR. If your request relates to an existing contractual relationship with us, processing for the purpose of fulfilling the contract is based on Art. 6 Para. 1 lit. b GDPR. There is no legal or contractual obligation to provide your data, but it is not possible to process your request without providing the information in the mandatory fields. If you do not want to provide this data, please contact us by other means.
Storage period
If you use the contact form on the basis of your consent, we will save the data collected each request for a period of three years, starting with the handling of your request or until you withdraw your consent.
[If you use the contact form in the context of a contractual relationship, we will save the data collected for each request Duration of [three years] from the end of the contractual relationship.]
Presences on social media platforms
We maintain so-called fan pages or accounts or channels on the networks mentioned below in order to provide you with information and offers within social networks and to offer you further ways to contact us and to find out about our offers. In the following, we inform you about what data we or the respective social network process from you in connection with the access and use of our fan pages/accounts.
Data we process from you
If you wish to contact us via Messenger or Direct Message via the respective social network, we will normally process your username, through which you contact us and store any other data you provide if this is necessary to process/respond to your request.
The legal basis is Art. 6(1) sentence 1 f) GDPR (processing is necessary to safeguard the legitimate interests of the controller).
(Static) Usage data we receive from the social networks
We receive automatically provided statistics about our accounts through Insights functionalities. The statistics include the total number of page views, likes, page activity and post interactions, reach, video views/views, and the proportion of men/women among our fans/followers.
The statistics contain only aggregated data which cannot be related to individuals. They are not identifiable to us.
What data you process social networks
In order to view the content of our fan pages or accounts, you do not have to be a member of the respective social network and no user account is required for the respective social network.
Please note, however, that when the respective social network is accessed, the social networks also collect and store data from website visitors without a user account (e..B. technical data in order to be able to view the website to you) and use cookies and similar technologies, which we have no influence on. Details can be found in the privacy policy of the respective social network (see the corresponding links above)
If you wish to interact with the content on our fan pages/accounts, e.B.g. comment, share or like our postings/posts and/or contact us via Messenger functions, prior registration with the respective social network and the provision of personal data is required.
We have no influence on the data processing by the social networks in the context of your use. To our knowledge, your data will be stored and processed in particular in connection with the provision of the services of the respective social network, furthermore for the analysis of the usage behaviour (using cookies, pixel/web beacons and similar technologies) on the basis of which advertising based on your interests is played out both within and outside the respective social network. It cannot be excluded that your data will be stored by the social networks outside the EU/EEA and will be passed on to third parties.
Information on, among other things, the exact scope and purposes of the processing of your personal data, the storage period/deletion as well as guidelines on the use of cookies and similar technologies in the context of the registration and use of social networks can be found in the social protection policy/cookie policy. There you will also find information about your rights and possibilities of objection.
Facebook page
When you visit our Facebook page, Facebook (Meta) collects, among other things, your IP address and other information that is available on your PC in the form of cookies. This information is used to provide us, as the operator of the Facebook pages, with statistical information about the use of the Facebook page. Facebook provides further information on this under the following link: https://facebook.com/help/pages/insights.
By means of the transmitted statistical information, it is not possible for us to draw conclusions about individual users. We only use these in order to be able to respond to the interests of our users and to continuously improve our online presence and to ensure the quality of it.
We collect your data via our fan page only in order to realize a possible provision for communication and interaction with us. This survey usually includes: Your name, message content, comment content, and the profile information you provide "publicly."
The processing of your personal data for our above-mentioned purposes takes place on the basis of our legitimate business and communicative interest in offering an information and communication channel in accordance with Art. 6 para. 1 f) GDPR. If you as a user have given your consent to data processing to the respective provider of the social network, the legal basis of the processing extends to Art. 6 para. 1 a), Art. 7 GDPR.
Due to the fact that the actual data processing is carried out by the provider of the social network, our access options are limited to your data. Only the provider of the social network is authorized to have full access to your data. Due to this, only the provider can directly take and implement appropriate measures to fulfill your user rights (request for information, deletion request, objection, etc.). The assertion of corresponding rights is therefore most effectively asserted directly against the respective provider.
Together with Facebook, we are responsible for the personal content of the fan page. Data subject rights can be asserted with Meta Platforms Ireland Ltd. as well as with us.
According to the GDPR, the primary responsibility for the processing of Insights data lies with Facebook and Facebook fulfils all obligations under the GDPR with regard to the processing of Insights data, Meta Platforms Ireland Ltd. makes the essence of the Page Insights supplement available to the data subjects.
We do not make any decisions regarding the processing of Insights data and the storage period of cookies on user devices.
Further information can be found directly on Facebook (supplementary agreement with Facebook): https://www.facebook.com/legal/terms/page_controller_addendum.
Further information on the exact scope and purposes of the processing of your personal data, the storage period/deletion as well as guidelines for the use of cookies and similar technologies in the context of registration and use can be found in Facebook's privacy policy/cookie policy:
https://www.facebook.com/privacy/policy/?entry_point=data_policy_redirect&entry=0
https://www.facebook.com/policies/cookies
Customer Alliance Online Reputation
Type and scope of processing
We have integrated components from Customer Alliance Online Reputation on our website. Customer Alliance Online Reputation is a rating service that allows users to rate our services. If you rate our services, data about the service used may be transmitted to CA Customer Alliance GmbH to verify authenticity. Customer Alliance Online Reputation allows us to obtain content such as reviews directly from CA Customer Alliance GmbH and display it on our website. This usually sends your current IP address to the service.
Furthermore, Customer Alliance Online Reputation stores information by means of cookies in order to find out which online offers have been visited. In this case, your data will be passed on to the operator of Customer Alliance Online Reputation that CA Customer Alliance GmbH Ullsteinstr. 130, Tower B 12109 Berlin, Germany.
Purpose and legal basis
The use of Customer Alliance Online Reputation is based on Art. 6 sec. 1 lit. f. GDPR to inform users about the quality of our services. If the user agrees to the processing of his data, the legal basis for the processing is Art. 6 sec. 1 lit. a. GDPR.
Storage time
The actual storage time of the processed data is not influenced by us, but is determined by CA Customer Alliance GmbH. For more information, see the privacy policy for Customer Alliance Online Reputation: www.customer-alliance.com/de/datenschutzbestimmungen/.
Facebook CDN
Type and scope of processing
We use Facebook CDN to properly provide the content of our website. Facebook CDN is a service of the Meta Platforms Ireland Limited, which acts as a content delivery network (CDN) on our website.
A CDN helps to make the content of our online offer, in particular files such as graphics or scripts, available more quickly with the help of regionally or internationally distributed servers. When you access this content, you establish a connection to servers of the Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, whereby your IP address and, if applicable, browser data such as your user agent are transmitted. This data is processed exclusively for the purposes mentioned above and to maintain the security and functionality of Facebook CDN.
Purpose and legal basis
The use of the Content Delivery Network is based on our legitimate interests, i.e. interest in a secure and efficient provision as well as the optimization of our online offer in accordance with Art. 6 para. 1 lit. f. GDPR.
We intend to transfer personal data to third countries outside the European Economic Area, in particular the USA. The transfer of data to the USA takes place in accordance with Art. 45 para. 1 GDPR on the basis of the adequacy decision of the European Commission. The participating U.S. companies and/or their U.S. subcontractors are certified under the EU-U.S. Data Privacy Framework (EU-U.S. DPF).
In cases where there is no adequacy decision by the European Commission (including US companies that are not EU-U.S. DPF certified), we have other appropriate safeguards with the recipients of the data within the meaning of Art. 44 et seq. GDPR. Unless otherwise stated, these are standard contractual clauses of the EU Commission in accordance with Implementing Decision (EU) 2021/914 of 4 June 2021. A copy of these Standard Contractual Clauses can be found at https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32021D0914&from=DE .
In addition, before such a third country transfer, we obtain your consent in accordance with Art. 49 para. 1 sentence 1 lit. a. GDPR, which you give via consent in the Consent Manager (or other forms, registrations, etc.). We would like to point out that in the case of transfers to third countries, there may be risks unknown in detail (e.g. data processing by security authorities of the third country, the exact scope and consequences of which we do not know for you, over which we have no influence and of which you may not become aware).
Storage period
The specific storage period of the processed data cannot be influenced by us, but is determined by Meta Platforms Ireland Limited. Further information can be found in the privacy policy for Facebook CDN: https://www.facebook.com/privacy/explanation.
Facebook Pixel
Type and scope of processing
We use Facebook Pixel from Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, to create so-called Custom Audiences, i.e. to segment visitor groups to our online offer, to determine conversion rates and then to optimize them. This happens in particular when you interact with advertisements that we have placed with Meta Platforms Ireland Limited.
Purpose and legal basis
The use of Facebook Pixel is based on your consent in accordance with Art. 6 para. 1 lit. a. DSGVO and § 25 para. 1 TTDSG.
We intend to transfer personal data to third countries outside the European Economic Area, in particular the USA. The data transfer to the USA takes place in accordance with Art. 45 para. 1 GDPR on the basis of the adequacy decision of the European Commission. The participating U.S. companies and/or their U.S. subcontractors are certified under the EU-U.S. Data Privacy Framework (EU-U.S. DPF).
In cases where there is no adequacy decision by the European Commission (including US companies that are not EU-U.S. DPF certified), we have agreed other appropriate safeguards with the recipients of the data within the meaning of Art. 44 et seq. GDPR. Unless otherwise stated, these are standard contractual clauses of the EU Commission in accordance with Implementing Decision (EU) 2021/914 of 4 June 2021. A copy of these Standard Contractual Clauses can be found at https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32021D0914&from=DE .
In addition, prior to such a third country transfer, we obtain your consent in accordance with Art. 49 para. 1 sentence 1 lit. a. DSGVO, which you give via the consent in the Consent Manager (or other forms, registrations, etc.). We would like to point out that in the case of transfers to third countries, there may be risks unknown in detail (e.g. data processing by security authorities of the third country, the exact scope and consequences of which we do not know for you, over which we have no influence and of which you may not become aware).
Storage period
The specific storage period of the processed data cannot be influenced by us, but is determined by Meta Platforms Ireland Limited. Further information can be found in the privacy policy for Facebook Pixel: https://www.facebook.com/privacy/explanation.
Facebook Plugin
Type and scope of processing
We have integrated components from Facebook Plugin on our website. Facebook Plugin is a service of Meta Platforms Ireland Limited and offers us the possibility to aggregate content of the social media platform and display it on our website.
When you access this content, you connect to Meta Platforms Ireland Limited servers, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, transmitting your IP address and, if applicable, browser data such as your user agent. This data will be processed exclusively for the above purposes and for the maintenance of the security and functionality of Facebook Plugin.
If a user is registered with Meta Platforms Ireland Limited, Facebook Plugin can associate the viewed content with the profile.
Purpose and legal basis
The use of Facebook Plugin is based on your consent in accordance with Art. 6 para. 1 lit. a. GDPR.
Storage time
The actual storage time of the processed data is not influenced by us, but is determined by Meta Platforms Ireland Limited. For more information, see the privacy policy for Facebook Plugin: https://www.facebook.com/policy.php.
Google Analytics
Our website uses Google Analytics 4, a web analytics service provided by Google LLC. The responsible entity for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google").
Google Analytics uses cookies that enable an analysis of your use of our websites. The information collected by means of the cookies about your use of this website is generally transferred to a Google server in the USA and stored there.
We use the User ID function. With the help of the User ID, we can assign a unique, permanent ID to one or more sessions (and the activities within these sessions) and analyse user behaviour across devices.
We continue to use Google Signals. This allows Google Analytics to capture additional information about users who have enabled personalised ads (interests and demographics) and to deliver ads to these users in cross-device remarketing campaigns.
Google Analytics 4 has IP anonymisation enabled by default. Due to IP anonymisation, your IP address will be shortened by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. According to Google, the IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
During your website visit, your user behaviour is recorded in the form of "events". Events can be:
Also recorded:
On our behalf, Google will process the information transmitted in order to evaluate the use of the website by website visitors and to compile reports on website activities. The reports provided by Google Analytics are used by us to analyse the performance of the website.
Recipients
Recipients of the data are/may be
- Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (as data processor according to Art. 28 GDPR)
- Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA
- Alphabet Inc, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA
It cannot be ruled out that US authorities may access the data stored by Google.
Third country transfer
Where data is processed outside the EU/EEA and there is no level of data protection equivalent to the European standard, we have concluded EU standard contractual clauses with the service provider to establish an appropriate level of data protection. The parent company of Google Ireland, Google LLC, is based in California, USA. A transfer of data to the USA and access by US authorities to the data stored by Google cannot be ruled out. The USA is currently considered a third country from a data protection perspective. You do not have the same rights there as within the EU/EEA. You may not have any legal remedies against access by authorities.
Storage period
The data sent by us and linked to cookies are automatically deleted after 14 months. Data whose retention period has been reached is automatically deleted once a month.
Legal basis and revocation
We process your data using Google Analytics 4 on the basis of your consent in accordance with Art. 6 para.1 lit a GDPR in conjunction with. § 25 TTDSG. Your consent. You give your consent by setting the use of cookies (cookie banner / Consent Manager), with which you can also declare your revocation at any time with effect for the future in accordance with Art. 7 para. 3 GDPR.
You can also prevent the storage of cookies from the outset by setting your browser software accordingly. However, if you configure your browser in such a way that all cookies are rejected, functionalities on this and other websites may be restricted. Furthermore, you can prevent the collection of the data generated by the cookie and related to your use of the website (incl. your IP address) to Google as well as the processing of this data by Google by (I) not granting your consent to the setting of the cookie or (II) downloading and installing the browser add-on to deactivate Google Analytics HERE.
For more information, please see the Terms of Use and the Privacy Policy for Google.
Google Maps
Type and scope of processing
We use the map service Google Maps to create directions. Google Maps is a service of the Google Ireland Limited, which displays a map on our website.
When you access this content of our website, you establish a connection to servers of the Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland, whereby your IP address and, if applicable, browser data such as your user agent are transmitted. This data is processed exclusively for the purposes mentioned above and to maintain the security and functionality of Google Maps.
Purpose and legal basis
The use of Google Maps is based on your consent in accordance with Art. 6 para. 1 lit. a. GDPR and § 25 para. 1 TTDSG.
We intend to transfer personal data to third countries outside the European Economic Area, in particular the USA. The transfer of data to the USA takes place in accordance with Art. 45 para. 1 GDPR on the basis of the adequacy decision of the European Commission. The participating U.S. companies and/or their U.S. subcontractors are certified under the EU-U.S. Data Privacy Framework (EU-U.S. DPF).
In cases where there is no adequacy decision by the European Commission (including US companies that are not EU-U.S. DPF certified), we have other appropriate safeguards with the recipients of the data within the meaning of Art. 44 et seq. GDPR. Unless otherwise stated, these are standard contractual clauses of the EU Commission in accordance with Implementing Decision (EU) 2021/914 of 4 June 2021. A copy of these Standard Contractual Clauses can be found at https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32021D0914&from=DE .
In addition, before such a third country transfer, we obtain your consent in accordance with Art. 49 para. 1 sentence 1 lit. a. GDPR, which you give via consent in the Consent Manager (or other forms, registrations, etc.). We would like to point out that in the case of transfers to third countries, there may be risks unknown in detail (e.g. data processing by security authorities of the third country, the exact scope and consequences of which we do not know for you, over which we have no influence and of which you may not become aware).
Storage period
The specific storage period of the processed data cannot be influenced by us, but is determined by Google Ireland Limited. Further information can be found in the privacy policy for Google Maps: https://policies.google.com/privacy.
Google Tag Manager
Type and scope of processing
We use the Google Tag Manager of the Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland. Google Tag Manager is used to manage website tags through an interface and allows us to control the precise integration of services on our website.
This allows us to flexibly integrate additional services in order to evaluate user access to our website.
Purpose and legal basis
The use of Google Tag Manager is based on your consent in accordance with Art. 6 para. 1 lit. a. GDPR and § 25 para. 1 TTDSG.
We intend to transfer personal data to third countries outside the European Economic Area, in particular the USA. The transfer of data to the USA takes place in accordance with Art. 45 para. 1 GDPR on the basis of the adequacy decision of the European Commission. The participating U.S. companies and/or their U.S. subcontractors are certified under the EU-U.S. Data Privacy Framework (EU-U.S. DPF).
In cases where there is no adequacy decision by the European Commission (including US companies that are not EU-U.S. DPF certified), we have other appropriate safeguards with the recipients of the data within the meaning of Art. 44 et seq. GDPR. Unless otherwise stated, these are standard contractual clauses of the EU Commission in accordance with Implementing Decision (EU) 2021/914 of 4 June 2021. A copy of these Standard Contractual Clauses can be found at https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32021D0914&from=DE .
In addition, before such a third country transfer, we obtain your consent in accordance with Art. 49 para. 1 sentence 1 lit. a. GDPR, which you give via consent in the Consent Manager (or other forms, registrations, etc.). We would like to point out that in the case of transfers to third countries, there may be risks unknown in detail (e.g. data processing by security authorities of the third country, the exact scope and consequences of which we do not know for you, over which we have no influence and of which you may not become aware).
Storage period
The specific storage period of the processed data cannot be influenced by us, but is determined by Google Ireland Limited. Further information can be found in the privacy policy for Google Tag Manager: https://marketingplatform.google.com/about/analytics/tag-manager/use-policy/.
JSDelivr CDN
Type and scope of processing
We use JSDelivr CDN to properly provide the content of our website. JSDelivr CDN is a service of the Prospect One, which acts as a content delivery network (CDN) on our website.
A CDN helps to make the content of our online offer, in particular files such as graphics or scripts, available more quickly with the help of regionally or internationally distributed servers. When you access this content, you establish a connection to servers of the Prospect One, Krolewska 65a, Krakow, Malopolskie 30-081, Poland, whereby your IP address and, if applicable, browser data such as your user agent are transmitted. This data is processed exclusively for the purposes mentioned above and to maintain the security and functionality of JSDelivr CDN.
Purpose and legal basis
The use of the Content Delivery Network is based on our legitimate interests, i.e. interest in a secure and efficient provision as well as the optimization of our online offer in accordance with Art. 6 para. 1 lit. f. GDPR.
We intend to transfer personal data to third countries outside the European Economic Area, in particular the USA. The transfer of data to the USA takes place in accordance with Art. 45 para. 1 GDPR on the basis of the adequacy decision of the European Commission. The participating U.S. companies and/or their U.S. subcontractors are certified under the EU-U.S. Data Privacy Framework (EU-U.S. DPF).
In cases where there is no adequacy decision by the European Commission (including US companies that are not EU-U.S. DPF certified), we have other appropriate safeguards with the recipients of the data within the meaning of Art. 44 et seq. GDPR. Unless otherwise stated, these are standard contractual clauses of the EU Commission in accordance with Implementing Decision (EU) 2021/914 of 4 June 2021. A copy of these Standard Contractual Clauses can be found at https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32021D0914&from=DE .
In addition, before such a third country transfer, we obtain your consent in accordance with Art. 49 para. 1 sentence 1 lit. a. GDPR, which you give via consent in the Consent Manager (or other forms, registrations, etc.). We would like to point out that in the case of transfers to third countries, there may be risks unknown in detail (e.g. data processing by security authorities of the third country, the exact scope and consequences of which we do not know for you, over which we have no influence and of which you may not become aware).
Storage period
The specific storage period of the processed data cannot be influenced by us, but is determined by Prospect One. Further information can be found in the privacy policy for JSDelivr CDN: https://www.jsdelivr.com/privacy-policy-jsdelivr-net.
OpenStreetMap
Type and scope of processing
We use the map service OpenStreetMap to create directions. OpenStreetMap is an open source project of the OpenStreetMap Foundation, which is a map on our website.
When you access this content, you connect to OpenStreetMap Foundation servers, St John’s Innovation Centre, Cowley Road, Cambridge CB4 0WS, United Kingdom , transmitting your IP address and, if applicable, browser data such as your user agent. This data will be processed exclusively for the above purposes and for the maintenance of the security and functionality of OpenStreetMap.
Purpose and legal basis
The use of OpenStreetMap is based on our legitimate interests in accordance with Art. 6 sec. 1 lit. f. GDPR, i.e. our interest in making it easier for you to get to the locations mentioned on the website.
Storage time
The actual storage time of the processed data is not influenced by us, but is determined by OpenStreetMap Foundation. For more information, see the privacy policy for OpenStreetMap: https://wiki.osmfoundation.org/wiki/Privacy_Policy.
consentmanager.net
Type and scope of processing
We have integrated consentmanager.net on our website. consentmanager.net is a consent solution of the consentmanager AB, Håltegelvägen 1, B723 48 Västerås, Sweden, with which consent to the storage of cookies can be obtained and documented. consentmanager.net uses cookies or other web technologies to recognize users and to store the consent given or revoked.
Purpose and legal basis
The use of the service is based on the legally required consent to receive the use of cookies in accordance with Art. 6 sec. 1 lit.c. GDPR.
Storage time
The actual storage time of the processed data is not influenced by us, but is determined by consentmanager AB. For more information, see the privacy policy for consentmanager.net: https://www.consentmanager.net/datenschutz/.
