Data protection

Thank you for visiting our website. The secure handling of your data is particularly important to us. We would therefore like to inform you in detail about the use of your data when you visit our website.

 

Legal basis of the processing

Art. 6 para. 1 lit. a GDPR serves our company as the legal basis for processing operations for which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the fulfilment of a contract to which the data subject is a party, as is the case, for example, with processing operations that are necessary for the delivery of goods or the provision of another service or consideration, the processing is based on Art. 6 para. 1 lit. b GDPR. The same applies to such processing operations that are necessary for the implementation of pre-contractual measures, for example in cases of enquiries about our products or services. If our company is subject to a legal obligation that requires the processing of personal data, such as for the fulfilment of tax obligations, the processing is based on Art. 6 para. 1 lit. c GDPR. In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or another natural person, Art. 6 para. 1 lit. d GDPR. Finally, processing operations could also be based on Art. 6 para. 1 lit. f GDPR. Processing operations that are not covered by any of the aforementioned legal bases are based on this legal basis if the processing is necessary to safeguard a legitimate interest of our company or a third party, provided that the interests, fundamental rights and freedoms of the data subject do not prevail.

 

Forwarding of data

Your personal data will not be transferred to third parties for purposes other than those listed below. We only pass on your personal data to third parties if:

• you have given your express consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR,
• the disclosure pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR is necessary for the assertion, exercise or defence of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data
• in the event that there is a legal obligation for the disclosure pursuant to Art. 6 para. 1 sentence 1 lit. c GDPR, and
• this is legally permissible and necessary for the processing of contractual relationships with you in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR.

 

Rights of data subjects

You have the right:

• to request information about your personal data processed by me in accordance with Art. 15 GDPR. In particular, you can request information about the purposes of processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of appeal, the origin of your data if it was not collected by me, as well as the existence of automated decision-making including profiling and, if applicable, meaningful information on its details;
• in accordance with Art. 16 GDPR, to immediately request the correction of incorrect or incomplete personal data stored by me
• in accordance with Art. 17 GDPR, to request the erasure of your personal data stored by me, unless the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims;
• in accordance with Art. 18 GDPR, to demand the restriction of the processing of your personal data if the accuracy of the data is disputed by you, the processing is unlawful, but you refuse to delete it and we no longer need the data, but you need it for the assertion, exercise or defence of legal claims or you have lodged an objection to the processing in accordance with Art. 21 GDPR;
• in accordance with Art. 20 GDPR, to receive your personal data that you have provided to me in a structured, commonly used and machine-readable format or to request that it be transmitted to another controller
• in accordance with Art. 7 para. 3 GDPR, to revoke your consent once given to me at any time. The consequence of this is that we may no longer continue the data processing that was based on this consent in the future and
• pursuant to Art. 77 GDPR, without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or the place of the alleged infringement if the data subject is of the opinion that the processing of personal data concerning them is in breach of the EU General Data Protection Regulation (GDPR).

 

Right to information, right to rectification, blocking, erasure, objection

Upon written request, we will inform you about the personal data we have stored about you. You also have the right to correct, block, object to or delete this data. The enquiry should be sent to the address given in the website's legal notice.

 

Right of cancellation

If your personal data is processed on the basis of legitimate interests, you have the right to object to the processing of your personal data in accordance with Art. 21 GDPR, provided that there are reasons for this arising from your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right to object, which will be implemented by me without specifying a particular situation. If you wish to exercise your right of cancellation or objection, simply send an email to the address given in the website's legal notice.

 

Cookies

Our website uses cookies. A cookie is a text file that is created when you visit a website and is temporarily stored on the website user's system. If the server of our website is called up again by the user of the website, the browser of the user of the website sends the previously received cookie back to the server. The server can analyse the information received through this process. Cookies can be used, for example, to control adverts or make it easier to navigate a website. Cookies are also necessary to enable the functionality of our website operation (the legal basis is Art. 6 para. 1 lit f GDPR, the protection of the legitimate interests of the operator of this website - we only use cookies in agreement with Art. 5 para. 1 lit a GDPR, i.e. in accordance with the principles of ‘lawfulness, processing in good faith, transparency’).

If you wish to prevent the use of cookies, you can do so by making local settings in your Internet browser (e.g. Internet Explorer, Mozilla Firefox, Opera or Safari).

 

General collection of data

When you access our website or retrieve a file, data about this process is stored in a log file on our web server. In particular, the following data may be stored

• IP address (if possible, this is stored anonymised)
• Domain name of the website from which you came
• Names of the files retrieved
• Date and time of a retrieval
• Name of your internet service provider
• and, if applicable, the operating system and browser version of your end device

We only store IP addresses for data security reasons in order to ensure the stability and security of our system (legal basis: Art. 6 para. 1 lit. f GDPR). We reserve the right to statistically analyse anonymised data records.

 

Contact forms

If you send us enquiries via the contact form, your details from the enquiry form, including the contact details you provide there, will be stored and processed by us for the purpose of processing the enquiry and in the event of follow-up questions. Your data will be used exclusively for the purpose of answering and processing your enquiry. The data processing takes place here in accordance with Art. 6 para. 1 lit. a GDPR on the basis of your voluntarily given consent. You can object to this at any time (right of cancellation).

 

Newsletter

We only send newsletters with advertising information with the consent of the recipient or on the basis of a legal authorisation.

Registration for our newsletter takes place via a double opt-in procedure: After registering, you will receive an e-mail asking you to confirm your registration.

This confirmation is necessary to verify you as the owner of the e-mail.

Registration for the newsletter is logged in order to be able to prove registration in accordance with legal requirements.

This includes storing the time of registration and confirmation as well as your IP address. Other data that you entered when registering for the newsletter is also stored.

We only use your information other than your e-mail address to personalise the newsletter, for example your name.

You can unsubscribe from the newsletter at any time. You will find a link to unsubscribe from the newsletter in every newsletter e-mail.

 

Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, every data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal data relating to him or her infringes the EU General Data Protection Regulation (GDPR).

 

Right to data portability

You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format.

 

Confidentiality of your customer access

If you have been given access to a protected area on our website that is secured by a password, you are responsible for keeping this password confidential. We ask you not to disclose the password to anyone.

 

Links to other websites

Our website/app may, from time to time, contain links to third party websites or to other websites of our own. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these privacy policies before you submit any personal data to these websites.

 

Comment function

There is a voluntary comment function on individual pages or posts for users who wish to share their opinion on the respective page or post. The comment is approved after a positive review and appears publicly on the page where the comment was sent. There is no entitlement to approval of a comment. The commenter must provide a name, which may be a pseudonym. The commenter must also provide an email address. The purpose of this is to inform them about the status of their comment, especially if they have asked a question in the comment and are waiting for an answer. The email address is not displayed publicly, is not passed on to third parties and is not analysed manually. The IP address of the commenter is only stored in anonymised form. The comment is saved permanently until it is deleted by you (or an administrator). The e-mail address you provide for the comment will only be stored for the purpose of sending you a notification in the event of a reply to your comment. Any other data you enter in the comment will be published in the comment if you provide it. If a name is requested, you can also use a pseudonym.

 

SSL encryption

This website uses SSL encryption (Secure Socket Layer) for the transmission of data from your browser to our server and to servers that provide files that we embed on our website.

With SSL, data is transmitted in encrypted form. The data cannot be changed and the sender can be identified.

You can recognise the presence of SSL encryption by the text ‘https’ in front of the address of the website that you call up in the browser.

 

Links to third-party websites

This website contains references to third-party websites in the form of so-called links. Only when you click on such a link will data be transmitted to the link destination. This is technically necessary. The data transmitted are in particular Your IP address, the time at which you clicked on the link, the page on which you clicked on the link, details of your Internet browser. If you do not want this data to be transferred to the link destination, do not click on the link.

 

Google Maps

This website uses the mapping software Google Maps from Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. By using this website, you consent to the collection, processing and use of data that may be collected automatically by Google and its representatives. Terms of use of Google Maps. Data protection provisions of Google

 

Inxmail newsletter service

We use the Inxmail service provided by Inxmail GmbH, Wentzingerstr. 17, 79106 Freiburg, Germany (‘Inxmail’) to send newsletters. The data provided when registering for the newsletter will be transmitted to Inxmail and stored by Inxmail. The data entered during registration will not be transmitted to third parties. After registering, you will receive an e-mail from Inxmail to confirm your registration, which you can finalise by clicking on a confirmation link. Inxmail also offers us analysis options, such as how the newsletters sent are opened and used, e.g. to how many users an email was sent, whether emails were not opened and whether users unsubscribed from the newsletter after receiving an email. Further information can be found in Inxmail's privacy policy.

 

Google Fonts

This site uses certain Google fonts for display. When you call up a page, your browser loads these fonts. Your IP address, including the page (Internet address) you have visited, is transmitted to a Google server. Further information on these Google fonts can be found at https://developers.google.com/fonts/faq and in Google's privacy policy at https://www.google.com/policies/privacy/

 

Google Analytics

Our website uses the analytics service Google Analytics. This web analysis service is operated by Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter referred to as Google). We use Google Analytics to analyse your use of our website and to compile reports on user activities. Our legitimate interest in data processing also lies in these purposes. The legal basis for the use of Google Analytics is Section 15 (3) TMG and Art. 6 (1) (f) GDPR. This analysis tool works on the basis of cookies. A cookie is a text file that is sent when you visit a website and is temporarily stored on the website user's hard drive to enable your use of the website to be analysed. The information stored by the cookie is usually transferred to a Google server in the USA and then stored there. As part of IP anonymisation, your IP address will be shortened beforehand by Google within a member state of the EU or another signatory state to the Agreement on the European Economic Area. Google will use the transmitted information on our behalf to compile a report on the use of the website. We have concluded an order processing contract with Google.

The IP address transmitted as part of Google Analytics is not merged with other Google data. If you wish to prevent the use of cookies, you can do this by making local changes to your settings in the Internet browser used on your computer (e.g. Safari, Internet Explorer, Opera, Firefox, etc.), i.e. the programme for opening and displaying Internet pages. You can also prevent the collection and processing of your data by Google's cookie by downloading and installing a browser plug-in offered by Google at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.

You can prevent the collection of data by Google Analytics by clicking on the following link. An opt-out cookie will then be set to prevent the future collection of your data when you visit this website: Deactivate Google Analytics

Further information on the terms of use and data protection of Google and Google Analytics can be found at http://www.google.com/analytics/terms/de.html and at https://www.google.de/intl/de/policies/. Please note that the ‘anonymiseIp’ extension has been added to Google Analytics. This ensures anonymised collection of IP addresses.

 

Google Tag Manager

We use the Google Tag Manager from Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (‘Google’). Google Tag Manager is a cookie-free domain and does not collect any personal data. The tool triggers other components, which in turn may collect data. Google Tag Manager does not access this data. If a deactivation has been made at domain or cookie level, this remains in place for all tracking tags that are implemented with Google Tag Manager.

 

YouTube videos

We have embedded YouTube videos on our website, which are stored on the servers of the provider YouTube and can be played from our website via embedding. The videos are embedded with the option for extended data protection settings activated. When you play these videos, YouTube cookies and DoubleClick cookies are stored on your computer and data may be transferred to Google Inc, Amphitheatre Parkway, Mountain View, CA 94043, USA, as the YouTube operator.

When videos stored on YouTube are played, at least the following data is currently transmitted to Google Inc. as the YouTube operator and operator of the DoubleClick network: IP address and cookie, the specific address of the page accessed on our website, system date and time of access, identification of your browser.

This data is transmitted regardless of whether you have a Google user account that you are logged into or whether you do not have a user account. If you are logged in in this way, Google may assign this data directly to your account. If you do not wish to be associated with your profile, you must log out before activating the play button for the video.

YouTube and Google Inc. store this data as user profiles and may use it for the purposes of advertising, market research and/or customising the design of their websites. Such an analysis is carried out in particular (even for users who are not logged in) to provide customised advertising and to inform other users about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact Google as the operator of YouTube to exercise this right.

Further information on the purpose and scope of data collection and its processing by Google can be found on this information page.

 

‘Facebook’ social plug-in

On our website Sauerland Stern Hotel we use the plug-in of the social network Facebook. Facebook is an internet service provided by Facebook Inc, 1601 S. California Ave, Palo Alto, CA 94304, USA. In the EU, this service is in turn operated by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, hereinafter both referred to as ‘Facebook’.

Through certification in accordance with the EU-US Privacy Shield https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active, Facebook guarantees that the data protection requirements of the EU are also complied with when processing data in the USA.

The legal basis for the processing of your data is Art. 6 para. 1 lit. f) GDPR. Facebook provides further information about the possible plug-ins and their respective functions at https://developers.facebook.com/docs/plugins/.

 

If the plug-in is stored on one of the pages you visit on our website, your internet browser will download a representation of the plug-in from the Facebook servers in the USA. For technical reasons, it is necessary for Facebook to process your IP address. The date and time of your visit to our website are also recorded. If you are logged in to Facebook while you visit one of our plugged-in websites, the information collected by the plug-in about your specific visit will be recognised by Facebook. Facebook may assign the information collected in this way to your personal user account there. If you use the Facebook ‘Like’ button, for example, this information will be stored in your Facebook user account and possibly published via the Facebook platform. If you wish to prevent this, you must either log out of Facebook before visiting our website or use an add-on for your internet browser to prevent the Facebook plug-in from loading.

 

Facebook provides further information about the collection and use of data as well as your rights and protection options in this regard in the data protection information available at https://www.facebook.com/policy.php.

 

Security notice

We protect our website and other IT systems against loss, destruction, unauthorised access, unauthorised modification or unauthorised dissemination of your data by means of suitable technical and organisational measures. However, despite all due care, complete protection against all risks is not possible in every case. As we cannot guarantee complete data security when communicating by e-mail, we recommend sending confidential information by post.

 

Changes to this privacy policy

We reserve the right to amend this data protection declaration if the legal situation or this online offer or the type of data collection changes. However, this only applies to declarations on data processing. If the user's consent is required or components of the privacy policy contain a regulation of the contractual relationship with users, the privacy policy will only be amended with the user's consent.

Therefore, please inform yourself about this privacy policy if necessary, especially if you provide personal data.

 

Application portal Legal basis:

• § SECTION 26 BDSG
• Art. 6 para. 1 lit. a) GDPR
• Art. 6 para. 1 lit. f) GDPR

Balancing of interests (Art. 6 para. 1 lit. f) GDPR:

The data collected when using the application portal is required to ensure the stable and secure operation of the portal.

Mutual legal claims may arise in connection with the application process (e.g. claims under the AGG, pre-contractual claims for damages). The processing of personal data may therefore be necessary for the assertion or defence of such claims.

 

Appointed data protection officer:

SMP Hospitality Consulting UG & Co. Vertriebs KG

Steinweg 5 - 34508 Willingen (Upland)

Represented by: Mike Schmirler (Certified data protection officer and computer scientist)

Phone: 05632-9691311

Email: datenschutz@smp-edv.de

URL: https://www.smp-edv.de

 

Data protection regulations for the registration form

 

Responsible in the sense of the data protection law: Fortuna Hotelbetriebsgesellschaft mbH, Sauerland Stern Hotel, Kneippweg 1, 34508 Willingen, Tel.: +49 5632 4040, Fax: +49 5632 6119, E-Mail: info@sauerland-stern-hotel.de

Data protection officer: SMP Hospitality Consulting UG & Co. Vertriebs KG, Steinweg 5 - 34508 Willingen (Upland), represented by: Mike Schmirler (certified data protection officer and computer scientist), phone: 05632-9691311, email: datenschutz@smp-edv.de

We process data in the registration form on the following legal bases:

Section ‘Private address’: Data processing based on § 30 (4) S.1 BMG with a storage period of one year.

Section ‘Private address’ / ‘Billing address’: Data processing based on Art. 6 (1) b), c) GDPR with a storage period of 10 years in accordance with § 147 (3) AO and § 257 (4) HGB.

Section ‘Consent to voluntary information under data protection law’: Data processing based on Art. 6 (1) a) GDPR with storage period until consent is withdrawn, if no other storage period has been specified.

You have the following rights under the General Data Protection Regulation (GDPR):

Right to information: In accordance with Article 15 GDPR, you can request confirmation as to whether data concerning you is being processed. If this is the case, you have a right of access to the information processed.*

Right to withdraw consent: If your personal data is processed on the basis of consent, you have the right to withdraw this consent at any time in accordance with Article 7 GDPR.

Right to object: If the processing of your personal data is necessary to safeguard the legitimate interests of our company, you can object to the processing at any time in accordance with Article 21 GDPR.*

Right to erasure: If you have withdrawn your consent, objected to the processing of your personal data (and there are no overriding legitimate grounds for the processing), your personal data is no longer necessary for the purposes of the processing, there is a legal obligation to do so or your personal data has been processed unlawfully, you have the right to request the erasure of your personal data in accordance with Article 17 GDPR.*

Right to rectification: If your personal data has been processed incorrectly, you have the right under Article 16 GDPR to demand the rectification of this data without undue delay*.

Right to restriction of processing: Under the conditions of Article 18 GDPR, you have the right to request the restriction of the processing of your personal data.

Right to data portability: In accordance with Article 20 GDPR, you have the right to receive the personal data you have provided to us in a structured, commonly used and machine-readable format.*

Right to lodge a complaint: In accordance with Article 77 GDPR, you have the right to lodge a complaint with the competent supervisory authority. The supervisory authority can be contacted at this address [e.g: The Hessian Commissioner for Data Protection and Freedom of Information, P.O. Box 3163, 65021 Wiesbaden, telephone: +49 611 1408 - 0, fax: +49 611 1408 - 900 / 901, https://datenschutz.hessen.de/, poststelle@datenschutz.hessen.de].*

* To assert your rights under the General Data Protection Regulation, you can contact us as follows Fortuna Hotelbetriebsgesellschaft mbH, Sauerland Stern Hotel, Kneippweg 1, 34508 Willingen, Tel.: +49 5632 4040, Fax: +49 5632 6119, E-Mail: info@sauerland-stern-hotel.de