Scope of Data Protection

General Information about the Processing of Your Data

We are legally obligated to inform you about the processing of your personal data (hereinafter referred to as “data”) when using our website. We take the protection of your personal data very seriously. This privacy disclosure provides you with details about the processing of your data and your related legal rights. The legal definitions from Article 4 of the General Data Protection Regulation (GDPR), such as “personal data” or “processing,” are authoritative for terms used in this context. We reserve the right to adjust the privacy policy with effect for the future, especially in the case of website developments, the use of new technologies, or changes in legal foundations and corresponding jurisprudence. We recommend that you read the privacy policy from time to time and keep a printout or copy for your records.

Scope

This privacy policy applies to all pages of www.hotelbrunnenhof.com. It does not extend to any linked websites or online presences of other providers.

Controller

Responsible for the processing of personal data within the scope of this privacy policy is:

Best Western Hotel Brunnenhof

B.W. Hotel Brunnenhof Weibersbrunn GmbH

Hauptstraße 231 63879 Weibersbrunn

Tel.: +49 6094 97 16 0 / Fax: +49 6094 1064

Email: info@brunnenhof.bestwestern.de

Questions Regarding Data Protection

If you have questions regarding data protection concerning our company or website, you can contact our data protection officer: SPIRIT LEGAL Rechtsanwaltsgesellschaft mbH Lawyer and Data Protection Officer Peter Hense Data Protection Officer c/o B. W. Hotel Brunnenhof Weibersbrunn GmbH; Hauptstraße 231, 63879 Weibersbrunn Contact via the encrypted online form: Contact Data Protection Officer

Security

We have implemented comprehensive technical and organizational measures to protect your personal data against unauthorized access, misuse, loss, and other external interferences. We regularly review our security measures and adapt them to the state of the art.

Your Rights

You have the following rights concerning your personal data that concerns you, which you can assert against us:

Right to Information: You can request information about your personal data processed by us according to Article 15 of the General Data Protection Regulation (GDPR).

Right to Rectification: If the information concerning you is not (or no longer) accurate, you can request rectification according to Article 16 GDPR. If your data is incomplete, you can request completion.

Right to Erasure: You can request the erasure of your personal data according to Article 17 GDPR.

Right to Restriction of Processing: According to Article 18 GDPR, you have the right to request restriction of processing of your personal data.

Right to Object to Processing: You have the right, for reasons arising from your particular situation, to object at any time to the processing of your personal data based on Article 6(1)(e) or (f) GDPR, as per Article 21(1) GDPR. We will not further process your data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing serves the establishment, exercise, or defense of legal claims (Article 21(1) GDPR). Additionally, you have the right, according to Article 21(2) GDPR, to object at any time to the processing of your personal data for direct marketing purposes, including any profiling related to such direct marketing. We inform you about the right to object in this privacy statement in connection with the respective processing.

Right to Withdraw Consent: If you have given consent for processing, you have the right to withdraw it according to Article 7(3) GDPR.

Right to Data Portability: You have the right to receive your personal data, which you have provided to us, in a structured, commonly used, and machine-readable format (“data portability”), and the right to transmit this data to another controller, where the conditions of Article 20(1)(a, b) GDPR are met (Article 20 GDPR).

You can assert your rights by notifying the contact details mentioned in the “Controller” section or with the data protection officers named by us.

If you believe that the processing of your personal data violates data protection laws, you also have the right, according to Article 77 GDPR, to lodge a complaint with a supervisory authority of your choice. This includes the data protection supervisory authority responsible for the controller: Die Landesbeauftragte für den Datenschutz Niedersachsen, Postfach 221, 30002 Hannover, Tel.: 0511/120-4500, Fax: 0511 120-4599, E-Mail: poststelle@lfd.niedersachsen.de.

Usage of Our Website

You can use our website for purely informative purposes without disclosing your identity. When accessing individual pages of the website for informational purposes, only access data is transmitted to our web space provider to display the website for you. The following data is processed in this context:

  • Browser type/browser version
  • Operating system used
  • Language and version of the browser software
  • Date and time of access
  • Hostname of the accessing device
  • IP address
  • Content of the request (specific webpage)
  • Access status/HTTP status code
  • Websites accessed via the website
  • Referrer URL (previously visited website)
  • Message indicating whether the call was successful
  • Time zone difference to GMT
  • Transferred data volume

The temporary processing of this data is necessary to enable the operation of a website visit and the delivery of the website to your device. Access data is not used to identify individual users and is not merged with other data sources. Further storage in log files is done to ensure the functionality of the website and the security of information technology systems. The legal basis for processing is Art. 6(1)(f) GDPR. Our legitimate interests lie in ensuring the functionality and security of the website. Storing access data in log files, especially the IP address, for an extended period allows us to detect and defend against misuse, including the defense against service-overloading requests or potential bot usage. Access data is deleted as soon as it is no longer required for the purpose of its processing. In the case of data collected to provide the website, this occurs when you end your visit to the website. Log data is generally kept directly and exclusively accessible to administrators and is deleted no later than seven days afterward. After that, it is only indirectly available through the reconstruction of backup tapes and is permanently deleted after a maximum of four weeks.

You have the right to object to the processing. Your right to object exists for reasons that arise from your particular situation. You can send us your objection using the contact details provided in the “Controller” section.

Tracking

In addition to the aforementioned access data, so-called cookies, pixels, browser fingerprinting, or other tracking technologies are used when using the website. Cookies are small text files with a sequence of numbers that are stored locally in the cache of the used browser. Pixels are one-pixel images created in the background color of the website and are therefore not visible to the user. The pixel also captures information about your user behavior on the website. Fingerprinting technologies generate a unique fingerprint based on browser settings and thus identify a single browser. Through a script that every internet browser automatically executes, information such as screen resolution, used fonts, operating system, hardware information, and integrated browser plugins can be collected, which in their specific combination can ultimately allow identification of a specific user. Tracking technologies are used to make our website user-friendly. The use of tracking technologies may be technically necessary or for other purposes (e.g., analysis/evaluation of website usage).

Technical Necessary Elements

Some elements of our website require that the calling browser can be identified even after a page change. In the technically necessary elements, such as cookies or similar methods of device access, the following data is processed for the purpose of conducting or facilitating electronic communication and providing a service requested by the user in the information society:

  • Language settings
  • Items in the shopping cart
  • Log-in information

User data collected through technically necessary elements is not used to create user profiles. We also use so-called “session cookies,” which store a session ID that allows various requests from your browser to be assigned to the common session. “Session cookies” are necessary for using the website. In particular, we can recognize the used device when you return to the website. We use this cookie to recognize you on subsequent visits to the website. The legal basis for this processing is Art. 6(1)(f) GDPR. Our legitimate interests in processing are to provide the mentioned special functionalities and thereby make the use of the website more attractive and effective. The “session cookies” are deleted, depending on the browser you use and the browser settings you have made, when you close the browser.

You have the right to object to the processing. Your right to object exists for reasons that arise from your particular situation. You can send us your objection using the contact details provided in the “Controller” section.

Technically Unnecessary Tracking

In addition to the aforementioned access data, we also use cookies, pixels, browser fingerprinting, and other tracking technologies on the website to enable an analysis of user surfing behavior. The following data is stored and processed, for example:

  • Frequency of page views
  • Use of website functions

The legal basis for this processing is your consent under Art. 6(1)(a) GDPR. Technically unnecessary cookies, pixels, and other tracking technologies are automatically deleted after a predetermined period, which may vary depending on the tracking method. If we integrate third-party cookies, pixels, and similar tracking technologies into our web offering, we will inform you separately.

Revocation of your consents to the processing of the respective provider is possible at any time by sliding the slider back in the “Individual Privacy Settings” of the consent management tool. The legality of the processing remains unaffected until the revocation is exercised.

Consent Management Tool “Borlabs Cookie”

To request consent for the processing of your device information and personal data using cookies or other tracking technologies on our website, we use the consent tool “Borlabs Cookie” from the provider “Borlabs – Benjamin A. Bornschein” (Rübenkamp 32, 22305 Hamburg). With the help of “Borlabs Cookie,” you have the option to agree or disagree with the processing of your device information and personal data using cookies or other tracking technologies for the purposes listed in the “Borlabs Cookie” tool. Such processing purposes may include, for example, the integration of external elements, the integration of streaming content, statistical analysis, reach measurement, or personalized advertising. With “Borlabs Cookie,” you can give or refuse your consent for all processing purposes, or grant or deny your consent for individual purposes or individual third-party providers. The settings you make can also be changed by you afterward. The purpose of integrating “Borlabs Cookie” is to leave the decision about setting cookies and similar functionalities to you as a user of our website and to provide you with the opportunity to change settings already made during the further use of our website. In the course of using “Borlabs Cookie,” personal data and information about the used devices are processed by us. Your data is also transmitted to “Borlabs Cookie.” The information about the settings you made is also stored on your end device.

The legal basis for processing is Art. 6(1)(c) GDPR in conjunction with Art. 7(1) GDPR, to the extent that processing is necessary to fulfill the legally stipulated evidence obligations for granting consent. Otherwise, Art. 6(1)(f) GDPR is the relevant legal basis. Our legitimate interests in processing lie in storing user settings and preferences regarding the use of cookies and evaluating consent rates. One year after making user settings, consent will be requested again. The user settings made will then be stored again for this period, unless you delete the information about your user settings in the designated end device capacities beforehand.

You can object to the processing to the extent that processing is based on Art. 6(1)(f) GDPR. Your right to object exists for reasons that arise from your particular situation. You can send us your objection using the contact details provided in the “Controller” section.

Contacting our company

When contacting our company, for example, by email or through the contact form on the website, the personal data you provide will be processed by us to respond to your inquiry. Mandatory for processing inquiries via the contact form on the website are the specification of a first and last name or a pseudonym, as well as a valid email address. The legal basis for processing is Art. 6(1)(f) GDPR or Art. 6(1)(b) GDPR if the contact aims at concluding a contract. If the inquiry aims at concluding a contract, providing your data is necessary and obligatory for the conclusion of a contract. If the data is not provided, a contract cannot be concluded or carried out in the form of contact or processing the inquiry. The processing of personal data from the input mask serves solely for processing the contact. In the case of contact by email, there is also the necessary legitimate interest in processing the data. The other data processed during the sending process serves to prevent misuse of the contact form and to ensure the security of our information technology systems. In this context, the data is not passed on to third parties. We delete the data collected in this context after the processing is no longer necessary – usually two years after the end of communication – or restrict processing if there are existing legally mandatory retention obligations.

You have the right to object to the processing. Your right to object exists for reasons that arise from your particular situation. You can send us your objection using the contact details in the “Controller” section.

Processing for contractual purposes

We process your personal data when and to the extent necessary for the initiation, establishment, execution, and/or termination of a legal transaction with our company. The legal basis for this is Art. 6(1)(b) GDPR. Providing your data is then necessary for the conclusion of the contract, and you are contractually obligated to provide your data, e.g., if you want to register as a guest or speaker for an event at our company. If you do not provide your data, the conclusion and/or execution of the contract is not possible. After the purpose has been achieved (e.g., contract processing), the personal data is blocked or deleted for further processing, unless we are authorized to further process it based on your consent (e.g., consent to processing the email address for sending electronic advertising), a contractual agreement, legal authorization (e.g., authorization for sending direct advertising), or legitimate interests (e.g., retention for enforcing claims).

The transfer of your personal data to third parties takes place if

  • it is necessary for the initiation, execution, or termination of legal transactions with our company (e.g., when transferring data to a payment service provider/shipping company to process a contract with you) (Art. 6(1)(b) GDPR), or
  • a subcontractor or vicarious agent, whom we only use in the context of providing the offers or services you requested, needs this data (such auxiliary persons are, unless expressly stated otherwise, only authorized to process the data insofar as this is necessary for the provision of the offer or service), or
  • an enforceable official order (Art. 6(1)(c) GDPR) exists, or
  • an enforceable court order exists (Art. 6(1)(c) GDPR), or
  • we are legally obligated to do so (Art. 6(1)(c) GDPR), or
  • processing is necessary to protect vital interests of the data subject or another natural person (Art. 6(1)(d) GDPR), or
  • it is necessary for the performance of a task carried out in the public interest or in the exercise of official authority (Art. 6(1)(e) GDPR), or
  • we can invoke our predominant legitimate interests or those of a third party for disclosure (Art. 6(1)(f) GDPR).

An additional transfer of your personal data to other individuals, companies, or entities does not take place unless you have effectively consented to such transfer. The legal basis for processing is then Art. 6(1)(a) GDPR. We will inform you in the context of this data protection information regarding the respective recipients concerning the specific processing operation.

Online Booking

When you want to book a hotel room on our website through our online booking system, we process your first and last name, your address, your email address, your travel dates, and the desired room category. For the initiation and conclusion of the contract, it is necessary and mandatory for you to provide personal data such as your name, address, duration of the trip, payment details, and your email address. The mandatory information required for booking and contract processing is marked separately, and additional information is provided voluntarily. We process your data to handle the booking and, for this purpose, will transmit payment data, in particular, to the payment service provider you have chosen or to our house bank. We use the booking system of BWH Hotel Group Central Europe GmbH (Frankfurter Straße 10-14, 65760 Eschborn; hereinafter referred to as “Best Western”). By using the online booking system on the website, “Best Western” receives the information necessary to process the booking (e.g., duration of the stay, reservation number, accommodation). The legal basis for the processing is Art. 6(1)(b) GDPR. Providing your data is necessary and mandatory for concluding or performing the contract. Without providing your data, the conclusion and/or performance of the contract are not possible. To prevent unauthorized access to your personal data by third parties, the booking process on the website is encrypted using SSL technology. We delete the data collected in this context after storage is no longer necessary, or we restrict processing if legal retention obligations exist. Due to mandatory commercial and tax law regulations, we are obligated to retain your address, payment, and booking data for up to ten years. Two years after the end of the contract, we restrict processing and reduce it to compliance with existing legal obligations. For more information on data processing at “Best Western,” please visit https://www.bestwestern.de/agb-datenschutz.html.

Processing of Personal Data according to § 30 Federal Registration Act (BMG)

Accommodation facilities, especially hotels, are obliged according to § 30 Federal Registration Act (BMG) to collect the following data from the guest on the day of arrival, and the guest must sign the registration form manually or confirm the electronically collected data through special authentication procedures in the sense of § 29(5) BMG:

  • Date of arrival and expected departure
  • Family names
  • First names
  • Date of birth
  • Nationalities
  • Address
  • Number of accompanying persons and their nationality in cases of § 29(2) sentence 2 and 3 BMG
  • Serial number of the recognized and valid passport or passport substitute for foreign persons
  • Additional data for the collection of tourism and spa levies

In the case of travel groups of more than 10 persons, only the personal data of the tour guide is required. The tour guide has to provide the number of accompanying persons and their nationality. We are obliged to collect, process, and pass on this data within the framework of the BMG. The legal basis for processing is Art. 6(1)(c) GDPR in conjunction with § 30(1), (4), § 29(2) to (5) BMG. You are legally obliged to provide your data as our guest. If you do not provide your data, the conclusion and/or performance of the contract in the form of accommodation are impossible. The completed registration forms must be kept by us as an accommodation facility and presented to the local regulatory authorities to fulfill their duties. We delete data processed by you 1 year and 3 months after the day of your arrival or restrict processing as soon as it is permissible under the provisions of the BMG and if there is no consent on your part according to Art. 6(1)(a) GDPR and no other legitimate interest on our part in continued processing.

Gift Shop

If you wish to purchase a voucher in our gift shop on the website, it is necessary and obligatory for the initiation and conclusion of the contract that you provide personal data, such as your first and last name, address, and email address. The mandatory information required for ordering and processing the contract is separately marked, and additional information is provided voluntarily. In the event of non-provision, the conclusion of the contract in the form of acquiring a voucher through the gift shop is not possible. Furthermore, we also process the message you may have noted during the voucher purchase, as well as any data communicated in this regard, to display them on the voucher. We process the data you provide in this context for order processing and execution. For this purpose, we will transmit payment data, in particular, to the payment service provider chosen by you or to our house bank. We use the ordering system “VoucherBooking” from the provider HotelNetSolutions (Hotel Net Solutions GmbH, Genthiner Str. 8, 10785 Berlin; hereinafter: VoucherBooking) for the gift shop to enable you an optimal ordering process. The processing of your order data takes place on VoucherBooking’s servers. The legal basis for the processing is Art. 6 (1) sentence 1 lit. b) GDPR. To prevent unauthorized access to your personal data, the ordering process on the website is encrypted with SSL technology. We delete the data collected in this context after storage is no longer necessary or restrict processing if there are legal retention obligations. Due to mandatory commercial and tax law regulations, we are obliged to keep your address, payment, and order data for up to ten years. Two years after the contract is terminated, we restrict processing and reduce it to compliance with existing legal obligations.

Email Marketing

Customer Retention Advertising

We reserve the right to use the email address provided by you in the context of booking a hotel room or registering for an event in accordance with legal regulations to send you the following content by email during or after the booking, provided you have not already objected to the processing of your email address:

  • Information about your stay and other travel-related offers from our establishment
  • Information about current special offers
  • Information about our hotel and service offerings
  • Individual guest advice and support
  • Guest satisfaction surveys following your stay/event visit
  • Overview of possible leisure activities and events at our hotel
  • Information about arrival and departure in preparation for your stay
  • Invitations to events hosted by our company If sending electronic information is necessary for the execution of the contract, the processing is based on the legal basis of Art. 6 (1) sentence 1 lit. b) GDPR. In these cases, you are contractually obliged to provide your data. If you do not provide your data, sending electronic information as part of the contract execution via email is not possible. If sending electronic information via email is not necessary for the execution of the contract (e.g., informational email), the processing of your data is based on the legal basis of Art. 6 (1) sentence 1 lit. f) GDPR. Our legitimate interests in the mentioned processing lie in increasing and optimizing our services, sending direct advertising, and ensuring guest satisfaction. We delete your data when you end the use process, but no later than three years after the contract is terminated. For sending emails, especially guest satisfaction surveys via email, we use the services of BWH Hotel Group Central Europe GmbH (Frankfurter Straße 10-14, 65760 Eschborn; hereinafter: Best Western). If you have made a booking through the online booking system, Best Western processes the personal data provided by you, especially your name, the duration of your stay, the name of the hotel, and your email address, to send you a guest satisfaction survey following your stay. The legal basis for the processing is Art. 6 (1) sentence 1 lit. f) GDPR. Our legitimate interest lies in the use of a service provider for optimization and targeted sending and administration of guest feedback. Further information, including the storage period, can be found in the data protection provisions of “Best Western” at https://www.bestwestern.de/agb-datenschutz.html. We would like to point out that you can object to receiving direct advertising and processing for the purpose of direct advertising at any time, without incurring costs other than the transmission costs according to the basic rates. In this regard, you have a general right of objection without giving reasons (Art. 21 (2) GDPR). Click on the unsubscribe link in the respective email or send us your objection to the contact details specified in the “Controller” section.

Payment Service Provider (PSP)

PayPal

On our website, we offer payment via “PayPal.” The provider of this payment service is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter: “PayPal”). To make the payment, you need to log in to your PayPal account. The payment details you provided to PayPal will be processed by PayPal for the purpose of payment processing. For more information on data processing by PayPal, please visit: https://www.paypal.com/de/webapps/mpp/ua/privacy-full. To allocate your payment, we process your delivery/billing address, email address, and the chosen payment method. We delete the data collected in this context after storage is no longer necessary, or we restrict processing if legal retention obligations exist. Due to mandatory commercial and tax regulations, we are obligated to keep your address, payment, and order data for up to ten years. Two years after the contract termination, we restrict processing and reduce it to compliance with existing legal obligations. The legal basis is Art. 6 (1) sentence 1 lit. b) GDPR. Providing your payment data is necessary and mandatory for the conclusion and execution of the contract. If you do not provide the payment data, a contract conclusion and/or execution with the payment method “PayPal” is not possible.

PayPal Plus Services without own PayPal account

If you choose the PayPal services “SEPA Direct Debit,” “Credit Card,” or “Invoice” as part of your payment, PayPal (Europe) S.àr.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter “PayPal”) processes the collected personal data for the purpose of payment processing. You do not need a PayPal account for this service. For more information on data processing at PayPal, please visit: https://www.paypal.com/de/webapps/mpp/ua/legalhub-full?locale.x=de_DE or https://www.paypal.com/de/webapps/mpp/ua/privacy-full?locale.x=de_DE We process the payment method provided in connection with your booking. We delete the data collected in this context after storage is no longer necessary, or we restrict processing if legal retention obligations exist. Due to mandatory commercial and tax regulations, we are obligated to keep your address, payment, and order data for up to ten years. Two years after the contract termination, we restrict processing and reduce it to compliance with existing legal obligations. The legal basis for processing is Art. 6 (1) sentence 1 lit. b) GDPR. Providing your payment data is necessary and mandatory for the conclusion and execution of the contract. If you do not provide the payment data, a contract conclusion and/or execution with the PayPal service you have chosen is not possible.

Credit Card Payment

For the purpose of payment processing, we provide the payment data required for credit card payment to the credit institution commissioned with the payment or, if applicable, to the payment and billing service provider we have commissioned. Processing is based on Art. 6 (1) sentence 1 lit. b) GDPR. Providing your payment data is necessary and mandatory for the conclusion and execution of the contract. If you do not provide the payment data, a contract conclusion and/or execution using credit card payment is impossible. The data required for payment processing is securely transmitted using the “SSL” procedure and processed exclusively for payment processing. We delete the data collected in this context after storage is no longer necessary, or we restrict processing if legal retention obligations exist. Due to mandatory commercial and tax regulations, we are obligated to keep your address, payment, and order data for up to ten years. Two years after the contract termination, we restrict processing and reduce it to compliance with existing legal obligations.

Purchase on Invoice

In the case of “Purchase on Invoice,” we reserve the right to transmit your data provided during the order to external companies (e.g., Association of Creditreform e.V., Hellersbergstraße 12, D-41460 Neuss) for the purpose of conducting a credit check. The legal basis for processing is Art. 6 (1) sentence 1 lit. f) GDPR. Our legitimate interests lie in fraud prevention and avoiding default risks since we make an advance payment in the case of “Purchase on Invoice.” We process the data transmitted to us by your credit institution as part of the payment processing “Purchase on Invoice” for the purpose of invoice verification. The legal basis for this processing is Art. 6 (1) sentence 1 lit. b) GDPR. Providing your payment data is necessary and mandatory for the conclusion and execution of the contract. If you do not provide the payment data, a contract conclusion and/or execution using “Purchase on Invoice” is impossible. We delete the data collected in this context after storage is no longer necessary, or we restrict processing if legal retention obligations exist. Due to mandatory commercial and tax regulations, we are obligated to keep your address, payment, and order data for up to ten years. Two years after the contract termination, we restrict processing and reduce it to compliance with existing legal obligations.

You can object to the processing if processing is based on the legal basis of Art. 6 (1) sentence 1 lit. f) GDPR. Your right to object exists for reasons arising from your particular situation. You can send us your objection via the contact details mentioned in the “Controller” section.

Legal Enforcement / Address Determination / Debt Collection

In the case of non-payment, we reserve the right to transmit the data provided during the order for the purpose of address determination and/or legal enforcement to a lawyer and/or external companies (e.g., Association of Creditreform e.V., Hellersbergstraße 12, D-41460 Neuss). The legal basis for processing is Art. 6 (1) sentence 1 lit. f) GDPR. Our legitimate interests lie in fraud prevention and avoiding default risks. Furthermore, we may disclose your data to ensure the enforcement of our rights, as well as the rights of affiliated companies, our cooperation partners, our employees, and/or users of our website if necessary. Under no circumstances will we sell or rent your data to third parties. The legal basis for processing is Art. 6 (1) sentence 1 lit. f) GDPR. We have a legitimate interest in processing for legal enforcement. We delete the data collected in this context after storage is no longer necessary, or we restrict processing if legal retention obligations exist. You can object to the processing. Your right to object exists for reasons arising from your particular situation. You can send us your objection via the contact details mentioned in the “Controller” section.

Hosting

We use external hosting services provided by Jager IT-Solutions (Hauptstraße 19, 37127 Niemetal, Germany), which serve to provide the following services: infrastructure and platform services, computing capacity, storage resources, and database services, as well as security and technical maintenance services. For these purposes, all data – including access data mentioned under the section “Use of Our Website” – that is necessary for the operation and use of our website is processed. The legal basis for processing is Art. 6(1)(f) GDPR. With the use of external hosting services, we aim to efficiently and securely provide our web offering.

You have the right to object to the processing. Your right to object exists for reasons arising from your particular situation. You can send us your objection using the contact details provided in the “Controller” section.

Integration of Third-Party Content

Third-party content, such as videos, maps, or graphics from other websites, is integrated into the website. This integration always requires that the providers of this content (“third-party providers”) perceive the IP addresses of the users. Without the IP address, they cannot send the content to the user’s browser. The IP address is, therefore, necessary for the presentation of this content. We inform you below about the services of external providers currently used on our website, as well as the respective processing in individual cases and your existing options to object or revoke.

Google Maps

This website uses the “Google Maps” service from “Google” (Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, and Google, LLC 1600 Amphitheatre Parkway Mountain View, CA 94043, USA) for the purpose of displaying maps or map sections and thus enabling you to conveniently use the map function on the website. By visiting the website, “Google” receives information that you have accessed the corresponding subpage of our website. In addition, some of the data mentioned in the “Use of Our Website” and “Cookies” sections is transmitted to “Google.” This occurs regardless of whether “Google” provides a user account through which you are logged in or whether no user account exists. If you are logged in to “Google,” your data will be directly associated with your account. If you do not wish this assignment to your profile with “Google,” you must log out before activating the button. “Google” stores your data as user profiles and processes them independently of whether there is a user account with “Google” for purposes of advertising, market research, and/or the needs-based design of its website. The legal basis for processing is your consent in accordance with Art. 6(1)(a) GDPR. “Google” also processes your data on servers in the United States. There is no adequacy decision of the European Commission for the transfer of data to the United States. The legal basis is your consent in accordance with Art. 49(1)(a) GDPR. Your data related to “Google Maps” will be deleted after thirty days at the latest. Further information on the purpose and scope of processing with “Google Maps” can be found at https://policies.google.com/privacy?hl=en.

You can revoke your consent to the processing of the respective provider at any time by moving the slider in the “Individual Privacy Settings” of the consent tool. The legality of the processing remains unaffected until the revocation is exercised.

Google Tag Manager

We use the “Google Tag Manager” from “Google” (Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, and Google, LLC 1600 Amphitheatre Parkway Mountain View, CA 94043, USA) on our website. “Google Tag Manager” is a solution that allows website tags and other elements from third-party providers to be managed through an interface.

On the one hand, when the website is called up with Google Tag Manager, an http request is sent to Google. As a result, device information and personal data such as your IP address and information about your browser settings are transmitted to Google. We use Google Tag Manager to facilitate electronic communication by passing information to third-party providers via programming interfaces, among other things. In Google Tag Manager, the respective tracking codes of third-party providers are implemented without us having to change the source code of the website ourselves. Instead, integration is done through a container that sets a so-called “placeholder” code in the source code. In addition, Google Tag Manager allows the exchange of data parameters of users in a specific order, especially by organizing and systematizing data packets. Your data is occasionally transmitted to the United States. Standard contractual clauses have been concluded with Google to ensure compliance with an adequate level of data protection. Upon request, we will provide you with a copy of the standard contractual clauses. The legal basis for processing is Art. 6(1)(f) GDPR. Our legitimate interests in processing lie in facilitating and conducting electronic communication by identifying communication endpoints, control options, and exchanging data elements in a defined order, as well as identifying transmission errors. Google Tag Manager does not initiate data storage. Further information on data protection at “Google” can be found at: http://www.google.de/intl/en/policies/privacy.

You have the right to object to processing, insofar as processing is based on the legal basis of Art. 6(1)(f) GDPR. Your right to object exists for reasons arising from your particular situation. You can send us your objection using the contact details provided in the “Controller” section.

On the other hand, the Google Tag Manager also incorporates third-party tags, such as tracking codes or counting pixels, on our website. The tool triggers other tags, which in turn collect your data; we will inform you separately about this as part of this privacy statement. Google Tag Manager itself does not perform an evaluation of the device information and personal data of users collected by the tags. Instead, your data is forwarded to the respective third-party service for the purposes mentioned in our consent management tool. We have aligned the Google Tag Manager with our consent management tool in such a way that the triggering of certain third-party services in Google Tag Manager depends on your selection in our consent management tool, so that only those third-party tags trigger data processing for which you have given consent. The use of Google Tag Manager is covered by the consent for the respective third-party service. The legal basis for processing is your consent under Art. 6(1)(a) GDPR. Your data is occasionally transmitted to the United States. The legal basis for the transfer to the United States is your consent under Art. 49(1)(a) GDPR. You can find the storage duration of your data in the following descriptions of the individual third-party services. Further information on data protection at “Google” can be found at: http://www.google.de/intl/en/policies/privacy.

You can revoke your consent to the processing of the respective provider at any time by moving the slider in the “Individual Privacy Settings” of the consent tool. The legality of the processing remains unaffected until the revocation is exercised.

Services for Statistical, Analytical, and Marketing Purposes

Additionally, we use services from third-party providers for statistical, analytical, and marketing purposes. This enables us to offer you a user-friendly and optimized experience on the website. Third-party providers utilize technologies such as cookies, pixels, browser fingerprinting, or other tracking technologies to control their services. Below, we provide information about the external services currently used on our website, the respective processing in individual cases, and your existing options for revocation.

Google Analytics

To tailor our website to user interests, we use “Google Analytics,” a web analytics service from “Google” (Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, and Google, LLC 1600 Amphitheatre Parkway Mountain View, CA 94043, USA). When using “Google Analytics,” technologies like “cookies,” “tracking pixels,” and “device fingerprinting” are employed to track specific user behaviors on websites. This includes processing information stored on users’ devices. Through the use of “tracking pixels” embedded in websites and “cookies” stored on users’ devices, “Google” processes generated information about the use of our website by users’ devices and access data for statistical analysis purposes – such as which specific website was visited, which website areas users find particularly interesting, or whether a newsletter registration has taken place. Additionally, it can be determined whether different devices belong to you or your household. Access data includes, in particular, the IP address, browser information, the previously visited website, and the date and time of the server request. “Google Analytics” is used with the “anonymizeIp()” extension, which processes IP addresses in a shortened form to make personal identification more difficult. According to Google, IP addresses are shortened within the member states of the European Union. Due to the use of the “Google Analytics” tool, users’ browsers automatically establish a direct connection with Google’s server. If users are registered with a Google service, Google can associate the visit with the user account and create and analyze cross-application user profiles. The legal basis for processing is your consent according to Art. 6(1)(a) GDPR. “Google” also processes the data in part in the United States. There is no adequacy decision of the European Commission for the transfer of data to the United States. The legal basis for the transfer to the United States is your consent according to Art. 49(1)(a) GDPR. Your data related to “Google Analytics” will be deleted after 30 days at the latest. Further information on data protection at “Google” can be found at: http://www.google.de/intl/en/policies/privacy.

You can revoke your consent to the processing of the respective provider at any time by moving the slider in the “Individual Privacy Settings” of the consent tool. The legality of the processing remains unaffected until the revocation is exercised.

Google Analytics Advertising

We also use the web analytics service “Google Analytics” with the remarketing function “Google Analytics Advertising” from Google (Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, and Google, LLC 1600 Amphitheatre Parkway Mountain View, CA 94043, USA). Google Analytics Advertising employs technologies such as “cookies,” “tracking pixels,” and “device fingerprinting” to track specific user behaviors on websites. This includes processing information stored on users’ devices. Through “tracking pixels” embedded in websites and “cookies” stored on users’ devices, Google processes generated information about the use of our website by users’ devices and access data for statistical analysis purposes – such as specific web pages being visited or a newsletter registration taking place. This is done for the purpose of displaying individualized advertisements based on this analysis. Additionally, it can be determined whether different devices belong to you or your household. With the additional function “Google Analytics Advertising,” it is possible to create audiences for specific cookies or mobile advertising IDs and later use them for re-targeted individualized advertising. Target audience criteria may include users who viewed products but did not add them to a shopping cart, or users who added items to a cart but did not complete the purchase. A target audience includes at least 100 users. Using the “Google Ads” tool, interest-based ads can then be displayed in search results. This allows users of websites to be recognized on other websites within the Google advertising network (in Google search or on “YouTube,” so-called “Google Ads,” or on other websites) and to be presented with tailored ads based on the defined target audience criteria. The ads may also relate to products and services that users have already viewed on our website. Access data includes, in particular, the IP address, browser information, the previously visited website, and the date and time of the server request. “Google Analytics” is used with the “anonymizeIp()” extension, which processes IP addresses in a shortened form to make personal identification more difficult. Due to the use of the “Google Analytics Advertising” tool, users’ browsers automatically establish a direct connection with Google’s server. If users are registered with a Google service, Google can associate the visit with the user account and create and analyze cross-application user profiles. The legal basis for processing is your consent according to Art. 6(1)(a) GDPR. “Google” also processes the data in part in the United States. There is no adequacy decision of the European Commission for the transfer of data to the United States. The legal basis for the transfer to the United States is your consent according to Art. 49(1)(a) GDPR. Your data related to “Google Analytics” will be deleted after 30 days at the latest. Further information on data protection at “Google” can be found at: http://www.google.de/intl/en/policies/privacy.

You can revoke your consent to the processing of the respective provider at any time by moving the slider in the “Individual Privacy Settings” of the consent tool. The legality of the processing remains unaffected until the revocation is exercised.

Google Ads Remarketing

We use the “Google Ads” tool with the “Dynamic Remarketing” feature from “Google” (Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, and Google, LLC 1600 Amphitheatre Parkway Mountain View, CA 94043, USA). This is a process through which we aim to address you again. With the “Dynamic Remarketing” feature, we can recognize users of our website on other websites within the “Google” advertising network (in the “Google” search or on “YouTube,” known as “Google Ads” or on other websites) and present them with personalized ads tailored to their interests. The ads may also relate to products and services you have already viewed on our website. For this purpose, user interactions on our website are analyzed, such as which offers the user has shown interest in, to display targeted advertising on other sites even after the user has visited our website. When you visit our website, a cookie is stored on your device by “Google Ads.” Using cookies, “Google” processes information generated by your device about the use of our website and interactions with our website, as well as the data mentioned in the “Use of Our Website” section, including your IP address, browser information, the previously visited website, and the date and time of the server request, for the purpose of serving personalized advertisements. For this purpose, it can also be determined whether different devices belong to you or your household. The data collected within “Google Ads” is not merged with data from other “Google” products. The legal basis for processing your data is your consent under Art. 6(1)(a) GDPR. “Google” also processes the data partially in the USA. There is no adequacy decision of the EU Commission for data transfer to the USA. The legal basis for the transfer to the USA is your consent under Art. 49(1)(a) GDPR. Your data related to “Google Ads Remarketing” will be deleted no later than 30 days. For more information on data protection and storage duration at “Google,” please visit: https://policies.google.com/privacy. You can revoke your consent to the processing of the respective provider at any time by moving the slider in the “Individual Privacy Settings” of the consent tool. The legality of the processing remains unaffected until the exercise of the revocation.

Google Ads Conversion

We use the service of “Google Ads” from “Google” (Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, and Google, LLC 1600 Amphitheatre Parkway Mountain View, CA 94043, USA) to draw attention to our attractive offers on external websites using advertising media (formerly known as “Google AdWords”). We can determine, in relation to the data of the advertising campaigns, how successful the individual advertising measures are. These advertising materials are delivered by “Google” via so-called “Ad Servers.” For this purpose, we use “Ad Server” cookies, through which specific parameters for measuring reach, such as displaying ads or clicks by users, can be measured. If you reach our website through a “Google” ad, a cookie is stored on your device by “Google Ads.” Using cookies, “Google” processes information generated by your device about interactions with our advertising materials (calling up a specific website or clicking on an advertising medium), the data mentioned in the “Use of Our Website” section, including your IP address, browser information, the previously visited website, and the date and time of the server request, for the purpose of analyzing and visualizing the reach measurement of our advertisements. For this purpose, it can also be determined whether different devices belong to you or your household. Due to the marketing tools used, your browser automatically establishes a direct connection to the server of “Google.” If you are registered with a “Google” service, “Google” can assign the visit to your account. Even if you are not registered with “Google” or are not logged in, it is possible that the provider may obtain and process your IP address. We only receive statistical evaluations from “Google” for the purpose of measuring the success of our advertising materials. The legal basis for processing your data is your consent under Art. 6(1)(a) GDPR. “Google” also processes the data partially in the USA. There is no adequacy decision of the EU Commission for data transfer to the USA. The legal basis for the transfer to the USA is your consent under Art. 49(1)(a) GDPR. Your data will be stored by “Google” in connection with “Google Ads” for a maximum of 30 days. For more information on data protection and storage duration at “Google,” please visit: https://policies.google.com/privacy. You can revoke your consent to the processing of the respective provider at any time by moving the slider in the “Individual Privacy Settings” of the consent tool. The legality of the processing remains unaffected until the exercise of the revocation.

Google AdSense

On our website, we also use the “Google AdSense” tool, an advertising service provided by “Google” (Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, and Google, LLC 1600 Amphitheatre Parkway Mountain View, CA 94043, USA), to market advertisements. When using “Google AdSense,” technologies such as “cookies,” “tracking pixels,” and “device fingerprinting” are used to track visitor traffic and user behavior on our website and display theme-specific advertisements on our website that match our content and your interests. For this purpose, information stored on users’ devices is also processed. Using the “tracking pixels” embedded in websites and the “cookies” stored on users’ devices, “Google” processes generated information about the use of our website by users’ devices and access data after each impression (i.e., whenever you see or click on an advertisement) for the purpose of cross-device statistical analysis, serving personalized advertisements, and measuring the effectiveness of an advertisement. “Google” can determine, for example, how often a specific website has been accessed and the quality of the advertising space on our website to select the appropriate ad type. For this purpose, it can also be determined whether different devices belong to you or your household. Access data includes, in particular, the IP address, browser information, the previously visited website, and the date and time of the server request. As part of the use of “Google AdSense,” your browser automatically establishes a direct connection to the server of “Google.” If users are registered with a Google service, Google can assign the visit to the user account and create and analyze user profiles across applications. The legal basis for processing is your consent according to Art. 6(1)(a) GDPR. “Google” also processes the data partially in the USA. There is no adequacy decision of the EU Commission for data transfer to the USA. The legal basis for the transfer to the USA is your consent according to Art. 49(1)(a) GDPR. Google stores your data in connection with “Google AdSense” for a maximum of 24 months. For more information on data protection at “Google,” please visit: http://www.google.de/intl/en/policies/privacy. You can revoke your consent to the processing of the respective provider at any time by moving the slider in the “Individual Privacy Settings” of the consent tool. The legality of the processing remains unaffected until the exercise of the revocation.

Copyright Ó by Spirit Legal