I. Responsible body
The responsible party for the collection, processing and use of your personal data via this internet platform is
Note on the responsible body
The responsible body for data processing on this website is:
Information pursuant to § 5 TMG:
Daimler Street 11
Phone: +49 7034 27 60
The controller of personal data is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data. The controller is also a service provider in the sense of the German Telemedia Act (TMG).
We take the protection of the privacy of visitors to this website and other company websites very seriously. We collect, process and use personal data only in accordance with the statutory provisions and in accordance with this data protection declaration.
Personal data is any data by which you can be personally identified. These individual details include, for example, your name or your contact details, such as telephone number, address and e-mail address.
With the exception of the IP address, personal data is only collected by us if you provide this data voluntarily, for example when registering on our website or using our contact form. This personal data is used to
used to identify you as a user via your e-mail address and to contact you via this.
II. What data do we collect on our website?
1. access data and log files
When you use our website for information purposes only, i.e. if you do not register or otherwise transmit information to us, we only collect data that your browser transmits to our server (so-called “server log files”). When you access our website, we collect the following data, which is technically necessary for us to display the website to you:
– IP address (if possible, this is stored anonymously).
Domain name of the website you came from
Names of the files retrieved
– Amount of data sent in bytes
– Date and time of a retrieval
– Name of your internet service provider
– as well as operating system and browser version of your terminal device, if applicable.
The processing is carried out in accordance with Art. 6 (1) lit. f DSGVO on the basis of our legitimate interest in improving the stability and functionality of our website. We process this data, but we do not store it permanently. The data is not passed on or used in any other way. However, we reserve the right to check the server log files retrospectively if there are concrete indications of illegal use.
The data is evaluated exclusively for statistical purposes. We do not create personal user profiles.
Cookies are used on our website to enable you to use certain features and to make your visit to our website as convenient and secure as possible.
A cookie is a text file that is created when you visit a website and is temporarily stored on the website user’s system. If the server of our website is called up again by the user of the website, the browser of the user of the website sends the previously received cookie back to the server. The server can evaluate the information obtained through this process. Cookies can be used, for example, to control advertising or to make it easier to navigate a website. Cookies are necessary in particular to enable the functionality of our website operation (Art. 6 para. 1 lit. f DSGVO is mentioned as the legal basis, the protection of the legitimate interests of the operator of this website -.
If the cookies are not technically necessary (they are only stored locally and are not further analysed), you will be asked whether you agree to the setting of the cookies.
3. hosting of the website
Within the framework of processing on our behalf, a third party provider based within a country of the European Union provides us with the services for hosting and displaying the website and, for this purpose, provides infrastructure services, computing capacity, storage space and database services, maintenance services and security services. In doing so, we or our hosting provider process all data that accrue in the context of the use of our website. This is inventory data, content data, contract data, usage data, meta data and communication data of customers, interested parties and visitors to our online offer.
The processing is based on our legitimate interest in an efficient and secure provision of this online offer (Art. 6 para. 1 lit. f DSGVO in conjunction with Art. 28 DSGVO).
4 What data do we collect and use when you contact us?
We process inventory data (e.g. names, addresses and contact details) that you have provided to us when contacting us (e.g. by contact form, by e-mail or by telephone) in order to fulfil contractual obligations or to respond to your enquiries in accordance with Art. 6 (1) lit. b DSGVO. Which data is collected can be seen from the respective input forms. Information that is absolutely necessary to process your enquiry is marked as mandatory fields. In the case of enquiries via our website, we store the IP address and the time of the respective user action. This is done due to our legitimate interests, as well as the interests of users in protecting against misuse and unauthorised use of your data. You can object to this at any time (right of revocation). We will not pass on this data to third parties, unless this is necessary to pursue our claims or there is a legal obligation to do so.
or if there is a legal obligation to do so in accordance with Art. 6 Para. 1 lit. c DSGVO.
We delete the data accruing in this context after the storage is no longer necessary or restrict the processing if there are legal retention obligations. We review the necessity of data storage every two years.
III. how long do we store your data?
The data we process is processed, deleted or its processing restricted by us in accordance with Art. 17 and Art. 18 DSGVO. As a matter of principle, we only store your personal data, which is generated when you use our website, for as long as this is necessary for the above-mentioned purposes. However, if the deletion conflicts with legal retention obligations, the processing of the data is only restricted, i.e. it is blocked for further use and cannot be processed for other purposes.
The following record and retention obligations are particularly relevant: 6 years according to § 57 para. 1 HGB (for commercial books, inventories, opening balances, annual financial statements, commercial letters, accounting vouchers, etc.), 10 years according to § 147 para. 1 AO (books, records, accounting vouchers, commercial and business letters, documents relevant for taxation, etc.). In addition, personal data may be retained for the period during which claims can be asserted against us (statutory limitation period of three or up to thirty years).
IV. What do we process your data for (purpose of processing) and on what legal basis?
We process the data generated by visiting our website or using the contact options offered in accordance with the provisions of the European Data Protection Regulation (DSGVO) and the Federal Data Protection Act (BDSG). There are different legal bases for this depending on the matter for which you contact us via the website. The specific legal basis for data processing depends on the context in which and the purpose for which we receive your data. As a rule, the legal basis for data processing results from the following possibilities:
Art. 6 I lit. a DSGVO serves as our legal basis for processing operations in which we obtain consent for a specific processing purpose. Consent given can be revoked at any time.
If the processing of personal data is necessary for the performance of a contract to which the data subject is a party, as is the case, for example, with processing operations that are necessary for the delivery of goods or the provision of another service or consideration, the processing is based on Article 6 I lit. b DSGVO. The same applies to processing operations that are necessary for the implementation of
pre-contractual measures, for example in the case of enquiries about our products or services.
If we are subject to a legal obligation by which the processing of personal data becomes necessary, such as for the fulfilment of tax obligations, the processing is based on Art. 6 I lit. c DSGVO.
Finally, processing operations could be based on Art. 6 I lit. f DS-GVO. Processing operations that are not covered by any of the aforementioned legal bases are based on this legal basis if the processing is necessary to protect a legitimate interest of our company or a third party, provided that the interests, fundamental rights and freedoms of the data subject are not overridden.
V. Disclosure of your personal data to third parties?
Your personal data will not be transferred to third parties for purposes other than those listed below. We only pass on your personal data to third parties if:
– you have given your express consent to this in accordance with Art. 6 Para. 1 S. 1 lit. a DSGVO,
– the disclosure is necessary in accordance with Art. 6 para. 1 p. 1 lit. f DSGVO for the assertion, exercise or defence of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data,
– in the event that there is a legal obligation to disclose your data pursuant to Art. 6 para. 1 sentence 1 lit. c DSGVO, as well as
– this is legally permissible and necessary according to Art. 6 Para. 1 S. 1 lit. b DSGVO for the processing of contractual relationships with you.
VI. Is there an obligation for me to provide data?
Within the scope of our business relationship, you only have to provide the personal data that is required for the establishment, implementation and termination of a business relationship or that we are legally obliged to collect. Without this data we will usually have to refuse the conclusion of the contract or the execution of the order.
of the order or will no longer be able to perform an existing contract and may have to terminate it.
VII. What data protection rights do I have?
You have the right
– In accordance with Art. 15 DSGVO, to request information about your personal data processed by me. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of complaint, the origin of your data if it has not been collected from me, as well as the existence of automated decision-making, including profiling, and, if applicable, meaningful information about its details;
– in accordance with Art. 16 DSGVO, to demand the immediate correction of inaccurate or incomplete personal data stored by me;
– pursuant to Art. 17 DSGVO, to request the deletion of your personal data stored by me, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the assertion, exercise or defence of legal claims;
– in accordance with Art. 18 DSGVO, to request the restriction of the processing of your personal data, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you object to its erasure and we no longer require the data, but you need it for the assertion, exercise or defence of legal claims or you have objected to the processing in accordance with Art. 21 DSGVO;
– pursuant to Art. 20 DSGVO, to receive your personal data that you have provided to me in a structured, common and machine-readable format or to request that it be transferred to another controller;
– revoke your consent given to me at any time in accordance with Art. 7 (3) DSGVO. This has the consequence that we may no longer continue the data processing based on this consent in the future; and
– pursuant to Art. 77 DSGVO, you have the right to complain to a supervisory authority, without prejudice to any other administrative or judicial remedy. As a rule, you can contact the supervisory authority of your usual place of residence or place of work or the place of the alleged infringement for this purpose if the data subject is of the opinion that the processing of personal data concerning him or her violates the EU General Data Protection Regulation (GDPR).
Right to object
If your personal data is processed on the basis of legitimate interests pursuant to Article 6 (1) sentence 1 lit. f DSGVO, you have the right to object to the processing of your personal data pursuant to Article 21 DSGVO, provided that there are grounds for doing so which arise from your particular situation or if the objection is directed against direct advertising. In the latter case, you have a general right of objection, which is implemented by us without specifying a particular situation. If you wish to make use of your right of revocation or objection, it is sufficient to send an e-mail to the e-mail address given in the imprint of our website.
Consent given can be revoked at any time. This also applies to the revocation of declarations of consent that were given to us before the applicability of the General Data Protection Regulation, i.e. before 25 May 2018.
Please note that the revocation only takes effect for the future. Processing that took place before the revocation is not affected by this.
VIII. What to note about links to other websites?
Our website/app may from time to time contain links to third party websites or to other websites of ours. If you follow a link to one of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these privacy policies before you submit any personal information to these websites.
IX. What do we do for data security?
We use the TLS (Transport Layer Security) procedure in conjunction with the highest encryption level supported by your browser. You can see whether an individual page of our website is transmitted in encrypted form by the closed key or lock symbol in the status bar of your browser.
We protect our website and other IT systems against loss, destruction, unauthorised access, unauthorised modification or unauthorised disclosure of your data by means of appropriate technical and organisational measures. However, despite all due care, complete protection against all dangers is not possible in every case.
X. Changes to this data protection declaration
We reserve the right to change this data protection declaration if the legal situation or this online offer or the type of data collection changes. However, this only applies with regard to
Declarations on data processing. If the user’s consent is required or components of the data protection declaration contain a regulation of the contractual relationship with users, the data protection declaration will only be changed with the user’s consent.
Therefore, please refer to this data protection statement whenever necessary, especially if you provide personal data.
Explanation of tools and aids used
It is often not sufficient to explain the use of a tool. Please refer to the notes at the very beginning of the document. Please also structure the text according to the tools you use. Copying all of the following text is not helpful.
We use WordPress as the editorial system for our website. WordPress uses functional (necessary) cookies to ensure the login process for editors and administrators. In particular, when attempting to log in to the WordPress administration interface, a cookie called wordpress_test_cookie is set. This cookie is used exclusively for the active session and is deleted as soon as you close the browser. The cookie is not used to evaluate users.
The reCAPTCHA component of Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”) is used to protect your communication via Internet forms. With reCAPTCHA, misuse can be reduced through automated, machine processing. reCAPTCHA transmits your IP address and possibly other data required by Google for reCAPTCHA to Google. Your input via the reCAPTCHA component is transmitted to Google and processed there. By using reCAPTCHA, you agree that your recognition of images may be used in the digitisation of old works. The IP address transmitted by your browser in connection with the use of reCAPTCHA will not be merged with any other data held by Google. For this data, the deviating
Please note that, due to the Cloud Act, American intelligence services could potentially gain access to personal data that is inevitably exchanged with Google, whose headquarters are in the USA, when this tool is integrated due to the Internet Protocol.
Please note that, due to the Cloud Act, American intelligence services could possibly gain access to personal data that is inevitably exchanged with Google, whose headquarters are in the USA, when this tool is integrated due to the Internet Protocol.
Please note that, due to the Cloud Act, American intelligence services could potentially gain access to personal data that is inevitably exchanged with Google, whose headquarters are in the USA, when this tool is integrated due to the Internet Protocol.
Handling of applicant data
We offer you the opportunity to apply for a job with us (e.g. by e-mail, post or via an online application form). In the following, we inform you about the scope, purpose and use of your personal data collected during the application process. We assure you that the collection, processing and use of your data will be carried out in accordance with applicable data protection law and all other statutory provisions and that your data will be treated in strict confidence.
Scope and purpose of data collection
When you send us an application, we process your associated personal data (e.g. contact and communication data, application documents, notes taken during interviews, etc.) insofar as this is necessary to decide on the establishment of an employment relationship. The legal basis for this is § 26 BDSG-neu under German law (initiation of an employment relationship), Art. 6 para. 1 lit. b DSGVO (general contract initiation) and – if you have given your consent – Art. 6 para. 1 lit. a DSGVO. The consent can be revoked at any time. Your personal data will only be passed on within our company to persons involved in processing your application.
If the application is successful, the data you submitted will be stored in our data processing systems on the basis of Section 26 BDSG-neu and Art. 6 (1) lit. b DSGVO for the purpose of implementing the employment relationship.
Retention period of the data
If we are unable to make you a job offer, if you reject a job offer or withdraw your application, we reserve the right to retain the data you have submitted for up to 6 months from the end of the application process (rejection or withdrawal of the application) on the basis of our legitimate interests (Art. 6 para. 1 lit. f DSGVO).
The data will then be deleted and the physical application documents destroyed. This storage serves in particular as evidence in the event of a legal dispute. If it is evident that the data will be required after the 6-month period has expired (e.g. due to an impending or pending legal dispute),
deletion will only take place when the purpose for continued storage no longer applies.
Longer storage may also take place if you have given your consent (Art. 6 para. 1 lit. a DSGVO) or if legal storage obligations prevent deletion.
Inclusion in the applicant pool
If we do not make you a job offer, it may be possible to include you in our applicant pool. If you are accepted, all documents and details from your application will be transferred to the applicant pool so that we can contact you in the event of suitable vacancies.
Inclusion in the applicant pool is based exclusively on your express consent (Art. 6 para. 1 lit. a DSGVO). The provision of consent is voluntary and is not related to the current application process. The person concerned can revoke his/her consent at any time. In this case, the data from the applicant pool will be irrevocably deleted, unless there are legal reasons for retention.
The data from the applicant pool will be irrevocably deleted no later than two years after consent has been given.
7. our social media appearances
Data processing through social networks
We maintain publicly accessible profiles on social networks. The social networks used by us in detail can be found below.
Social networks such as Facebook, Google+ etc. can generally comprehensively analyse your user behaviour when you visit their website or a website with integrated social media content (e.g. like buttons or advertising banners). By visiting our social media presences, numerous data protection-relevant processing operations are triggered. In detail:
If you are logged into your social media account and visit our social media presence, the operator of the social media portal can assign this visit to your user account. However, your personal data may also be collected under certain circumstances if you are not logged in or do not have an account with the respective social media portal. In this case, this data collection takes place, for example, via cookies that are stored on your end device or by recording your IP address.
With the help of the data collected in this way, the operators of the social media portals can create user profiles in which your preferences and interests are stored. In this way, interest-based advertising can be displayed to you inside and outside the respective social media presence. Provided you have an account with the respective social network, the interest-based advertising may be displayed on all devices on which you are or were logged in.
Our social media presences are intended to ensure the most comprehensive possible presence on the Internet. This is a legitimate interest within the meaning of Art. 6 (1) lit. f DSGVO. The analysis processes initiated by the social networks are based, where applicable, on deviating legal bases to be indicated by the operators of the social networks (e.g. consent within the meaning of Art. 6 para. 1 lit. a DSGVO).
Responsible party and assertion of rights
If you visit one of our social media sites (e.g. Facebook), we are jointly responsible with the operator of the social media platform for the data processing operations triggered during this visit. In principle, you can assert your rights (information, correction, deletion, restriction of processing, data portability and complaint) both vis-à-vis us and vis-à-vis the operator of the respective social media portal (e.g. vis-à-vis Facebook).
Please note that despite the joint responsibility with the social media portal operators, we do not have full influence on the data processing procedures of the social media portals. Our options are largely determined by the corporate policy of the respective provider.
The data collected directly by us via the social media presence will be deleted from our systems as soon as the purpose for storing it no longer applies, you request us to delete it, revoke your consent to store it or the purpose for storing the data no longer applies. Stored cookies remain on your end device until you delete them. Mandatory legal provisions – in particular retention periods – remain unaffected.
Social networks in detail
We have a profile on Facebook. The provider is Facebook Inc, 1 Hacker Way, Menlo Park, California 94025, USA. Facebook has certification under the EU-US Privacy Shield.
We have concluded an agreement with Facebook on joint responsibility for the processing of data (Controller Addendum). This agreement defines the data processing operations for which we or Facebook are responsible when you visit our Facebook fan page. You can view this agreement under the following link: https://www.facebook.com/legal/terms/page_controller_addendum.
You can adjust your advertising settings yourself in your user account. To do so, click on the following link and log in: https://www.facebook.com/settings?tab=ads.
8. online booking
Use of the online booking tool DIRS21 of TourOnline AG.
Our online presence uses the online booking tool DIRS21 (hereinafter “OBT”) of the company
73249 Wernau, Germany (www.dirs21.de, hereinafter “TOAG”).
Within the framework of OBT, TOAG processes the data as the responsible party.
The information and provisions on data protection can be found in TOAG’s data protection declaration on OBT, which you can call up at any time from OBT or view at www.dirs21.de/datenschutz.
Processing of data (customer and contract data)
We collect, process and use personal data only to the extent that it is necessary for the establishment, content or amendment of the legal relationship (inventory data). This is done on the basis of Art. 6 (1) lit. b DSGVO, which permits the processing of data for the fulfilment of a contract or pre-contractual measures. We collect, process and use personal data about the use of our Internet pages (usage data) only insofar as this is necessary to enable the user to use the service or to bill the user.
The collected customer data is deleted after completion of the order or termination of the business relationship. Statutory retention periods remain unaffected.
Data transfer upon conclusion of a contract for services and digital content
We only transmit personal data to third parties if this is necessary within the framework of the contract processing, for example to the credit institution commissioned with the payment processing.
Further transmission of data does not take place or only if you have expressly consented to the transmission. Your data will not be passed on to third parties without your express consent, for example for advertising purposes.
The basis for data processing is Art. 6 para. 1 lit. b DSGVO, which permits the processing of data for the fulfilment of a contract or pre-contractual measures.